The EU cybersecurity rules could have a serious impact on supply chains. Check what experts say. (AP)

Cybersecurity Rules Could Disrupt Supply Chains: Siemens and Ericsson Sound the Alarm!

Sanjay PatilNovember 7, 23 cybersecurity

Siemens, Ericsson, Schneider Electric, and industry association DigitalEurope have cautioned that stringent EU regulations aimed at addressing cybersecurity threats in smart devices could potentially disrupt supply chains to a degree comparable to the disruptions witnessed during the pandemic.

The Cyber Resilience Act, proposed by the European Commission last year, obliges manufacturers to assess the cyber security risks of their products and take measures to correct the problems for a period of five years or for the expected useful life of the products.

The proposed rules would also apply to importers and distributors of devices connected to the Internet. Concerns about cyber security have been raised following a series of high-profile hacking incidents that have damaged businesses and demanded huge ransoms.

“The law in its current form threatens to create bottlenecks that disrupt the single market,” the companies’ CEOs wrote in a joint letter to European Union Industry Director Thierry Breton and EU Digital Director Vera Jourova.

They said the disruptions could affect millions of products, from washing machines to toys, cybersecurity products and critical components in heat pumps, refrigeration machines and high-tech manufacturing. The delays could be due to a lack of independent experts to make assessments and red tape, the companies said.

“We risk creating a COVID-style blockage in European supply chains, disrupting the internal market and damaging our competitiveness,” the companies said.

Other signatories of the letter are the CEOs of Nokia, Robert Bosch GmbH and the Slovak software company ESET.

The companies said the list of at-risk products covered by the rule should be significantly reduced, and manufacturers should be allowed to fix known vulnerability risks instead of conducting assessments first.

They also want more flexibility to self-assess cybersecurity risks.

The letter comes before the November 8 negotiations between EU countries and EU legislators, the purpose of which is to clarify the details of the bill before it is approved.

One more thing! ReturnByte is now on WhatsApp channels! Click here to join so that you never miss any updates from the world of technology.