Siemens, Ericsson warn EU rules on cyber seucrity risks may hit supply chains

Electronics makers Siemens, Ericsson and Schneider Electric, along with industry group DigitalEurope warned on Monday that onerous proposed EU rules targeting cybersecurity risks of smart devices could disrupt supply chains on a scale similar to during the pandemic.

Siemens logo is pictured at a building of the manufacturing plant of Siemens Healthineers in Forchheim near Nuremberg, Germany.

Proposed by the European Commission last year, the Cyber Resilience Act requires manufacturers to assess the cybersecurity risks of their products and take measures to fix problems for a period of five years or through the expected lifetime of the products.

The proposed rules would also apply to importers and distributors of internet-connected devices. Cybersecurity worries have spiked following a series of high-profile incidents of hackers damaging businesses and demanding huge ransoms.

ALSO READ: Nations sign declaration on AI in UK; recognise some risks as ‘catastrophic’

“The law as it stands risks creating bottlenecks that will disrupt the single market,” the chief executives of the companies wrote in a joint letter to European Union industry chief Thierry Breton and EU digital chief Vera Jourova.

They said disruptions could hit millions of products, ranging from washing machines to toys, cybersecurity products, as well as vital components for heat pumps, cooling machines and high-tech manufacturing. Delays may be due to a shortage of independent experts to conduct the assessments and red tape, the companies said.

‘Allow manufacturers to fix known vulnerability risks’

“We risk creating a COVID-style blockage in European supply chains, disrupting the single market and harming our competitiveness,” the companies said.

Other signatories to the letter include the CEOs of Nokia, Robert Bosch GmbH and Slovakian software company ESET.

The companies said the list of higher-risk products subject to the rule should be significantly scaled back and that manufacturers should be allowed to fix known vulnerability risks rather than first conducting assessments.

They also want more flexibility to self-assess cybersecurity risks.

The letter comes ahead of Nov. 8 negotiations between EU countries and EU lawmakers to thrash out the details of the draft law before it can be adopted.

“Exciting news! Hindustan Times is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest news!” Click here!

Leave a Comment