EU cybersecurity strategy paves the way for much needed rules to better secure connected products
PRESS RELEASE - 16.12.2020
BEUC welcomes the European Commission’s plans to explore options for a new cybersecurity law in its cybersecurity strategy, published today. Such a long awaited law could ensure that producers of connected products have to respect a number of minimum security requirements.
EU-wide rules to better protect consumers’ connected products are sorely needed as investigations by our member organisations, national consumer groups, have revealed for many years. Last year again, BEUC’s Danish member Forbrugerrådet Tænk uncovered security flaws in smart door bells, creating risks of break-ins.  Test Achats/Test Aankoop from Belgium installed 19 popular smart home devices (a smart fridge, alarm system, door lock, etc.) and challenged two ethical hackers to find security vulnerabilities. They found problems with more than half the products.  This lack of cybersecurity in connected products puts consumers at serious risk. It is also a danger for society in general as cyberattacks can lead to major disruption of essential infrastructure.
The Commission has also published proposals to update the EU law on the security of network and information systems. BEUC welcomes the review as it could address several shortcomings such as weak rules on notifying consumers when a cyberattack has occurred and the inconsistent application of the current law across the bloc.
Monique Goyens, Director General of the European Consumer Organisation (BEUC), commented:
“Connected devices are hitting the shelves and finding a way into our homes in ever increasing numbers, but many of them are poorly secured or lack even the most basic security features. As a consequence, consumers face serious risks such as break-ins if their smart door lock is hacked. It is crucial that consumer products and services are better secured. It’s good to see that the Commission is considering a cybersecurity law to address this problem. We strongly encourage the Commission to quickly propose legislation to ensure the cybersecurity of connected products in the EU.”