compliance news

EU Commission Amends REACH Annexes

The Commission of the European Union (EU) has amended portions of its regulation on the registration, evaluation, authorization, and restriction of chemicals (Regulation (EC) No 1907/2006, also known as REACH) to provide more clarity on the obligations of registrants regarding the submission of required information.

Published in the Official Journal of the European Union, Commission Regulation (EU) 2022/477 modifies, adds, or deletes text affecting more than 50 separate points under Annexes VI through X of the REACH regulation. Most of these changes address specific issues related to clarification of the requirements for testing for substances for potential mutagenicity and for reproductive toxicity.

The text changes to the REACH Annexes apply as of October 14, 2022.

FCC Expands List of Communications Equipment That Pose Security Threat
The U.S. Federal Communications Commission (FCC) has added additional products to its list of communications equipment and services that are deemed to pose a risk to U.S. national security or U.S. citizens.

According to a Public Notice, the Commission’s Public Safety and Homeland Security Bureau has added the following equipment or services to its “Covered List” under the Secure and Trusted Communications Networks Act of 2019:

  • Information security products, solutions, and services supplied, directly or indirectly by AO Kaspersky Lab;
  • International telecommunications services provided by China Mobile International USA; and
  • Telecommunications services provided by China Telecom (Americas) Corporation.

The three companies join Huawei Technologies, ZTE Corporation, and other China-based technology companies whose telecommunications equipment and video surveillance technologies have been banned from use in federal information systems.

EU Commission Initiates Public Consultation on RoHS
The Commission of the European Union (EU) has launched a public consultation on the EU’s Directive on the use of certain hazardous substances in electrical and electronic equipment to solicit input on potential changes to improve this landmark legislation.

The consultation seeks input on Directive 2011/65/EU (also known as the RoHS Directive) specific to several potential policy options, including supplementing the Directive with informal guidances, replacing the Directive with a Regulation to provide uniform application across the EU, or repealing the RoHS Directive altogether and integrating its key provisions into the EU’s REACH Regulation.

The Commission is seeking input from a wide range of stakeholders, including authorities in EU Member States, business associations and companies, workers associations and trade unions, and individuals. Comments must be submitted by not later than June 2, 2022.

FDA Warns of Medical Device Cyber Vulnerabilities
The U.S. Food and Drug Administration (FDA) has issued an alert to medical device manufacturers and users regarding a cybersecurity vulnerability identified in connection with a widely used web-based software technology.

The FDA alert follows an advisory issued by the federal Cybersecurity and Infrastructure Security Agency (CISA) that identified several specific areas of vulnerability to cyberattacks related to the use of Axeda agent and Axeda Desktop Server. The Axeda agent and Axeda Desktop Server are remote connectivity software applications used to allow multiple parties to securely view and operate the same remote desktop through the Internet and are reportedly used in connection with numerous medical devices across several different device manufacturers.

The specific vulnerabilities in the Axeda software identified in the CISA advisory include:

  • Use of hard-coded credentials
  • Missing authentication for critical functions
  • Exposure of sensitive information to unauthorized parties
  • Improper check or handling of exceptions conditions

According to the FDA Cybersecurity Alert, PTC (the company that owns and supports the Axeda agent and Axeda Desktop Server) recommends that manufacturers whose devices utilize the software take several specific steps to mitigate the cyber vulnerability risk, including upgrading to the latest version of the Axeda agent and providing a unique password for each unit running the Axeda Desktop Server.

Share this story: