European Council publishes its conclusions about connected devices

The European Council (EC) announced its conclusions about connected devices. According to the conclusions, the EC recognises the increased use of Internet of things (IoT) devices for personal and industrial needs, their role in shaping Europe’s digital future, and the risks these developments pose for privacy, information security, and cybersecurity. Therefore, the conclusions outline priorities on how to address the issue while taking into consideration the rise in the EU’s IoT industry activity. The EC acknowledged the legal developments made so far at the EU level, which addressed short-term cybersecurity issues (e.g., acts under the New Legislative Framework and particularly Directive 2014/53/EU – Radio Equipment Directive), and emphasised the importance of assessing the need for horizontal legislation for the long-term, in all matters related to cybersecurity and connected devices. The EC encourages future discussion in the topic to explore the scope of such legislation and its links with the cybersecurity certification framework as defined under the Cybersecurity Act (CSA). According to the conclusions, the EU Agency for Cybersecurity (ENISA) is already working on cybersecurity certification schemes, and the conclusions invite the European Commission to consider a request for candidate cybersecurity certification schemes for connected devices.