Government introduces IoT security laws

Written by Sam Trendall on 28 January 2020 in News

All devices will need to conform to three security requirements

The government is implementing a new law designed to ensure the security of internet of things devices.

The legislation will require all smart consumer devices to meet three requirements. 

The first of these is that they must require users to set unique passwords, which cannot then be reset to a “universal factory setting”.

The second requirement is that all device manufacturers need to offer a clear point of contact through which the public can report a flaw or security vulnerability – which vendors will then be expected to address “in a timely manner”.

Related content

The third requirement is that manufacturers must provide – at the point of sale, either online or in-store – clear information on the minimum length of time for which the device will be supported with security updates.

The new legislation has been an introduced following the conclusion of a consultation on IoT security led by the Department for Digital, Culture, Media and Sport

The law was developed by DCMS and the National Cyber Security Centre. Government plans to “further develop legislation that effectively protects consumers, is implementable by industry and supports the long-term growth of the IoT”. Additional laws will be introduced “as soon as possible”.

Digital minister Matt Warman said: “We want to make the UK the safest place to be online with pro-innovation regulation that breeds confidence in modern technology. Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety. It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”

Nicola Hudson, policy and communications director at the NCSC, added: “Smart technology is increasingly central to the way we live our lives, so the development of this legislation to ensure that we are better protected is hugely welcomed. It will give shoppers increased peace of mind that the technology they are bringing into their homes is safe, and that issues such as pre-set passwords and sudden discontinuation of security updates are a thing of the past.”


About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

How big is the UK’s cyber skills gap?
7 July 2020

A major government-commissioned study found that about half of UK organisations are lacking basic security skills. PublicTechnology talks to the researchers behind to find out where the...

Welcome to Cyber Week
6 July 2020

Introducing a dedicated week of features, interviews and exclusive research

The fog of cyberwar
6 July 2020

For governments and armed forces around the world, the digital domain has become a potential battlefield. But this new realm of warfare brings with it many ethical and legal complications....

Cyber national security: how the UK has prepared itself for major attacks
6 July 2020

We are approaching the fourth anniversary of the foundation of the NCSC and the threats it was created to respond to loom larger than ever. PublicTechnology examines the growth of the UK’...

Related Sponsored Articles

Interview: CyberArk EMEA chief on how government has become a security leader
29 May 2020

PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right