Insights European Commission publishes proposals to strengthen cybersecurity of wireless devices and products

The Commission has published a Delegated Regulation under the Radio Equipment Directive (2014/53/EU) to make sure that all wireless devices are safe before being sold on the EU market. The instrument provides for cybersecurity safeguards that manufacturers will have to take into account in the design and production of relevant products. The Commission says that the proposed Regulation will also protect citizens’ privacy and personal data, prevent the risks of monetary fraud, and ensure better resilience of communication networks.

The measures proposed cover wireless devices, such as mobile phones, tablets and other products capable of communicating over the internet, as well as toys and childcare equipment, such as baby monitors, and a range of wearable equipment such as smart watches or fitness trackers.

The Commission says that the new measures will help to:

  • improve network resilience: wireless devices and products will have to incorporate features to avoid harming communication networks and prevent devices being used to disrupt website or other services;
  • better protect consumers’ privacy: wireless devices and products will need to have features to guarantee the protection of personal data; protection of children’s rights will also be an essential element of the legislation; manufacturers will have to implement new measures to prevent unauthorised access or transmission of personal data; and
  • reduce the risk of monetary fraud: wireless devices and products will have to include features to minimise the risk of fraud when making electronic payments, e.g., they will need to ensure better authentication control by the user in order to avoid fraudulent payments.

The Delegated Regulation will be complemented by a Cyber Resilience Act, which will aim to cover more products, looking at their whole life cycle.

The Delegated Regulation will come into force following a two-month scrutiny period, should the Council and Parliament not raise any objections. Following entry into force, manufacturers will have a transition period of 30 months to start complying with the new legal requirements. This will provide the industry with sufficient time to adapt relevant products before the new requirements become applicable, which is expected to be mid-2024.

The Commission says that it will also support manufacturers to comply with the new requirements by asking the European Standardisation Organisations to develop relevant standards. Alternatively, manufacturers will be able to prove the conformity of their products by ensuring their assessment by relevant notified bodies. To read the Commission’s press release in full and for a link to the proposed Regulation, click here.