DCMS announces new legislation to strengthen consumer IoT security
The Department for Digital, Culture, Media and Sport (DCMS) plan will see all consumer smart devices sold in the UK adhere to the three rigorous security requirements...
Digital Minister Matt Warman MP yesterday announced plans for new legislation to protect millions of users of internet-connected devices from cyber threats.
The Department for Digital, Culture, Media and Sport (DCMS) plan will see all consumer smart devices sold in the UK adhere to the three rigorous security requirements for the Internet of Things (IoT). These are:
- All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting;
- Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner; and
- Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online
These proposals follow the Regulatory proposals for consumer Internet of Things (IoT) security consultation through which DCMS engaged with industry on throughout 2019. That outlined Government thinking on how to build on 2018’s voluntary Secure by Design Code of Practice for consumer IoT security. DCMS has now released a comprehensive response to the consultation alongside the proposals which can be accessed here.
Government has now confirmed plans to adopt a staged approach to enforcing the top three guidelines in the Code of Practice through regulation, it has following industry feedback, agreed to consult further and modify plans in some key areas.
Whilst Government will in the future look to mandate further security requirements it will not now proceed with launching a voluntary labelling scheme for consumer IoT products. This will include examining an alternative option to the labelling scheme whereby retailers would be responsible for providing information to the consumer at the point of sale (both online and in stores).
The Government will also continue to work with international partners to ensure a global approach to IoT security is working with international partners to ensure that the guidelines drive a consistent, global approach to IoT security, ensuring that UK standards and regulation play a leading role and ensuring industry is able to easily trade internationally.
Digital Minister Matt Warman said:
“We want to make the UK the safest place to be online with pro-innovation regulation that breeds confidence in modern technology.
“Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety.
“It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”
Matthew Evans, Director of Markets, techUK said:
“Consumer IoT devices can deliver real benefits to individuals and society but techUK’s research shows that concerns over poor security practices act as a significant barrier to their take-up. techUK is therefore supportive of the Government’s commitment to legislate for cyber security to be built into consumer IoT products from the design stage.
“techUK has been working on these three principles for the past four years. We support the work to ensure that they are consistent and are influencing international standards.
“We look forward to working closely with Government and industry to ensure the implementation of the legislation provides protection for consumers whilst continuing to promote innovation within the IoT sector.”
The full Government response to the consultation on Regulatory proposals for consumer Internet of Things (IoT) security can be found here.
Latest News from
Defence and Security SME Forum Survey Results24/09/2021 16:25:00
Over the summer, techUK’s Defence and Security SME Forum asked the SME community within techUK's membership to take part in a survey examining engagement with the UK Ministry of Defence (MOD).
UK National AI Strategy24/09/2021 11:25:00
Summary of major announcements from the UK Government's National AI Strategy.
Inclusive Economy Partnership (IEP) and Dell Technologies launch the Digital Inclusion Impact Group23/09/2021 15:15:00
techUK is a part of a group of industry, government, and civil society leaders to tackle digital exclusion in the UK.
Tackling greenwashing: CMA published new guidance on green claims21/09/2021 14:15:00
Companies have until the New Year to address potentially misleading claims
techUK industry briefing with the Greater Manchester Combined Authority21/09/2021 12:05:00
Insights from the GMCA Digital team
MHRA announce consultation on the future regulation of medical devices20/09/2021 16:20:00
The Medicines and Healthcare products Regulatory Agency (MHRA) is inviting members of the public to provide their views on possible changes to the regulatory framework for medical devices in the UK, aiming to develop a new regime for medical devices.
Tech Industry Gold accreditation extended to training programmes to help tackle digital skills shortages20/09/2021 15:20:00
TechSkills announces FDM as first to achieve Tech Industry Gold accreditation for training programmes.
Over a third of tech firms join Race to Zero campaign20/09/2021 13:15:00
Over a third of tech firms join Race to Zero campaign