Cybersecurity of connected devices – Council adopts conclusions

Connected devices, including machines, sensors and networks that make up the Internet of Things (IoT), will play a key role in further shaping Europe’s digital future, and so will their security.

The Council today approved conclusions that acknowledge the increased use of consumer products and industrial devices connected to the internet and the related new risks for privacy, information security and cybersecurity. The conclusions set out priorities to address this crucial issue, and to boost the global competitiveness of the EU’s IoT industry by ensuring the highest standards of resilience, safety and security.

The conclusions underline the importance of assessing the need for horizontal legislation in the long term to address all relevant aspects of the cybersecurity of connected devices, such as availability, integrity and confidentiality. This would include specifying the necessary conditions for placement on the market.

Cybersecurity certification as defined under the Cybersecurity Act will be essential for raising the level of security within the digital single market. The EU Agency for Cybersecurity ENISA is already working on cybersecurity certification schemes, and the conclusions invite the Commission to consider a request for candidate cybersecurity certification schemes for connected devices and related services.

The Council adopted the conclusions by written procedure.