DCMS announces new legislation to strengthen consumer IoT security

Digital Minister Matt Warman MP has today announced plans for new legislation to protect millions of users of internet-connected devices from cyber threats.

The Department for Digital, Culture, Media and Sport (DCMS) plan will see all consumer smart devices sold in the UK adhere to the three rigorous security requirements for the Internet of Things (IoT). These are:

  1. All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting; 
  2. Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner; and
  3. Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online

These proposals follow the Regulatory proposals for consumer Internet of Things (IoT) security consultation through which DCMS engaged with industry on throughout 2019. That outlined Government thinking on how to build on 2018’s voluntary Secure by Design Code of Practice for consumer IoT security. DCMS has now released a comprehensive response to the consultation alongside todays proposals which can be accessed here.

Government has now confirmed plans to adopt a staged approach to enforcing the top three guidelines in the Code of Practice through regulation, it has following industry feedback, agreed t consult further and modify plans in some key areas.

Whilst Government will in the future look to mandate further security requirements it will not now proceed with launching a voluntary labelling scheme for consumer IoT products. This will include examining an alternative option to the labelling scheme whereby retailers would be responsible for providing information to the consumer at the point of sale (both online and in stores).

The Government will also continue to work with international partners to ensure a global approach to IoT security is working with international partners to ensure that the guidelines drive a consistent, global approach to IoT security, ensuring that UK standards and regulation play a leading role and ensuring industry is able to easily trade internationally.

Digital Minister Matt Warman said:

“We want to make the UK the safest place to be online with pro-innovation regulation that breeds confidence in modern technology.

Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety.

It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”

Matthew Evans, Director of Markets, techUK said:

“Consumer IoT devices can deliver real benefits to individuals and society but techUK’s research shows that concerns over poor security practices act as a significant barrier to their take-up. techUK is therefore supportive of the Government’s commitment to legislate for cyber security to be built into consumer IoT products from the design stage.

techUK has been working on these three principles for the past four years. We support the work to ensure that they are consistent and are influencing international standards.

We look forward to working closely with Government and industry to ensure the implementation of the legislation provides protection for consumers whilst continuing to promote innovation within the IoT sector.”

The full Government response to the consultation on Regulatory proposals for consumer Internet of Things (IoT) security can be found here.

The original techUK response to the consultation can be accessed here.

  • Talal Rajab

    Talal Rajab

    T 020 7331 2189
  • Matthew Evans

    Matthew Evans

    Director | Markets
    T 020 7331 2034
  • Dan Patefield

    Dan Patefield

    Programme Manager | Defence and Cyber
    T 020 7331 2165

Share this


Patent Box is a valuable resource for both manufacturers and service companies that plan to become, leaders in AI o… https://t.co/ZO5BYec3ot
Guest Blog: Game on - building cyber skills through interactive apps by @DrMeredyddWllms at @RokeManor as part of o… https://t.co/lejwKJhyMH
Our first ever Spring #healthtech Dinner, takes place in Leeds on 21 April. Join leaders from across the healthca… https://t.co/NZDbnXm3vf
Guest Blog: Building a Workforce to Keep Us Safe Online by Martin Ewings, Director and Brand Leader for… https://t.co/SwUSotyMUC
Guest Blog: It's a Matter of Trust - How Security Vendors can Build Trust Using PR by Geraldine Fernandez, Associat… https://t.co/DIEfPHZUK6
Guest Blog: How Do You Remain Savvy With Your Supply Chain by @colinrobbins Managing Security Consultant at @Nexorhttps://t.co/OZWVYiFVt3
Digital Secretary @OliverDowden has today announced a £65m package for 5G projects: £35m for nine consortia who suc… https://t.co/dYEaejirfV
Become a Member

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...