EU to Force IoT, Wireless Device Makers to Improve Security

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices.

In an amendment to the EU’s 2014 Radio Equipment Directive (RED), the European Commission noted that as wireless devices, from mobile phones to fitness trackers to smart watches, become increasingly embedded into everyday consumer and business life, they also become a greater security risk.

The goal of the amendment – called a “delegated act” – is to ensure that all wireless devices are safe before they are sold in the EU. Manufacturers will be required to adhere to the new cybersecurity safeguards when designing and producing these products. In addition, the amendment also will ensure greater privacy of personal data, prevent financial fraud, and improve resilience in European communications networks, according to EU officials.

“Cyberthreats evolve fast,” Thierry Breton, commissioner for the Internal Market, said in a statement. “They are increasingly complex and adaptable. With the requirements we are introducing today, we will greatly improve the security of a broad range of products, and strengthen our resilience against cyberthreats, in line with our digital ambitions in Europe.”

The U.S. has made some strides on IoT security at the federal level; it remains to be seen if the EU initiative will spur the U.S. to greater action or result in a general improvement in device security.

Common EU Security Standards

It’s also part of a larger EU effort to create a comprehensive set of common cybersecurity standards for products and services that come into the European market, Breton said.

That said, it will take a while for the market to see the results of the amendment, which was announced in late October. It will need the approval of the European Council and European Parliament and then undergo a two-month period of review and scrutiny. Once in place, manufacturers will have 30 months to begin meeting the new legal requirements, giving them until mid-2024 to bring the devices into compliance.

The amendment addresses the ongoing concern about security at a time when the use of wireless devices and the IoT…