New legislation for the Internet of Things

The UK government is aiming to tighten up consumer protection on Internet of Things (IoT) devices with the introduction of new legislation.

The Product Security and Telecommunications Infrastructure Bill puts new cyber security standards on manufacturers, importers and distributors of internet-connectable devices, such as phones, tablets, smart TVs and fitness trackers.

The legislation going before Parliament will also apply to products that can connect to multiple devices such as smart light bulbs and thermostats.

The new laws, if passed, include banning universal default passwords, forcing companies to be more transparent about how they fix security flaws as well as creating a better public reporting pathway if any vulnerabilities discovered. As part of the overhaul, firms will also have a duty to investigate compliance failures, produce statements of compliance and maintain appropriate records.

Any breaches could result in fines of up to £10m or 4% of global turnover. In ongoing cases the fines could be up to £20,000 a day.

The legislation comes amid the surging use of IoT devices, with every household an owning an average of nine.

Consumer champions Which? recently published an investigation demonstrating that Smart-linked homes could face thousands of cyber attacks a week as criminals look to exploit devices’ vulnerable security.

A new regulator will also be appointed and have the powers to require firms to comply with the security requirements, recall their products or stop selling /supplying them altogether.