EU Commission Amends REACH Annexes
Published in the Official Journal of the European Union, Commission Regulation (EU) 2022/477 modifies, adds, or deletes text affecting more than 50 separate points under Annexes VI through X of the REACH regulation. Most of these changes address specific issues related to clarification of the requirements for testing for substances for potential mutagenicity and for reproductive toxicity.
The text changes to the REACH Annexes apply as of October 14, 2022.
According to a Public Notice, the Commission’s Public Safety and Homeland Security Bureau has added the following equipment or services to its “Covered List” under the Secure and Trusted Communications Networks Act of 2019:
- Information security products, solutions, and services supplied, directly or indirectly by AO Kaspersky Lab;
- International telecommunications services provided by China Mobile International USA; and
- Telecommunications services provided by China Telecom (Americas) Corporation.
The three companies join Huawei Technologies, ZTE Corporation, and other China-based technology companies whose telecommunications equipment and video surveillance technologies have been banned from use in federal information systems.
The consultation seeks input on Directive 2011/65/EU (also known as the RoHS Directive) specific to several potential policy options, including supplementing the Directive with informal guidances, replacing the Directive with a Regulation to provide uniform application across the EU, or repealing the RoHS Directive altogether and integrating its key provisions into the EU’s REACH Regulation.
The Commission is seeking input from a wide range of stakeholders, including authorities in EU Member States, business associations and companies, workers associations and trade unions, and individuals. Comments must be submitted by not later than June 2, 2022.
The FDA alert follows an advisory issued by the federal Cybersecurity and Infrastructure Security Agency (CISA) that identified several specific areas of vulnerability to cyberattacks related to the use of Axeda agent and Axeda Desktop Server. The Axeda agent and Axeda Desktop Server are remote connectivity software applications used to allow multiple parties to securely view and operate the same remote desktop through the Internet and are reportedly used in connection with numerous medical devices across several different device manufacturers.
The specific vulnerabilities in the Axeda software identified in the CISA advisory include:
- Use of hard-coded credentials
- Missing authentication for critical functions
- Exposure of sensitive information to unauthorized parties
- Improper check or handling of exceptions conditions
According to the FDA Cybersecurity Alert, PTC (the company that owns and supports the Axeda agent and Axeda Desktop Server) recommends that manufacturers whose devices utilize the software take several specific steps to mitigate the cyber vulnerability risk, including upgrading to the latest version of the Axeda agent and providing a unique password for each unit running the Axeda Desktop Server.