BRUSSELS (Reuters) - EU countries and EU lawmakers on Thursday agreed to rules to protect laptops, fridges, mobile apps and smart devices connected to the internet from cyber threats following a spate of such attacks and ransom demands in recent years around the world.
Proposed by the European Commission in September last year, the Cyber Resilience Act will apply to all products connected either directly or indirectly to another device or to a network.
It sets out cybersecurity requirements for the design, development, production and the sale of hardware and software products.
Manufacturers will have to assess the cybersecurity risks of their products, provide declarations of conformity and take appropriate action to fix problems during the expected lifetime of the product or for a period of at least five years.
They must be more transparent on the security of hardware and software products for consumers and business users, and report cyber incidents to national authorities. Importers and distributors will have to verify that products conform with EU rules.
"Connected devices need a basic level of cybersecurity when sold in the EU, ensuring that businesses and consumers are properly protected against cyber threats," Jose Luis Escriva, Spanish minister of digital transformation said in a statement.
The Commission has said the cybersecurity rules could save companies as much as 290 billion euros ($316 billion) annually versus compliance costs of about 29 billion euros.