There will be minimum requirements for the digital security of devices connected to the Internet - the so-called Internet-of-Things (IoT). Products that do not meet these will be banned from the entire EU market from mid-2024. In Europe, the Dutch cabinet has been firmly committed to the European measures announced today to actively protect consumers and businesses from cyber attacks.
The new rules apply to all wireless communicating devices connected to the Internet such as routers, security cameras, smart thermostats, refrigerators, lights and doorbells. The ban on unsafe devices also applies to products such as toys and baby monitors: even if they communicate only within a home network. There are now an estimated 35 billion IoT devices worldwide.
Such smart devices will soon no longer be allowed to be equipped with weak, default passwords: a consumer must first set a strong password himself before commissioning. Products must also support software updates, be tested for security vulnerabilities, shield stored personal and financial data, and allow consumers to manage and delete that data, among other things.
Minister Stef Blok (Economic Affairs and Climate): "Cybersecurity is too often a closing item for manufacturers and importers of wireless devices. At the same time, we see that precisely these insecure products are an ideal gateway for criminals to capture personal or banking data. Or to take over the controls, allowing a device to be used for a hacking attack on other consumers or companies. Therefore, it is essential that the IoT is secure and can be used with confidence. This does not happen automatically. Basic security requirements for products on the European market are a first step, but it remains important as consumers and businesses to also protect yourself digitally."
Many devices today still use poorly secured connections and default settings that are not secure. Performing an update is often cumbersome. This allows personal data or even passwords to be viewed and controls to be taken over. This makes devices vulnerable to infections and unwanted access. Criminals can also gain access to corporate networks via consumers working from home.
The government has previously issued a directive via the Roadmap Digitally Secure Hardware and Software proposed possible measures including basic security requirements. These have now been largely adopted in the decision under the European Radio Equipment Directive announced today . This decision concerns a regulation on which the EU Council of Ministers and the European Parliament can still give an opinion.
The Netherlands continues to advocate in the EU for the introduction of standards and certification of digital services, products and software to raise the cyber security of the digital economy broadly to a higher level.
Use IoT devices, but do it consciously
Users of IoT devices can do a lot themselves to make their devices less vulnerable to unwanted access and cyber attacks. As a consumer or business, perform regular updates, choose a strong password, share as little information with the device as possible and do not unnecessarily connect the device to a home or business network. Many devices do not even need to be constantly connected to the Internet for use.
