Question for written answer E-000539/2024
to the Commission
Rule 138
Kosma Złotowski (ECR)
The Estonian Foreign Intelligence Service VLA has published a report[1] highlighting the risks posed to Europeans by the Chinese technology flooding our market, including electric cars and robot vacuum cleaners that use Lidar systems to scan their surroundings. The Estonian service stressed that Chinese data collection devices do not delete non-essential data but send it to China. This allows Beijing not only to work on the development of artificial intelligence, but also to gather intelligence and information that could be used, for example, for scams or cyberattacks.
- According to the authors of the report, China is seeking to reach a point where integrated technological solutions cannot be replaced by Western technology due to incompatibility and interconnectedness. Does the Commission also recognise this threat and, if so, does it intend to counter Chinese dominance of the European IoT technology market, for example by implementing a system of incentives for consumers and the public and private sector to buy equipment created and manufactured in the EU?
- Does the Commission intend to take any action to address the risks posed by competitively priced Chinese electronics, for example through a Europe-wide education campaign or consumer guidance to minimise the risk of abuse and cyberattacks?
- In the Commission’s view, do the existing regulations ensure that EU consumers have the maximum possible level of safety when using IoT devices, especially those designed and manufactured in third countries?
Submitted:20.2.2024
Source – EU Parliament
[1] https://raport.valisluureamet.ee/2024/en/6-china/6-3-the-advance-of-chinese-technology/
Answer given by Mr Breton on behalf of the European Commission
26.6.2024
The upcoming Cyber Resilience Act[1] requires manufacturers of products with digital elements to comply with essential cybersecurity requirements for their products as a condition for placing them on the EU internal market, regardless of the place of establishment or origin of the manufacturer or the place of manufacturing of the product.
As part of these requirements, manufacturers must conduct thorough assessments of the cybersecurity risks associated with the products with digital elements and are also required to ensure security support for the time the product is expected to be in use.
Once the Act is implemented, consumers and users will have more information when choosing a product with digital elements and clearer instructions about the product’s use, which will result in fewer security risks and incidents and in better protection of fundamental rights.
Users of Internet of Things (IoT) objects in the EU are protected under different pieces of legislation, including regarding the data generated by such objects.
Notably, the Data Act[2] will empower users in the EU with greater control over their IoT data, while establishing clear and fair rules for data holders on how to disclose it.
In addition, the EU’s data protection acquis, and in particular the General Data Protection Regulation[3], is fully applicable, including its requirements for personal data transfers to third countries, which are only allowed if continuity of protection is ensured.
Finally, EU-supported initiatives such as the Common European Data Spaces[4] and the open industry collaborations on automotive software and electronic hardware will promote interoperable standards and open technology platforms, reinforcing the European industry’s sovereignty and competitiveness.
[1] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52022PC0454
[2] https://eur-lex.europa.eu/eli/reg/2023/2854
[3] https://eur-lex.europa.eu/eli/reg/2016/679/oj
[4] SWD(2022) 45 final; SWD(2024) 21 final.
Last updated: 26 June 2024
Source – EU Parliament