Smartphones, computers and smart devices can be perfectly functionning but become security liabilities or present access to certain software if not updated. Having to replace a functioning device because it might be vulnerable due to a lack of security updates, of because it can install an app update should be unacceptable.
This project aimed to advocate for stronger obligations on devices manufacturers to provide security update for the highest period possible (ideally the lifespan of the device) and increased information for users about software support periods at the purchas point (the idea of a “best before” label). In a team effort, we identified the Directive on Empowering Consumers in the Green Transition (or DECGT, ) 2024/825), the Cyber Resilience Act (or CRA, 2024/2847) and the ecodesign requirements for smartphones (2023/1669) as potential advocacy avenues to promote such obligations.
Throughout a campaign named Best Before Date campaign, I produced recommendations for amendments, developed educational content, conducted advocacy with Members of the European Parliament (MEPs) to shape legislation and participated in developing research on users’ expectations about how long software updates should be provided, .
This campaign and other efforts led to:
- An obligation on smartphone and tablet manufacturers to offer 5 years of OS updates after a product has been placed on the market;
- Obligation to inform consumers about the duration of the software update period (2024/825 - Art.2(b)(ea));
- Unbundling of security and feature updates in the DECGT to avoid slowing down of devices bundled with critical security patches (Annex I(4)(23e) and Annex I(4)(23j)).
Roles:
- Lead EU Advocacy
- Technical expert