Johannes 
In a nutshell, once this ⬇️ is signed into law (which is supposed to happen some time this year), new devices sold in the EU will be required to support security updates and other best practices that have been ignored by default by IoT makers in the past.
https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act
https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
Cyber Resilience Act
Introducing the Cyber Resilience Act: the EU's new plan to make sure all digital products are safe from cyber threats. This important rulebook requires that devices and software are designed, updated, and maintained to protect users in our increasingly digital world. Experience a safer, more connected future where your security comes first.