EU enforces new cybersecurity rules for smart devices

New EU rules aimed at improving the security of connected devices have officially taken effect. The Cyber Resilience Act requires manufacturers to provide ongoing security support, including software updates to address vulnerabilities. Compliance deadlines are set for December 11, 2027. The legislation targets a wide range of smart devices, including wearables and internet-connected appliances. It mandates cybersecurity measures throughout the product lifecycle and applies to distributors and retailers as well. Certain products, like medical devices and cars, are exempt. Devices meeting the new standards can display the EU's CE mark, indicating compliance. Penalties for non-compliance can reach up to 2.5% of a company's global annual turnover, with oversight by member state authorities.