Cybersecurity is currently a hot topic right now. Several new directives and regulations will come into force in the coming years, but many companies are completely unaware of the upcoming tightening of EU legislation. This is despite the fact that it will improve data protection, prevent fraud and protect communication networks.
In the European Union (EU), businesses will soon face increasingly stringent requirements in terms of cybersecurity. Businesses in affected sectors will therefore need to have increased cyber protection for their operations and can prepare themselves by familiarizing themselves with the new laws. For manufacturers of products containing wireless devices, it is high time to have them updated to meet the new requirements.
Wireless devices may become illegal to sell
NIS2, as a directive, is already in force in the EU, but the Union countries have been given a transition period to get all the pieces in place Location - NIS2 will be fully implemented on 18 October 2024. One of the first and most significant changes is the introduction of the Radio Equipment Directive on 1 August 2024. This directive covers devices with wireless radio communication, which also includes ordinary wireless headsets. After this date, it will be illegal to sell most of the current wireless IoT devices in the EU - as long as they do not comply with the new requirements of the Directive. To continue selling such devices in the EU, manufacturers will have to renew the CE marking according to the new EU directives.
The new requirements aim, among other things, to protect communication networks, improve data protection for users, and prevent fraud and intrusions on network-connected devices. The new requirements apply to equipment that directly or indirectly connects to the internet - from mobile phones, network equipment and toys to smart watches. In the future, these devices must also have features that protect personal data and privacy, for example.
Critical sectors face increased cybersecurity requirements
The Network and Information Security (NIS2) Directive is expected to enter into force by the end of 2024. This directive has expanded the list of critical sectors subject to cybersecurity requirements. The directive affects the processes, policies and strategies of both public authorities and companies regarding cyber and information security. The NIS2 Directive will affect our Swedish legislation on these issues and the law will be binding.
It is the EU's goal that all organizations performing essential societal functions will be covered by NIS2. This means, for example, that sectors such as food production, waste management, electrical equipment manufacturing, the chemical industry and ICT services will be affected. Pharmaceutical and medical device manufacturers will also be affected.
Theoretically, NIS2 will apply primarily to medium and large companies, as they will be required to implement information security management systems. In practice, many small businesses will also be affected as larger companies will require their subcontractors to have proper cybersecurity processes in place Location.
Toughest requirement applies to all products with a digital dimension
An even more significant change is the Cyber Resilience Act (CRA), which is expected to be introduced sometime in 2025-2026. This act will cover all products that have a digital element - as most electronic and software components do today. Thus, to meet the new requirements for CE marking in the field of cybersecurity, the responsibility is shifted to manufacturers who must ensure that products, consisting of digital components, placed on the EU market comply with the new security requirements against cyber threats.
Take the bull by the horns and avoid sales interruptions
It is therefore important for companies to be aware of these upcoming changes in EU rules and act in good time. Do not ignore the new requirements, as the sale of non-approved products can become illegal and quickly lead to serious consequences.
Here you go - here is a brief summary
- The Radio Equipment Directive enters into force on August 1, 2024.
- The new requirements cover all equipment with wireless radio communications.
- Equipment sold in the EU must meet the new requirements.
- The aim is to generally improve EU data protection and prevent cyber threats.
Now make sure that you and your organization ensure that you are on top of this. Stay safe and secure. Today. Tomorrow. And on and on. And you, if you need help, we have an expert one click, one email or one call away.