Cybersecurity of consumer products against the background of the EU model of cyberspace protection

Abstract

Abstract The entry into force of Regulation 2019/881 heralded a new stage in the construction of the EU cybersecurity model. At present, at the level of both EU institutions and individual Member States, preparatory work is underway to create the first ICT certification programmes relating to the area of cybersecurity. To date, the role of national competition and consumer protection authorities in helping to build a coherent cybersecurity model has not been sufficiently highlighted. The problem of the cybersecurity of products intended for the consumer market is a pressing issue. Furthermore, its significance is growing due in no small part to the increasing number of so-called smart connected consumer products and the mass expansion of the IoT market. As a result, threats to security or privacy increasingly stem not from cyberattacks on leading providers of online services but from the exploitation of vulnerabilities in commonly-used consumer products. This article aims to discuss the possible role of competition and consumer protection authorities in shaping a future model of EU cybersecurity. We discuss the existing mechanisms in EU law that allow supervisory authorities to shape the consumer product safety market and consider whether these measures can also be considered adequate for cybersecurity purposes. Particular attention is paid to identifying what legislative steps would be necessary to effectively synthesize the new EU cybersecurity regulations (including the planned cybersecurity certification framework) with existing consumer product safety laws.