PRESS STATEMENT - 10.07.2018

Today, Parliament regrettably missed an opportunity to establish mandatory security requirements for connected products such as smart watches, baby monitors or smart locks. This is the outcome of a vote in its industry (ITRE) committee.

Consumers in Europe are exposed to a string of unsecure connected products^[1]. These range from hackable security cameras, door locks and heating thermostats in people’s homes, to the possibility for strangers to easily tap into connected toys and smart watches for children.

Consumer groups had urged the EU to ensure that the upcoming Cybersecurity Act would plug this gaping hole in EU legislation to finally protect the security of our lives and homes.

Yet, despite the immense threat to consumers and society as a whole because of unsecure connected products, the European Commission, Member States and (as of today) Parliament are content with only a voluntary scheme that will not appropriately protect consumers’ privacy, security or safety.

Monique Goyens, Director General of BEUC, commented:

“Connected products without proper security are popping up across our continent, paving the way for the next big cybersecurity crisis. This is why consumer groups have long called on the European institutions to legislate for mandatory cybersecurity requirements, such as security updates, strong passwords or encryption for smart watches, connected cars and smart fridges.

“There are rules to make our cars safe. There are rules to make our food safe. But there are no rules to make connected products safe and secure. It is very disappointing that the EU institutions still seem to underestimate the dimension of the problem and are unwilling to address it by mandating security by design and default.”

ENDS