Alongside the proposals is a call for views, asking the relevant sector to input their thoughts and evidence of the approach, exploring how the legislation will work in practice and ensuring it is as effective as possible.
The proposals focus on the three security requirements:
- All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting;
- Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner; and
- Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online
Over the summer, DCMS will be taking input on various issues, including what products will be in scope of the regulation, definitions and responsibilities of manufacturers and retailers and the potential powers which could be granted to any potential enforcement body.
This work is part of the UK government’s wider commitment to improving security across all consumer IoT devices, which recently also saw the implementation of the global standard implemented by the European Telecommunications Standards Institute (ETSI).
Developing an Industry View
Individuals and organisations can input direct to DCMS here.
techUK has been a longstanding supporter of Government efforts to improve security around consumer IoT and will be developing an industry wide response to the call for views. This will include both written input from members to Dan Patefield and a workshop to be held on 10 August.
If you have any queries at all please get in touch with the techUK team.