Electronics firms warn EU cyber rules may disrupt supply chains

(Reuters) — Electronics makers Siemens, Ericsson and Schneider Electric, along with industry group DigitalEurope warned Monday that proposed EU rules targeting cybersecurity risks of smart devices could disrupt supply chains on a scale similar to during the pandemic.

Proposed by the European Commission last year, the Cyber Resilience Act requires manufacturers to assess the cybersecurity risks of their products and take measures to fix problems for a period of five years or through the expected lifetime of the products.

The proposed rules would also apply to importers and distributors of internet-connected devices.

“The law as it stands risks creating bottlenecks that will disrupt the single market,” the CEOs of the companies wrote in a joint letter to European Union industry chief Thierry Breton and EU digital chief Vera Jourova.

They said disruptions could hit cybersecurity products, as well as vital components for heat pumps, cooling machines and high-tech manufacturing. Delays may be due to a shortage of independent experts to conduct assessments and red tape, the companies said.

“We risk creating a COVID-style blockage in European supply chains, disrupting the single market and harming our competitiveness,” the companies said.

Other signatories to the letter include the CEOs of Nokia, Robert Bosch GmbH and Slovakian software company ESET.

The companies said the list of products subject to the rule should be significantly scaled back and that manufacturers should be allowed to fix known vulnerability risks rather than first conducting assessments.

They also want more flexibility to self-assess cybersecurity risks.

The letter comes ahead of negotiations Thursday between EU countries and EU lawmakers to thrash out the details of the draft law before it can be adopted.