BEGIN ARTICLE PREVIEW:
The U.K. government recently launched a consultation process for regulating consumer Internet of Things (IOT) security. This could have significant implications for U.S. manufacturers, given that the U.K. will remain a key sales market following Brexit.
The proposals seek to better protect consumers’ privacy and online security, which can be put at risk by non-secure devices. They also recognize the urgent need to shift the onus from consumers securing their own devices and ensure that strong cybersecurity is built into these “smart” products by design. The U.K. will be one of the first countries to legislate specifically in relation to IOT security. Other countries may look to the detail of U.K. regulations and their effect, particularly if the U.K. approach becomes the de facto international standard.
Summary of Proposals
The U.K. government is concerned that despite the introduction of a self-regulatory Code of Practice in October 2018 (COP), there are still significant security flaws in many products on the market. The U.K. proposals seek to expand on the COP, which covers 13 areas (or outcome-focused guidelines) that are widely considered good practice, including requirements that all IOT device passwords are unique, all software is …
END ARTICLE PREVIEW