Is there an EU regulation mandating companies' IT equipment to be changed every three months?

Question

I had visited with my university a Greek IT company that specializes in refurbishing used computers and peripherals. The executive that toured us had mentioned that there is an EU regulation that requires companies to change their "computerization equipment" (both software and hardware) every three (or maybe it was six) months.

As a CS student, it seemed very strange to me that the EU is mandating such a short lifespan for devices that typically last for more than a year, so I pressed for more details, saying that a PC with a 4th-Gen Intel CPU (which she was talking about that time) is still very usable, and that Greek accounting laws state that the IT equipment's useful life for the purpose of depreciation is five years (perfectly reasonable). Her reply was that they can't do anything since that was an EU regulation, and that the Greek laws exemplify that the Greek state is a technological laggard.

This whole story seemed very fish to me. Is there actually such regulation?

Answer 1

No, there is no EU regulation mandating companies' IT equipment to be changed every three months.

Answer 2

This might be a result of misinformation accumulating along a communication chain, based originally on the fact that for laptop/desktop IT equipment, three years is a common lease length or purchase amortization time.

After three years, a leased device will be "paid in full" and purchased device will be fully amortized. Any factory warranty + optional warranty extension/support agreement will also tend to expire at about that time. Extending vendor support agreements for devices older than three years tends to have a higher price than an equivalent support deal for new equipment.

Also, for a laptop that has been in daily use for three years, it will be increasingly likely that it will need some form of service pretty soon: at least the battery will be worn out, if nothing else. So some businesses will make it a policy to replace laptops after three years of use, either as a matter of course, or "after three years of use, if you have any problem with it, it will be fixed by replacing it with a newer model." Apparently in large businesses, this tends to minimize the total cost of IT equipment + their maintenance with the current pricing models.

For enterprise-grade servers and storage systems, five years seems to be a similar milestone.

Answer 3

To speculate a little, you may have mis-heared - there is indeed a practice to rotate IT equipment, such as laptops etc., every three years in many companies. However, this is not an EU law (what would be the point of mandating private companies how long they are allowed to use hard- and software that they bought?). Instead, it has much to do with taxation - at least in central Europe, after three years computers are written off tax-wise. What this means is that a company does not generate any tax benefits anymore from this investment, making it a good time to rotate the computer (and potentially sell it to a refurbisher, such as the one you visited). Of course by far not all companies follow this idea, but quite a lot do.

Answer 4

My suspicion is that this is a complete misinterpretation of the Payment Card Industry (PCI) (not EU) security standards that are mandatory (by contract not by statute) for anyone handling payment card data, which require that passwords (not hardware or software) are changed every 90 days (not three months). Although in fact it’s an out-of-date standard, and regular forced password changes are no longer best practice.

Answer 5

As an EU citizen working in IT and frequently for the government (Bulgaria), I can confirm that I sometimes have to deal with equipment still in use as old as 15 years. The usual turnover is something like 3-5 years and is dictated by the needs and/or the available funds and not by some mandated time period.

The deprecation period of the IT equipment for accounting purposes is 3 years and it is more or less consistent over the EU.

Answer 6

It's likely that the person has misheard or misunderstood the message or the writ of the law.

As mentioned, when buying IT equipment, you usually calculate a lifespan of about 3-5 years before you start hunting for new software and hardware.

However, in a security context, it's recommended to have an update/patch overhaul at least every three months.

None of those points are directly mentioned or mandated by law, but they are more or less established guidelines.

Answer 7

No, there's no such thing and from a logical stand point is not even worth asking, if you think about it. I do IT for a central european MAN/VW truck repair shop and these guys have computers right around 20 years of age because the equipment they have build into their work enviroment was made around that time and the software for it is mostly very poorly written stuff, so it doesn't work at all on anything after win XP. So imagine a law like that in this particular scenario.