This article aims to cast light on how the fast-evolving European cybersecurity regulatory framework would impact the Internet of Things (IoT) domain. The legal analysis investigates whether and to what extent existing and proposed sectoral EU legislation addresses the manifold challenges in securing IoT and its supply chain. It firstly takes into account the Cybersecurity Act, being the most recent and relevant EU legal act covering ICT products and cybersecurity services. Then, EU product legislation is scrutinised. The analysis focuses on the delegated act recently adopted by the Commission under the Radio Equipment Directive (RED), strengthening wireless devices’ cybersecurity, the Medical Devices Regulation, the Proposal for a General Product Safety Regulation and the Proposal for a Machinery Regulation. Lastly, the proposal for a revised Network and Information Systems Directive (NIS2) is assessed in terms of its potential impact on the field of IoT cybersecurity. Against this backdrop, the article concludes by advocating the need for a separate horizontal legislation on cybersecurity for connected products. To avoid fragmentation of the EU’s Single Market, a horizontal legal act should be based on the principles of the New Legislative Framework, with ex-ante and ex-post cybersecurity requirements for all IoT sectors and products categories.

Chiara, P.G. (2022). The IoT and the new EU cybersecurity regulatory landscape. INTERNATIONAL REVIEW OF LAW, COMPUTERS & TECHNOLOGY, 36(2), 118-137 [10.1080/13600869.2022.2060468].

The IoT and the new EU cybersecurity regulatory landscape

Chiara, Pier Giorgio
2022

Abstract

This article aims to cast light on how the fast-evolving European cybersecurity regulatory framework would impact the Internet of Things (IoT) domain. The legal analysis investigates whether and to what extent existing and proposed sectoral EU legislation addresses the manifold challenges in securing IoT and its supply chain. It firstly takes into account the Cybersecurity Act, being the most recent and relevant EU legal act covering ICT products and cybersecurity services. Then, EU product legislation is scrutinised. The analysis focuses on the delegated act recently adopted by the Commission under the Radio Equipment Directive (RED), strengthening wireless devices’ cybersecurity, the Medical Devices Regulation, the Proposal for a General Product Safety Regulation and the Proposal for a Machinery Regulation. Lastly, the proposal for a revised Network and Information Systems Directive (NIS2) is assessed in terms of its potential impact on the field of IoT cybersecurity. Against this backdrop, the article concludes by advocating the need for a separate horizontal legislation on cybersecurity for connected products. To avoid fragmentation of the EU’s Single Market, a horizontal legal act should be based on the principles of the New Legislative Framework, with ex-ante and ex-post cybersecurity requirements for all IoT sectors and products categories.
2022
Chiara, P.G. (2022). The IoT and the new EU cybersecurity regulatory landscape. INTERNATIONAL REVIEW OF LAW, COMPUTERS & TECHNOLOGY, 36(2), 118-137 [10.1080/13600869.2022.2060468].
Chiara, Pier Giorgio
File in questo prodotto:
File Dimensione Formato  
The IoT and the new EU cybersecurity regulatory landscape.pdf

accesso aperto

Descrizione: Articolo in rivista
Tipo: Versione (PDF) editoriale
Licenza: Licenza per Accesso Aperto. Creative Commons Attribuzione (CCBY)
Dimensione 1.75 MB
Formato Adobe PDF
1.75 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/884533
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 14
  • ???jsp.display-item.citation.isi??? ND
social impact