DCMS - update on new legislation for IoT Secure by Design 

Several members will recall our meetings with DCMS on their proposals for upgraded security for Internet of Things (IoT) consumer products. 

They have now issued an extensive media release with further details on their plans. 

This seems to be a call to business to get its act into gear in preparation and a message to consumers to be more aware given the huge number of additional products purchased in the pandemic. 

Legislation is coming - but depends on the availability of Parliamentary time. The intentions for the legislation are updated in a separate announcement. 

The products covered include 

  • Smartphones
  • Connected cameras, TVs and speakers
  • Connected children’s toys and baby monitors
  • Connected safety-relevant products such as smoke detectors and door locks
  • Internet of Things base stations and hubs to which multiple devices connect
  • Wearable connected fitness trackers
  • Outdoor leisure products, such as handheld connected GPS devices that are not wearables
  • Connected home automation and alarm systems
  • Connected appliances, such as washing machines and fridges
  • Smart home assistants

Second hand products are excluded. 

The BRC campaigned for manufacturers to have the main responsibility for providing information on security updates and this has largely been recognised - though importers will have the responsibility not to place a product on the market that is non compliant if the manufacturer is based overseas and does not have a legal representative in the UK. 

Otherwise the main obligation is to provide point of sale information to consumers. 

The Government has also announced three recognised standards against which to judge compliance - for connected toys; for smart TVs and for smaller developers. 

We will continue to ask the intention about existing stock sell through and a legal obligation on manufacturers to provide the information retailers need.