As the adoption of connected devices has grown, so too have vulnerabilities to cyber threats
Connected devices must better respect and protect users' privacy: On 25 August 2022, the Swiss regulator OFCOM (known locally as BAKOM) announced measures to strengthen the cybersecurity of certain wireless devices. New provisions contained within OFCOM’s Ordinance on Telecommunications Installations (TIO) will apply to various internet-enabled devices, including smartphones, smartwatches, fitness trackers and toys. The requirements set out in the revised TIO came into force on 1 September 2022, with the changes intended to: better protect users' privacy and personal data; minimise the risk of financial losses from fraud; and improve the resilience of communications networks. Manufacturers that design and produce devices or products affected by the new obligations have until 1 August 2024 to ensure compliance.
The protection of children is a focus of the new rules: OFCOM’s stricter privacy safeguards will require that all wireless devices and products capable of communicating over the internet will need to include features that ensure the protection of personal data, especially where children are concerned. As such, manufacturers must take steps to prevent unauthorised access to or transmission of personal data by internet-connected devices such as toys, baby monitors and other childcare-related equipment, as well as by wearable technology. The revised TIO also targets fraud, requiring devices that can make electronic payments (e.g. smartphones) include features to minimise the risk of fraud – for example, ensuring better user control over authentication. In addition, OFCOM is looking to enhance the resilience of communications networks, which means manufacturers must ensure their wireless devices and products do not cause interference or disrupt the functioning of websites or other services.
Effective cybersecurity relies on a suite of regulations: With the TIO’s new provisions, Swiss legislation will be brought into line with that of the EU. In October 2021, the European Commission announced changes to the Radio Equipment Directive to strengthen cybersecurity safeguards, with a 30-month compliance period. EU and Swiss authorities are now developing harmonised standards to facilitate conformity assessments of Swiss products and their acceptance into the EU market. Adoption of wireless devices has grown at pace in recent years, whether for professional or personal purposes. However, this popularity has also amplified vulnerabilities to cyber threats, including the risk of espionage or data breaches. With effective cybersecurity dependent on various different rules and requirements, the forthcoming Cyber Resilience Act (expected to be unveiled during the next State of the Union Address) will bolster protections in the EU, with common standards for digital products and services.
