The trade association DIGITALEUROPE published a report about security standards for IoT devices. The main conclusions from the report are as follows: (1) 70% of baseline cybersecurity requirements are common across all connected products. Therefore new, horizontal legislation is most appropriate to deal with the topic. (2) 94% of interviewed experts find that sufficient cybersecurity cannot focus primarily on product features. So existing product legislation should not be used to address cybersecurity, or it should be focused on product-related requirements. (3) It will take five years to develop and apply harmonised standards.
The data in this report is based on 18 interviews with cybersecurity experts actively involved in European and international standards organisations (72% of the experts are active in European standardisation organisations, and 28% are engaged in international bodies)