The general public has less than a week left to comment on the European Union’s plans to introduce new regulation obligating consumer IoT device makers to take responsibility for online security issues, data protection, fraud prevention, and privacy.
The draft regulations for internet-connected radio equipment and wearable radio equipment are open for public comment until August 27. The resulting laws will apply across the region from the end of 2021, according to the EU Commission. The new regulations are pitched as a way to help with the Internet of Things devices security.
Where they apply
The regulations will apply to other internet-connected gadgets in current use today, including some laptops, baby monitors, smart appliances, smart cameras, a ‘number of other radio equipment,’ alarm systems, dongles, home automation systems, and more.
The objective of the initiative, according to the explanation in the draft, is to contribute to strengthening the ecosystem of trust stemming from synergies of all related pieces of EU law concerning the protection of networks and privacy against fraud.
The initiative will ensure that the bloc only has sufficiently secure radio equipment.
The Netherlands’ FME association has raised public concerns about the scope of the draft regulations. Specifically, they ponder about the feasibility of post-market responsibility for cybersecurity.
The association said that if there is a low-risk exploitable vulnerability, at what level can the manufacturer not release or delay a patch, and what documentation is required to show that this risk assessment was conducted with this outcome of a very low-risk vulnerability?
While some holes can be picked in the draft regulations, cheap internet-connected devices pose a real risk to the wider internet because of how exploitable they tend to be.