Mobile phones, smartwatches, fitness monitors, toys and childcare equipment, wireless toys, all that are part of the daily lives of Europeans, EU citizens, will now be controlled by new, stricter rules, because Cyber threats, which can be transmitted through such wireless systems, pose an increasing risk to every consumer.
The delegated act, issued by the European Commission last week, aims to ensure that all wireless devices are secure before they go on sale in the EU market. The Commission act sets out new legal requirements for cybersecurity safeguards, which manufacturers should take into account when designing and producing the products concerned.
SEE ALSO: The tricks of fraudsters with cards and ATMs
The protection of children's rights will be an essential element of this legislation. For example, manufacturers should implement new measures to prevent unauthorized access to or transmission of personal data.
Unwanted notification of a user's location (via portable and portable devices) or radio equipment at a specific location (home, second home, workplace) may reveal the presence of a known or unknown person. Unauthorized access to information that could determine the absence of a home or location is also a concern (eg this information could be useful to those seeking to commit burglary). For example, pull-push information from a smart electricity or water meter may reveal the absence of a homeowner for an extended period.
Smart devices, smart cameras, and a host of other connected radio equipment, such as cell phones, laptops, dongles, alarm systems, and home automation systems, are also examples of equipment that is at risk of being compromised and exposed to life-threatening privacy. , when connected to the internet. In addition, wearable radio equipment (eg rings, bracelets, pocket clips, headphones, fitness trackers, etc.) can monitor and record a lot of sensitive user data over time (e.g. location, temperature, blood pressure, heart rate) and re-transmit them, not only via the Internet but also through unsafe short-range communication technologies.
The package of measures promoted by the Commission also aims to reduce the risk of financial fraud. Wireless devices should include features to minimize the risk of fraudulent electronic payments. For example, they should ensure better authentication of the user to avoid fraudulent payments.
Manufacturers, when performing conformity assessment procedures before placing their products on the EU market, will have a choice between two options: Performing a self-assessment, whether their product has been designed in accordance with harmonized standards. Rely on a third party assessment carried out by an independent inspection body, regardless of whether or not a harmonized standard has been used.
It is important to note that the European Commission Delegated Act applies not only to European industry, but also to any manufacturer intending to place a product on the EU market.
Which equipment will the legislation apply to?
. Devices capable of communicating via the Internet: Examples of such equipment include electronic devices, such as smartphones, tablets, electronic cameras. telecommunications equipment, as well as equipment that constitutes the “internet of things”. Due to insufficient security, such devices run the risk of improperly accessing and sharing personal data of third parties, including for fraudulent purposes, or causing damage to the network.
Και Childcare toys and equipment: Baby toys and monitoring devices may be vulnerable to cyber security threats that monitor or collect information about children. Therefore, the protection of the rights of the child is an essential element of this legislation.
Ara Wearables: Devices like smartwatches and fitness trackers are increasingly present in our lives and collect biometric data.
The delegated act of the EU will enter into force after a two-month review period, provided that the Council and Parliament do not object. Once effective, manufacturers will have a 30-month transition period to begin complying with the new legal requirements. This will give the industry enough time to adjust the relevant products before the new requirements take effect, around mid-2024.
Where will the new measures help?
• Improving network resilience: Wireless devices and wireless products should incorporate some features to avoid damaging communications networks and prevent devices from being used to disrupt the functionality of websites or other services.
• Better protection of consumers' privacy: Wireless devices and wireless products should have features that guarantee the protection of personal data. The protection of children's rights will be an essential element of this legislation. For example, manufacturers should implement new measures to prevent unauthorized access to or transmission of personal data.
• Reduce the risk of financial fraud: Wireless devices and wireless products should include features to minimize the risk of fraud when making electronic payments. For example, they should ensure better authentication of the user to avoid fraudulent payments.
What will be the role of the Member States?
The delegated act, which will take the form of a regulation, will enter into force immediately (once its approval process has been completed) in all Member States, without the need for transposition into national law.
Member States are responsible for market surveillance. In accordance with the Radio Equipment Directive, each Member State has set up a national market surveillance authority, which ensures that only safe and compliant products are placed on the market. These national market surveillance authorities should also ensure that all these products comply with the new requirements. Market Surveillance Authorities may, for example, require information from economic operators, take restrictive measures such as sales bans or revocations, or impose sanctions. Market surveillance authorities across the EU exchange information and work together in a dedicated network coordinated by the Commission.
What will happen to the old devices and which products are excluded
The Commission 's delegated act will apply to all devices placed on the market as soon as it enters into force. Older devices already on the EU market can continue to be used without the need for specific adjustments until the end of their life cycle.
Wireless devices have become a staple of citizens' lives. They have access to our personal information and use the communication networks. The COVID pandemic has dramatically increased the use of radio equipment for business or personal purposes. In recent years, studies by the Commission and various national authorities have identified an increasing number of wireless devices that pose cyber security risks. These studies have, for example, highlighted the risk of toys spying on children's actions or conversations; of unencrypted personal data stored on our devices, including payment-related items, and from equipment that can misuse network resources and, therefore, reduce their capacity.
– The legislative act lists product categories that are exempt from the application of some or all of the essential requirements. Motor vehicles, electronic toll systems, equipment for remote control of unmanned aircraft and non-aircraft special radio equipment that can be installed on aircraft are exempt from the requirements relating to the protection of personal data and protection against fraud. In addition, none of the requirements apply to medical devices and in vitro medical devices. The cybersecurity of these product categories is ensured by existing EU specific legislation.