In this article, John Eustice discusses the legal questions that may arise for Internet of Things (IoT) device manufacturers as a result of the European Union's (EU's) Cybersecurity Act. The Act is currently in its proposal phase addresses standards of safety, certification processes, and regulatory issues such as cross-border data transfers. "If the Act passes and certification becomes a necessity to effectuate profitable sales of ICT [information communications technology] and IoT devices in Europe, U.S. manufacturers of such products may need to navigate the GDPR [General Data Protection Regulation], the NISD [Network Infrastructure Security Directive], and the Act in concert," Eustice wrote. "As the U.S. Chamber of Commerce seems to recognise, this could be costly. In any event, all companies involved in the ICT and IoT industry should follow closely the finalisation of the Act in the EU Council and Parliament."