New UK IoT Security Law

On the 27th January 2020, the UK Government announced its plans to introduce a new law which will control the security of any IoT device sold within the UK.

https://www.gov.uk/government/news/government-to-strengthen-security-of-internet-connected-products details the announcement, including the key points.

  • All consumer internet-connected device passwords must be unique and not re-settable to any universal factory setting
  • Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner
  • Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online

Clearly the wait is now on to see when the new law will appear, what this will actually mean for the market, and exactly what will happen to all the imports from foreign markets.

The above proposals are all really sound foundation principals, so it should be a small change for any legitimate company looking to market a serious device.

Lets see what comes next…