DCMS Call for Views on Regulating Consumer Smart Product Cyber Security

The UK Government’s Department for Digital, Culture, Media and Sport has today published a call for views on proposals to legislate stronger security measures for smart devices marketed at consumers.

It will come as no surprise to those familiar with the Code of Practice for Consumer IoT Security [PDF format] published by DCMS in 2018 that the three main areas of security for proposed legislation are:

• No default passwords
• Ensure a means of reporting vulnerabilities
• Ensure transparency on the period a device will receive security updates.

Different to the Code of Practice, there are proposed obligations on producers and distributors and enforcement actions for non-compliance, all the way up to mandatory destruction of the device, although there is not, at present, a defined regulator to undertake this work.

Importantly, in a major change to the Conde of Practice, computers, smartphones and laptops are also brought in scope.

There is an online tool for responding (other options for response are detailed out in the call for view document).

Deadline for responses is 23:59 (UK time) 6 September, 2020.