BRUSSELS, Sept 8 (Reuters) - Smart devices connected to the
internet such as fridges and TVs will have to comply with tough
European Union cybersecurity rules or risk being fined or banned
from the bloc, according to a European Commission document seen
by Reuters on Thursday.
Concerns about cybersecurity attacks have mounted in recent
years following high-profile incidents of hackers damaging
businesses and demanding huge ransoms.
The EU executive will announce its proposal known as the
Cyber Resilience Act on Sept. 13. It is likely to become law
following input from EU countries.
The rules could cut the cost of cyber incidents to companies
by as much as 290 billion euros ($289.8 billion) annually versus
compliance costs of about 29 billion euros, the paper said.
Manufacturers will have to assess the cybersecurity risks of
their products and take appropriate procedures to fix problems,
the document said.
The companies will have to notify EU cybersecurity agency
ENISA of incidents within 24 hours once they are aware of
issues, and take measures to tackle the problems.
Importers and distributors will be required to verify that
products conform with EU rules.
If companies do not comply, national surveillance
authorities can "prohibit or restrict that product being made
available on its national market, to withdraw it from that
market or recall it", the paper said.
Flouting the rules can cost companies fines as much as 15
million euros or up to 2.5% of their total global turnover,
whichever is higher, with lower fines for less serious breaches.
($1 = 1.0008 euros)
(Reporting by Foo Yun Chee; Editing by Josie Kao)