The European Commission wants to impose tough rules on connected objects such as “smart” fridges or virtual assistants to ensure companies guarantee better defences against cyberattacks, according to draft EU legislation unveiled on Thursday.
“Computers, phones, household appliances, virtual assistance devices, cars, toys… each and every one of these hundreds of millions connected products is a potential entry point for a cyberattack,” said Internal Market Commissioner Thierry Breton.
“And yet, today, most hardware and software products are not subject to any cybersecurity requirements,” he added.
The draft regulation will be negotiated over several months by MEPs and the bloc’s 27 member states.
Under its proposed rules, products and software that make up the so-called “internet of things” would only be allowed on the European market if they met the EU’s security criteria.
The text also proposes an obligation for transparency on possible flaws or incidents and a certification that basic requirements of cyber safety have been met.
Companies will risk fines of up to 15 million euros ($15 million) or 2.5 percent of their turnover if infringements are found.
According to the proposal, member states would be responsible for the proper application of the rules and would be empowered to pull products from the market.
The commission hopes to make this new legislation an international reference beyond Europe, repeating the success of the “CE” labelling system that affirms a good’s conformity with European health and safety standards.
The annual cost of cybercrime was estimated at 5.5 trillion euros worldwide in 2021, according to the EU executive.