Siemens, Ericsson, and Schneider Electric concerned over EU Cyber Resilience Act

Siemens, Ericsson, Schneider Electric, and the industry group DigitalEurope have jointly cautioned that stringent proposed EU regulations aimed at addressing cybersecurity concerns in smart devices could potentially disrupt supply chains to a magnitude akin to challenges faced during the pandemic.

Introduced by the European Commission last year, the Cyber Resilience Act mandates that manufacturers assess the cybersecurity risks of their products and rectify any issues within a span of five years or throughout the expected product lifespan.

These regulations would also extend to importers and distributors of internet-connected devices, reflecting heightened concerns about cybersecurity following notable incidents of hackers causing harm to businesses and demanding substantial ransoms.

In a collective letter addressed to European Union industry chief Thierry Breton and EU digital chief Vera Jourova, the CEOs of these companies expressed apprehensions that the existing legislation could lead to bottlenecks that disrupt the single market.

The letter has garnered support from additional signatories, including the CEOs of Nokia, Robert Bosch GmbH, and the Slovakian software company ESET.

The companies argue that the range of products classified as high-risk and subject to the rule should be significantly reduced. They also advocate for the ability to address known vulnerability risks without requiring prior assessments and seek greater flexibility in self-assessing cybersecurity risks.

These concerns are raised as negotiations scheduled for November 8 approach, during which EU member states and lawmakers will work to finalize the details of the draft law before its potential adoption.