Europe & UK

January 30, 2020

UK makes stricter laws revolving around IoT cybersecurity

[ by Kavita Krishnan ]


The United Kingdom (UK) has tightened laws revolving around Internet of Things (IoT) cyber security to help protect its citizens and businesses from the rising threats posed by cyber criminals and the increasingly targeting IoT devices.

Under the proposed measures by the government, all IoT and consumer smart devices will be mandatorily required to adhere to specific security requirements. The proposed measures from the Department for Culture, Media and Sports (DCMS) have been developed in conjunction with the UK’s National Cyber Security Centre (NCSC) and is the result of a consultation with information security experts, product manufacturers and retailers and others.

According to Matt Warman, Minister for digital and broadband at DCMS, the new law will hold firms manufacturing and selling internet-connected devices responsible and stop hackers threatening people’s privacy and safety.

Many connected devices are shipped with simple, default passwords that in most cases cannot be changed, while some IoT product manufacturers often lack a medium to connect to them in case of any vulnerabilities to be reported – especially if that device is produced on the other side of the world.

The new legislation requires that IoT devices must follow three particular rules to be allowed to sell products in the UK. They are –

• All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting

• Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner

• Manufacturers of such IoT devices must explicitly state the minimum length of time that the device will receive security updates at the point of sale, either in store or online

The new law proposes that if IoT products fail to follow these rules, such devices could potentially be banned from sale in the UK.

In certain cases where IoT products suddenly stop receiving support from manufacturers, providing an exact length of time that devices will be supported will allow users to think about how secure the product will be in the long term.

According to said Nicola Hudson, Policy and Communications Director at the NCSC, development of such legislation to ensure that citizens are better protected is hugely welcomed.

On the same lines, ENISA, the European Union’s cybersecurity agency, is also working towards legislation in this area, while the US government is also looking to regulate IoT in an effort to protect against cyberattacks.

Related Post

latest News

  • Foreign Portfolio Investors Lobby Group Opposes More Inspection Powers For Securities & Exchange Board Of India

    The Asia Securities Industry and Financial Markets Association (ASIFMA) has opposed the H R Khan Committee recommendation which would give capital mar...

    Read More
  • DoT Rejects Aircel Resolution Plan Citing Insufficient Provision Of Funds To Cover For Its License And Spectrum Related Dues

    The resolution proposal cleared by the lenders of bankrupt telecom company Aircel has been rejected by the Department of Telecommunications (DoT).

    Read More
  • Ram Jethmalani, one of India’s greatest and legendary criminal lawyer passes away

    Eminent lawyer and Former Union Law Minister Ram Jethmalani passed away on 8th September 2019 at the age of 95.

    Read More