Siemens, Ericsson, Schneider Electric, and industry group DigitalEurope have expressed concerns over proposed EU rules aimed at addressing cybersecurity risks of smart devices. The companies, in a joint letter to European Union industry chief Thierry Breton and EU digital chief Vera Jourova, warned that the proposed regulations could lead to disruptions in supply chains on a scale comparable to the impact of the pandemic. The Cyber Resilience Act, which was proposed by the European Commission last year, requires manufacturers to evaluate the cybersecurity risks of their products and take corrective actions for a period of five years or throughout the expected lifespan of the devices.
The proposed rules would also apply to importers and distributors of internet-connected devices. The CEOs argued that the current legislation may create bottlenecks that could hinder the single market, causing delays in the supply of numerous products such as washing machines, toys, cybersecurity products, heat pumps, cooling machines, and high-tech manufacturing components. The companies cited a potential shortage of independent experts to carry out the necessary assessments and increased bureaucracy as reasons for potential disruptions.
The CEOs emphasized that these disruptions could result in a COVID-style blockage of European supply chains, which would harm competitiveness and disrupt the single market. They urged for a reduction in the list of higher-risk products subject to the rule and suggested that manufacturers should have the flexibility to address known vulnerability risks instead of being required to conduct assessments first. The letter was signed by additional industry leaders, including the CEOs of Nokia, Robert Bosch GmbH, and Slovakian software company ESET. The letter was sent before the upcoming negotiations between EU countries and lawmakers on November 8, as they aim to finalize the details of the draft law before its adoption.
