The cybersecurity of wireless devices placed on the European market, including that of mobile phones, smartwatches, fitness trackers and wireless toys, is set to improve. The increasing popularity of the use of such equipment by consumers coupled with the growing risk of cyber threats, prompted the European Commission to adopt rules which seek to ensure the cyber safety of such devices.
A regulatory framework for radio equipment sold on the European market has been in place since 2014. Such a legislative framework makes provision for the regulation of aspects such as the health and safety, and interoperability of such equipment, among others. The newly-adopted legislative measure now specifically targets the enhancement of the cybersecurity of such equipment.
Manufacturers of wireless devices seeking to penetrate the European market must now consider new legal requirements for cybersecurity safeguards in the design and production of their products. These requirements apply to certain categories of wireless devices that use radio technology, including smartphones, tablets and other products capable of communicating over the internet, toys and childcare equipment such as baby monitors, as well as a range of wearable equipment such as smartwatches or fitness trackers.
The objective of the commission in enacting this legislative measure may be said to be three-fold: that of ensuring that such equipment will incorporate features to avoid its misuse to harm communication networks; features to guarantee the prevention of unauthorised access or transmission of personal data and to safeguard privacy; as well as features to minimise the risk of fraud when the equipment is used to make electronic payments.
The legislative provision for safeguards to eliminate as much as possible cybersecurity risks is surely a welcome step in the right direction for consumers
The legislative measure formulates the essential requirements imposed on manufacturers in general terms in that the manufacturer is free to choose any specific technical solution, provided that the aforementioned objectives are attained. In the meantime, the commission is actively seeking to ensure that harmonised standards are developed with which the technical solutions adopted by manufacturers can comply.
Manufacturers also have a choice as to the conformity assessment procedure to adopt before placing their products on the market. They can either perform a self-assessment, when their product has been designed in accordance with any available harmonised standards or rely on a third-party assessment performed by an independent inspection body, irrespective of whether a harmonised standard was adhered to.
Old devices, which have already been placed on the EU market, can continue to be used without the need for specific adaptations until the end of their life cycle.
National market surveillance authorities must ensure compliance of such products with the new requirements. Member states will also take corrective measures in case unsecure products are found on the market.
The European Parliament and Council now have two months to scrutinise the measure enacted by the commission. If no objection is raised, the measure will come into force and manufacturers will have a transitional period of 30 months to start complying with the new legal requirements.
Wireless devices have become a key part of the everyday life of adults and children alike. Such devices access our personal information and make use of communication networks. The legislative provision for safeguards to eliminate as much as possible cybersecurity risks is surely a welcome step in the right direction for consumers.