New cyber laws aim to ‘put a firewall around’ citizens’ smart devices

Written by Sam Trendall on 25 November 2021 in News

Firms that breach guidelines could face multimillion-pound fines

Credit: Gerd Altmann from Pixabay

The government has claimed that new laws designed to increase protection for connected devices will “put a firewall around” smartphones and internet-enabled consumer products including televisions, doorbells and thermostats.

As well as increasing protective measures for devices, the legislation also makes provisions for a tough new regulatory environment, in which companies in breach of the law could face multimillion-pound fines.

Put before parliament this week, the Product Security and Telecommunications (PSTI) Bill proposes a requirement for the makers of phones and other smart devices to implement a number of security measures, including the clear provision of a point of contact to whom security researchers and consumers can report product bugs or flaws.

The laws will also introduce a ban on default generic passwords being pre-installed; each individual device will need to be equipped with its own unique password – which cannot then be reset to a standard factory setting. 

All products will also need to provide consumers with clear information – at point of sale – about the minimum length of time for which a device will receive patches and other security updates. If a product will receive no such updates after the point of purchase, this must be made clear at the outset, and buyers must also be kept updated with any changes in policy.

Related content

This proposal is particularly apposite, the government claimed, as about 80% of firms currently have no such measures in place.

Businesses in scope of the laws will include the manufacturers and retailers – both online and in shops – of any devices that can access the internet. As well as smartphones and computers, this will also include a comprehensive range of smart devices, such as security cameras, fridges, voice-activated virtual assistants, and baby monitors. Also covered by the bill are “products that can connect to multiple other devices but not directly to the internet… [such as] smart light bulbs, smart thermostats and wearable fitness trackers”, the government said.

The legislation will be enforced by a regulator – to be designated once the bill passes into law – that will have to power hit firms that contravene the law with fines of £10m or 4% of global turnover. Ongoing breaches of the rules could be punished with penalties of £20,000 a day.

Minister for media, data and digital infrastructure Julia Lopez said: “Every day hackers attempt to break into people’s smart devices. Most of us assume if a product is for sale, it’s safe and secure. Yet many are not, putting too many of us at risk of fraud and theft. Our bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards.”

Dr Ian Levy, technical director of the National Cyber Security Centre, added: “I am delighted by the introduction of this bill which will ensure the security of connected consumer devices and hold device manufacturers to account for upholding basic cybersecurity. The requirements this bill introduces – which were developed jointly by DCMS and the NCSC with industry consultation – mark the start of the journey to ensure that connected devices on the market meet a security standard that’s recognised as good practice.”

In addition to the smart-device measures, the PSTI bill also includes provisions intended to expedite to rollout of broadband and mobile networks. According to the government, the legislation proposes “reforms [that] will encourage quicker and more collaborative negotiations with landowners hosting the equipment, to reduce instances of lengthy court action which are holding up improvements in digital connectivity”.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Calls to expand biometrics watchdog to commercial entities
17 February 2023

Scotland’s world-first regime needs to go further, critics have claimed

Government warned over need to protect the metaverse in Online Safety laws
17 March 2023

Campaigners warn that ‘virtual actions are not adequately addressed’ by existing law or pending legislation

Government guidance on use of private email and WhatsApp to be updated for first time in a decade
15 March 2023

Cabinet Office minister says that department will release new guidelines ‘as soon as possible’

How CDDO is working to make government services great
14 March 2023

In this piece for PublicTechnology, head of strategy and standards Ben Tate provides an update on the digital unit's work to transform the most important citizen services

Related Sponsored Articles

Digital transformation – a guide for local government
6 March 2023

Digital transformation will play a key role in the future of local government. David Bemrose, Head of Account Strategy for Local Government at Crown Commercial Service (CCS), introduces a new...