However, the proposed regulation for smart devices need amending to avoid stifling innovation with high compliance costs

The European Union’s has proposed Cyber Resilience Act, a broad cybersecurity regulation for smart devices introduced by the European Commission introduced today.

While ‘a strong start’, the Center for Data Innovation’s senior policy analyst Kir Nuthi, thinks the new laws need amending.

The Cyber Resilience Act addresses gaps in the EU’s existing regulatory framework to improve cybersecurity in connected devices.

”The EU has an opportunity to play a critical role in bolstering cybersecurity practices internationally as threats continue to grow and evolve,” said Nuthi.

”The Cyber Resilience Act could be a vital next step toward building the Digital Single Market by harmonising cybersecurity practices across the EU.

”Unfortunately, pursuing a horizontal framework that applies to a broad scope of digital products and non-embedded software could be a misstep.

”Such overbroad rules could impose high compliance costs and could prove too inflexible to evolve with technological advancements.

“Tailored amendments that minimise the compliance burden and incentivise continued innovation in cybersecurity will help promote cybersecurity standards and advancements for decades to come.

”An adjusted Cyber Resilience Act will ensure that future-focused, objective-oriented, and technology-neutral regulation remains the focus.”

”An approach that acknowledges sectoral differences in cybersecurity needs and regulates each sector most efficiently can minimise compliance costs and effectively tackle cybersecurity risks.”