Proposals for new law on smart device security requirements revealed
The Government has published proposals which will make it a legal requirement for smart devices to include certain security protections.
The proposed legislation focuses on makers of internet-connected smart devices such as smart speakers, kitchen appliances and cameras.
The requirements would ask manufacturers to ensure unique device passwords for products when they ship which are not resettable to any universal setting, as well as provide a public point of contact for people to report vulnerabilities and also state the minimum length of time for which a device will receive security updates.
Breaches of the proposed new laws could see manufacturers temporarily banned from selling the product in question while tests on it are carried out, as well as permanent bans for products found to be insecure.
Fines, recall notices and court orders for the confiscation or destruction of a dangerous product have also been named as potential powers.
The proposals have been drawn up by the Department for Digital, Culture, Media and Sport (DCMS) with input from the National Cyber Security Centre (NCSC) as part of the Government’s aim to make the UK the “safest place to be online”.
Digital Infrastructure Minister Matt Warman said the announcement is a “significant step forward” in the Government’s plans to secure smart devices and protect user privacy.
“I urge organisations to respond to these proposals so we can make the UK the safest place to be online with pro-innovation regulation that inspires consumer confidence in our tech products,” he said.
“People should continue to change default passwords on their smart devices and regularly update software to help protect themselves from cyber criminals.”
Responding to the Government’s announcement, Rocio Concha, director of advocacy at consumer group Which?, said: “Which? has repeatedly exposed popular connected devices with serious security flaws that fall well short of agreed voluntary standards, and leave consumers at the mercy of cyber criminals – so new laws to tackle this issue are an important step and can’t come soon enough.
“Legislation, which must be backed by strong enforcement, should be introduced as soon as possible.
“In the meantime, retailers and online marketplaces must do more to prevent blatantly unsecure products being sold and manufacturers need to be more proactive at addressing security issues with their products.”