Share this article on:
Breaking news and updates daily. Subscribe to our Newsletter
New proposed European Union regulations for targeting cyber security risks are being warned against by major international companies, saying that they could choke supply chains at the same level the COVID-19 pandemic did.
The Cyber Resilience Act, which the European Commission proposed in 2022, if passed, would require manufacturers of internet-connected devices, as well as their importers and distributors, to screen their products for cyber security risks and continue to mediate issues as they arise for a five-year period.
Several major multinational conglomerates – Siemens, Ericsson, and Schneider Electric – have responded to the proposed legislation, with the companies writing a joint letter saying it could constrict supply chains.
“The law as it stands risks creating bottlenecks that will disrupt the single market,” the companies jointly told EU digital chief Vera Jourova and industry chief Thierry Breton.
"We risk creating a COVID-style blockage in European supply chains, disrupting the single market and harming our competitiveness.”
Other major organisations have signed the letter, with CEOs of Nokia, Robert Bosch GmbH, and ESET being signatories.
The letter continued, saying that the supply chain issues would be a result of wait times for products to be assessed, due to a shortage of viable experts and delays from paperwork and other legal hurdles.
It added that the supply chain issues could affect a wide range of products, including white goods, toys, cyber security products, as well as parts for vital machinery, such as heat pumps and cooling machines.
As a ripost to the initial proposal, the companies believe that those with known vulnerabilities should be allowed to fix them rather than needing another assessment and that the list of high-risk products affected by the new legislation should be shortened.
It also believes that companies should be able to self-assess.
Negotiations between EU nations and lawmakers are set to commence on 8 November, when the exact details of the legislation will be decided.
Comments powered by CComment