Security Requirements for Connected Consumer Products
Poorly secured toys and smartwatches for children: Is current legislation adequate to restrict their market access, and how may this be regulated going forwards?
2021-01, Christiane Hunsbedt
Omslag CompLex 2021-01
This paper examines the ability of current EU product safety law to address risks of “security-for-safety”, i.e., where security weaknesses can lead to physical safety impacts. Product safety legislation holds the advantage of mechanisms to restrict products’ market access. The applicability of these rules for security risks has been subject to discussions and diverging national administrative practice over the last few years. This paper seeks to provide some clarity on the current remit of relevant directives and on what criteria their scopes rely. Central factors for the relevance of “security-for-safety” risks regard the physicality of impacts and the causality between the product and the harm. It will be argued that certain risks relying on intentional actions fit under the analysed directives. However, for risks where the causal link between the product vulnerability and the physical impact is weak, there is currently a legal gap. This points towards a need for regulatory updates. The paper therefore proceeds to discuss three proposed regulatory approaches to product security. Considering strengths and shortcomings of these approaches, the paper leans towards addressing current regulatory gaps and needs under a new, holistic cybersecurity law.
Les hele utgivelsen CompLex 2021-01 (pdf)