...
...
Next Story

Siemens, Ericsson warn EU rules on cyber seucrity risks may hit supply chains

Cybersecurity worries have spiked following a series of high-profile incidents of hackers damaging businesses and demanding huge ransoms.

Published on: Nov 07, 2023 11:05 AM IST
Advertisement

Electronics makers Siemens, Ericsson and Schneider Electric, along with industry group DigitalEurope warned on Monday that onerous proposed EU rules targeting cybersecurity risks of smart devices could disrupt supply chains on a scale similar to during the pandemic.

Siemens logo is pictured at a building of the manufacturing plant of Siemens Healthineers in Forchheim near Nuremberg, Germany.
Siemens logo is pictured at a building of the manufacturing plant of Siemens Healthineers in Forchheim near Nuremberg, Germany.

Proposed by the European Commission last year, the Cyber Resilience Act requires manufacturers to assess the cybersecurity risks of their products and take measures to fix problems for a period of five years or through the expected lifetime of the products.

The proposed rules would also apply to importers and distributors of internet-connected devices. Cybersecurity worries have spiked following a series of high-profile incidents of hackers damaging businesses and demanding huge ransoms.

ALSO READ: Nations sign declaration on AI in UK; recognise some risks as ‘catastrophic’

"The law as it stands risks creating bottlenecks that will disrupt the single market," the chief executives of the companies wrote in a joint letter to European Union industry chief Thierry Breton and EU digital chief Vera Jourova.

"We risk creating a COVID-style blockage in European supply chains, disrupting the single market and harming our competitiveness," the companies said.

Other signatories to the letter include the CEOs of Nokia, Robert Bosch GmbH and Slovakian software company ESET.

The companies said the list of higher-risk products subject to the rule should be significantly scaled back and that manufacturers should be allowed to fix known vulnerability risks rather than first conducting assessments.

They also want more flexibility to self-assess cybersecurity risks.

The letter comes ahead of Nov. 8 negotiations between EU countries and EU lawmakers to thrash out the details of the draft law before it can be adopted.

 
SHARE THIS ARTICLE ON