Abstract :
[en] This article aims to cast light on how the fast-evolving European
cybersecurity regulatory framework would impact the Internet of
Things (IoT) domain. The legal analysis investigates whether and
to what extent existing and proposed sectoral EU legislation
addresses the manifold challenges in securing IoT and its supply
chain. It firstly takes into account the Cybersecurity Act, being the
most recent and relevant EU legal act covering ICT products and
cybersecurity services. Then, EU product legislation is scrutinised.
The analysis focuses on the delegated act recently adopted by
the Commission under the Radio Equipment Directive (RED),
strengthening wireless devices’ cybersecurity, the Medical Devices
Regulation, the Proposal for a General Product Safety Regulation
and the Proposal for a Machinery Regulation. Lastly, the proposal
for a revised Network and Information Systems Directive (NIS2) is
assessed in terms of its potential impact on the field of IoT
cybersecurity. Against this backdrop, the article concludes by
advocating the need for a separate horizontal legislation on
cybersecurity for connected products. To avoid fragmentation of
the EU’s Single Market, a horizontal legal act should be based on
the principles of the New Legislative Framework, with ex-ante
and ex-post cybersecurity requirements for all IoT sectors and
products categories.
Scopus citations®
without self-citations
9
