A trio of electronics manufacturers and a digital technology trade association this week expressed concerns about the proposed E.U. cybersecurity measures in the Cyber Resilience Act aimed at bolstering the security of smart devices.
The Cyber Resilience Act, put forward by the European Commission last year, introduces new liability regulations for cybersecurity incidents. It places requirements on manufacturers and distributors to assess and mitigate cybersecurity risks in a wide range of products, including desktop computers, smartphones, and Internet of Things (IoT) devices.
Under the proposed law, they’re expected to conduct assessments and address vulnerabilities for a minimum of five years and up to the expected lifetime of the products. Companies that fail to comply face losing up to $15 million or 2.5% of their total global turnover.
Siemens, Ericsson, Schneider Electric, and the industry group DigitalEurope, wrote a joint letter to the E.U. industry chief Thierry Breton and the bloc’s digital chief, Vera Jourova, arguing that the move could potentially cause disruptions in the consumer electronics supply chains in a similar way to pandemic-induced supply issues. The CEOs of Slovakian software company ESET, Nokia, and Robert Bosch GmbH have also signed the letter in support.
“The law as it stands risks creating bottlenecks that will disrupt the single market,” the chief executives of the companies wrote ahead of scheduled negotiations on the proposed law. “We risk creating a COVID-style blockage in European supply chains, disrupting the single market and harming our competitiveness.”
A key concern, according to these companies, is a potential lack of independent experts to carry out the necessary cybersecurity evaluations. This shortage could lead to substantial delays in meeting the requirements laid out in the Act, they explained.
“Given the CRA’s wide scope and a lack of capacity, we face a situation where secure products cannot be placed on the market and will be blocked for EU customers. Europe cannot currently offer so many conformity assessments,” the signatories warned. “This will have a huge effect on the wider supply chains, as many of these components are crucial inputs for the European economy and the green transition.”
They argue that lawmakers should take another look at the list of high-risk products covered by the Act and reduce the number of items on it. The electronics manufacturers also push for more leeway in tackling known vulnerabilities in their products.