Placed on – 7 December 2022

New EU Cybersecurity Act: IoT

The legislation will help to enforce common cybersecurity standards and reassure consumers that the internet connected “things” they buy are secured.
EU Cybersecurity Act

The drafting of legislation like the European Cyber Resilience Act (CRA) —imposing better cybersecurity requirements to manufacturers of connected devices, products and services— was long overdue. The legislation will help to enforce common cybersecurity standards and reassure consumers that the internet connected “things” they buy are secured to, at least, the required level of the European market.  

“It is crucial for the EU to reap all the benefits of the digital age and to strengthen its industry and innovation capacity, within safe and ethical boundaries.” 

The EU Cybersecurity Act and IoT consumers 

For more than 30 years, the Internet of Things (IoT) has been one of the main drivers of the Digital Transformation. IoT has completely changed industries and has helped businesses find new models to stand out and succeed in today’s markets. Still, with all the benefits that come with having connected products or digitalizing businesses, poorly choosing your company’s IoT partner or products comes with significant risk.  

When everything is connected, a cybersecurity breach can lead to significant economic costs as it can affect entire systems and disrupt activities. In that sense, through its objectives, the proposed CRA legislation aims for consumers to:  

  1. Have access to more secure and less vulnerable hardware and software products.  
  2. Have sufficient understanding about security information and properties of the connected products they buy and use. 
  3. Know that manufacturers are held accountable for the security of the connected products and software from the design phase and throughout the entire lifecycle. 

What to keep an eye on? 

Keeping IoT systems and connected products secure is an ongoing task. In that sense, you need to make sure that your IoT solutions provider prioritizes security, invests in it and works on it regularly and continuously.  

When evaluating which IoT partner to trust with the creation of your company’s IoT solution, make sure to ask questions. For example: 

  • Do they create IoT products that are prepared not only for the security requirements of today but also for tomorrow?  
  • What engineering techniques and good practices are followed?  
  • Do they automate and standardize as many steps as possible to decrease the chances of human error?  
  • Do they secure every component in the system in more than one way?  
  • Do they have cybersecurity knowledge in-house?  

And, in their answers, take notice of the following key words and practices:  

  • Routine risk assessments. 
  • Implementation of several layers for every risk mitigation.  
  • Penetration tests.  
  • Continuous monitoring of the system.  
  •  Over-the-air (OTA) updating.  
  • Secure Elements and individual encryptions per device.  
  • Designing systems from the ground-up (no bolt-on engineering).  

“An IoT solution is only secure if each one of its components is.” 

EVALAN’s approach 

At EVALAN we regard security as essential, which is why we put extra development time, extra testing and extra investment into it. Our security by design strategy has a comprehensive approach that requires us to incorporate multiple policies and best practices from initial stages, across the entire system and throughout its lifecycle. 

Furthermore, knowing how challenging it is for clients to have to deal with diverse vendors with different expertise to get one IoT solution, EVALAN decided to focus in developing solutions that are centered on the most critical link in the IoT chain. This allows us to ensure the highest security for our clients, while providing them with only one vendor to deal with and a single point of ownership when they need support.  

Finally, since all our IoT solutions are built with security in mind, our clients will always have the possibility to scale as their company grows, without introducing vulnerabilities to the IoT system.  

Where is the CRA now? 

Currently, the CRA is being reviewed by the European Parliament and the Council for subsequent adoption. Once adopted, all Member States must approve its requirements within two years. In that sense, all manufacturers of products with “digital elements” that are interested in selling their products in the European market must be prepared to comply with the CRA.  

Share this article

Our success cases

Evodos – IoT remote monitoring solution

Vitens – Leak Detection System

More Blogs

Energy & WaterIndustry

Dynamic Load Balancing for Optimization and Peak Shaving

Exceeding contract limits used to result in an automatic increase of the agreed peak power. In the age of grid congestion it can lead to contract termination and law suits.
Energy & WaterIndustry

Announcing BACE Panel for Rapid Deployment of Assets in an IoT Platform

BACE Panel has been updated with new tools such as a library of Modbus Templates. You can also store your own Templates, to make onboarding your own assets even faster.
Energy & WaterIndustry

Breaking Down your Energy Consumption with Sub-Metering

Sub-metering delivers essential information that is needed to meet ESG objectives and comply with new regulations, such as the CSRD.
Energy & WaterIndustry

IT and OT – Focus on Bridging the Gap

BACE was developed to bridge the gap between IT and OT. What does that mean and why is this relevant for you?

Remote Monitoring and Control in today’s Data-Driven World

Test your Remote Monitoring or Remote Control Use Case with a few simple steps. Benefit from years of IoT experience and eliminate the need for in-house IoT development.

IoT and the Hype Cycle – how are we doing with that?

Gartner’s Hype Cycle illustrates the journey of new technologies. Where is IoT in this cycle?

"We solve problems with IoT solutions to give your business a competitive advantage."