The European Commission adopts an act to strengthen the cybersecurity of wireless products

The European Commission adopted the delegated act to the Radio Equipment Directive. This act details new legal requirements for cybersecurity safeguards, which manufacturers will consider when producing wireless devices such as mobile phones, smart watches, fitness trackers, and wireless toys. The new measures aim to: (1) Improve network resilience by incorporating features to avoid harming communication networks and prevent the possibility that devices are used to disrupt; (2) Protect consumers’ privacy by containing features that guarantee the protection of personal data (including the protection of children’s rights). And (3) Reduce the risk of monetary fraud by using features to minimise the risk of fraud when making electronic payments. The delegated act will be complemented by a Cyber Resilience Act, which would cover more products and focus on their life cycle. The delegated act will come into force following a two-month scrutiny period, should the Council and Parliament not raise any objections. Following the entry into force, manufacturers will have a transition period of 30 months to start complying with the new legal requirements. This will provide the industry with sufficient time to adapt relevant products before the new conditions become applicable, expected as of mid-2024. The Commission will also support the manufacturers to comply with the new requirements by asking the European Standardisation Organisations to develop relevant standards. Alternatively, manufacturers will also be able to prove the conformity of their products by ensuring their assessment by relevant notified bodies.