Laptop von der Seite, Hände auf der Tastatur über den Händen Symbole zum Thema Datenschutz — Credit: oatawa - adobestock.de

IT security

Consumers’ data and IT systems are increasingly faced with online threats. Examples include identity and data theft or attempts of digital blackmailing.

Current laws insufficiently protect consumers from these threats. For example, connected devices may enter the market without significant IT security mechanisms. Providers of digital services only have to meet vague specifications for securing their infrastructure. If security problems occur, affected consumers have no right to be notified quickly about the issue or, if necessary, to receive technical assistance in the form of security updates.

This is why vzbv is advocating for a legal obligation to implement security-by-default and security-by design: products need secure software designs and must contain pre-activated security mechanisms upon delivery.

      
        vzbv demands    
    
standard encryption of sensitive data
standard secure authentication mechanisms
provision of security updates over the entire product lifetime
immediate, targeted and comprehensible consumer information

Downloads

Recommendation for a consumer friendly Cyber Resiliance Act (CRA)

Recommendations of the Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband – vzbv) on the Cyber Resilience Act trilogue negotiations | August 2023

View
PDF | 218.96 KB

Safeguarding the Cybersecurity of Connected Products | Statement by the Federation of German Consumer Organisations | December 2022

Statement by the Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband - vzbv) on the European Commission's proposal for a regulation on cyber resilience (Cyber Resilience Act) | December 2022

View
PDF | 388.77 KB

Designing connected devices and digital services to be secure | Statement of vzbv | 9 October 2020

View
PDF | 242.11 KB

More on this topic

You can see Ramona Pop. The interior of the vzbv building can be seen in the background. — Credit: © Dominik Butzmann / vzbv

01.12.2023Cybersecurity: finally more security for smart products

Smart watches, robotic vacuum cleaners, digital locks – connected devices are part of many consumers’ everyday lives. However, this also means new everyday security problems for consumers. To date, consumers have had to rely on the good will of manufacturers when it comes to cybersecurity. The EU wants the Cyber Resilience Act (CRA) to change this. The Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband – vzbv) welcomes the new planned legislation, but criticises the fact that there is no obligation to provide security updates for a product’s full lifespan.

Kinder nutzen eine Smartwach — Credit: Maria - Adobe Stock

24.01.2023Protecting consumers from data theft and cyberattacks

The Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband – vzbv) welcomes the European Commission’s proposal to establish minimum cybersecurity standards for digital products and connected devices. However, in terms of consumer needs, the proposal falls far short of expectations. vzbv calls for independent checks, update obligations for an extended period of time for connected devices, and higher fines for companies in cases of non-compliance.