Skip to main content

UK sets out new cyberscurity laws for IoT era

IoT
(Image credit: Image source: Shutterstock/everything possible)

The UK government is planning a new set of laws that aims to improve the security of consumer-oriented Internet of Things (IoT) devices.

In a press release, the UK government said Brits are increasingly purchasing various internet-connected devices, from smartwatches to cameras, seemingly oblivious to the threats that come with these devices.

To make sure manufacturers do all they can to keep their customers safe, the UK government’s plan is to force them to inform each customer, at the point of sale, how long the device will receive much-needed security updates.

Manufacturers will also be banned from selling devices with simple and easy-to-guess default credentials, such as “admin” or “password”. Further, all manufacturers will need to set up a point of contact where customers will be able to easily report a flaw or a vulnerability.

“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords,” said Matt Warman, Digital Infrastructure Minister.

“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”

The UK government says Brits have been increasingly purchasing internet-connected devices during the pandemic. It believes that by forcing manufacturers to be upfront about support times, the law will help prevent users from “unwittingly leaving themselves open to cyber threats”.

No precise timeframe has been set for the implementation of the law, other than “as soon as parliamentary time allows”.