Siemens and Ericsson warn that EU cybersecurity rules may disrupt supply chains. Industry group DigitalEurope and electronics companies Siemens (SIEGn.DE), Ericsson (ERICb.ST), and Schneider Electric (SCHN.PA) have warned that strict new rules in the EU that are meant to protect smart devices from cyber threats could cause supply chains to be disrupted in a way similar to the pandemic.
The Cyber Resilience Act, proposed by the European Commission last year, mandates that product makers evaluate the cybersecurity risks associated with their goods and implement corrective action plans for a five-year term, or the anticipated lifetime of the product.
Additionally, importers and distributors of internet-connected products would be subject to the proposed regulations. Cybersecurity concerns have increased due to many high-profile events where hackers have caused damage to organizations and demanded large ransoms.
In a joint letter to EU digital director Vera Jourova and EU industry leader Thierry Breton, the CEOs of the firms stated that “the law as it stands risks creating bottlenecks that will disrupt the single market.”
According to them, interruptions may affect millions of products, including toys, washing machines, cybersecurity items, and essential parts for air conditioners, heat pumps, and high-tech manufacturing. The corporations stated that red tape and a lack of impartial professionals to do the evaluations might cause delays.
“We risk creating a COVID-style blockage in European supply chains, disrupting the single market, and harming our competitiveness,” the businesses stated.
The CEOs of Robert Bosch GmbH, Nokia, and the Slovakian software business ESET are among the other signatories to the letter.
The companies said that producers should not have to do evaluations beforehand. Still, they should be able to fix known problems with vulnerability, and the list of high-risk items that the law covers should be significantly reduced.
They also desire greater freedom in evaluating cybersecurity threats on their own.
The letter is sent in advance of talks between EU member states and legislators on November 8th, during which the specifics of the draft law must be worked out before it can be approved.
