Home / News

Major Regulatory Changes Needed as Safety and Security Merge, Warns European Commission Report

University of Cambridge’s Professor Ross Anderson explains why safety should be higher on the agenda than privacy.  (From the Computerphile YouTube channel)

As we increasingly move towards an IoT world, vendors of safety-critical devices will be patching their systems just as regularly as phone and computer vendors do now. Researchers warn that many regulators who previously thought only in terms of safety will have to start thinking of security as well. From a recent project conducted by a research group at Computer Laboratory of the University of Cambridge for the European Commission, comes a report on what will happen to safety regulation once computers are embedded invisibly everywhere. This will require major changes to safety regulation and certification, the report warns.

“At present, the regulation of safety is largely static, consisting of pre-market testing according to standards that change slowly if at all. Product recalls are rare, and feedback from post-market surveillance is slow, with a time constant of several years. In the future, safety with security will be much more dynamic; vendors of safety-critical devices will patch their systems once a month, just as phone and computer vendors do now. This will require major changes to safety regulation and certification, made more complex by multiple regulatory goals. For these reasons, a multi-stakeholder approach involving co-vigilance by multiple actors is inevitable.”

“The EU is already the world’s main privacy regulator, as Washington doesn’t care and nobody else is big enough to matter ... The strategic political challenge facing the European Union is whether it wants to be the world’s safety regulator. If it rises to this challenge, then just as engineers in Silicon Valley now consider Europe to be the world’s privacy regulator, they will defer to Europe on safety too. The critical missing resource is expertise on cybersecurity, and particularly for the European regulators and other institutions that will have to adapt to this new world.”

“The strategic research challenge will include how we make systems more sustainable. At present, we have enough difficulty creating and shipping patches for two-year-old mobile phones. How will we continue to patch the vehicles we’re designing today when they are 20 or 30 years old? How can we create toolchains, libraries, APIs and test environments that can be maintained not just for years but for decades?”

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix


Sponsored byVerisign