[TheRecord] EU to adopt new cybersecurity rules for smartphones, wireless, IoT devices

The European Commission has ordered an update to the Radio Equipment Directive in order to introduce new cybersecurity guidelines for radio and wireless equipment sold on the EU market, such as mobile phones, tablets, fitness trackers, and other smart IoT devices.

The new standards, which are currently scheduled to enter into effect by mid-2024, were adopted following a delegated act to the Radio Equipment Directive (RED), a piece of 2014 EU legislation that acts as the regulatory framework that equipment vendors must follow in order to sell electronic equipment on the EU market.

The delegated act, which is a bureaucratic mechanism used by the European Commission to tell EU bodies to update legislation, lists three new security measures that device makers must incorporate in the design of their products in order to be allowed to sell products in the EU. These include:

Improve network resilience: Wireless devices and products will have to incorporate features to avoid harming communication networks and prevent the possibility that the devices are used to disrupt website or other services functionality.Better protect consumers’ privacy: Wireless devices and products will need to have features to guarantee the protection of personal data. The protection of children’s rights will become an essential element of this legislation. For instance, manufacturers will have to implement new measures to prevent unauthorised access or transmission of personal data.Reduce the risk of monetary fraud: Wireless devices and products will have to include features to minimise the risk of fraud when making electronic payments. For example, they will need to ensure better authentication control of the user in order to avoid fraudulent payments.

New standards expected to enter into effect by mid-2024

“The delegated act will come into force following a two-month scrutiny period, should the Council and Parliament not raise any objections,” the European Commission said on Friday, explaining the next steps in the regulatory process of updating the RED.

“Following the entry into force, manufacturers will have a transition period of 30 months to start complying with the new legal requirements. This will provide the industry with sufficient time to adapt relevant products before the new requirements become applicable, expected as of mid-2024,” it added.

As part of this process, the Commission said it would also ask the European Standardisation Organisations to develop new standards that incorporate the new RED measures, so vendors have a firm grasp of what is expected from them.

While the new measures are pretty vague, the EU will most likely use this RED update to force equipment vendors to ship devices with unique passwords instead of one-for-all default passwords, devices that use encrypted communications, or devices that encrypt local data, something that EU authorities have suggested in the past.

The post EU to adopt new cybersecurity rules for smartphones, wireless, IoT devices appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] EU, Mideast Nations Look to Train at Cyprus Security Center

All posts, Security Week

Three European Union member nations and three Middle Eastern countries are looking to train personnel in border, customs, maritime and cybersecurity techniques at a cutting-edge U.S.-funded facility in Cyprus that is expected to be ready early next year, the Cypriot foreign minister said Thursday. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] Nine Critical and High-Severity Vulnerabilities Patched in SAP Products

All posts, Security Week

German enterprise software giant SAP has released 19 new and updated security notes, including for nine new vulnerabilities that have been rated critical or high severity. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Crisis management and incident management in the digital era

All posts, ZDNet

When it comes to crisis and incident management in the cloud/digital era, hope is not a strategy! Source: Read More (Latest topics for ZDNet in Security)

Read More