Digital Minister Matt Warman MP has announced plans for new legislation to protect millions of users of internet-connected devices from cyber threats.
The Department for Digital, Culture, Media and Sport (DCMS) plan will see all consumer smart devices sold in the UK adhere to the three rigorous security requirements for the Internet of Things (IoT). These are:
1. All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting;
2. Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner; and
3. Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online
These proposals follow the Regulatory proposals for consumer Internet of Things (IoT) security consultation through which DCMS engaged with industry on throughout 2019. That outlined Government thinking on how to build on 2018’s voluntary Secure by Design Code of Practice for consumer IoT security. DCMS has now released a comprehensive response to the consultation alongside todays proposals which can be accessed here.
Government has now confirmed plans to adopt a staged approach to enforcing the top three guidelines in the Code of Practice through regulation, it has following industry feedback, agreed to consult further and modify plans in some key areas.
Whilst Government will in the future look to mandate further security requirements it will not now proceed with launching a voluntary labelling scheme for consumer IoT products. This will include examining an alternative option to the labelling scheme whereby retailers would be responsible for providing information to the consumer at the point of sale (both online and in stores).
The Government will also continue to work with international partners to ensure a global approach to IoT security is working with international partners to ensure that the guidelines drive a consistent, global approach to IoT security, ensuring that UK standards and regulation play a leading role and ensuring industry is able to easily trade internationally.
Digital Minister Matt Warman said:
“We want to make the UK the safest place to be online with pro-innovation regulation that breeds confidence in modern technology.
Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety.
It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”
The full Government response to the consultation on Regulatory proposals for consumer Internet of Things (IoT) security can be found here.
