New cyber laws aim to ‘put a firewall around’ citizens’ smart devices

Written by Sam Trendall on 25 November 2021 in News

Firms that breach guidelines could face multimillion-pound fines

Credit: Gerd Altmann from Pixabay

The government has claimed that new laws designed to increase protection for connected devices will “put a firewall around” smartphones and internet-enabled consumer products including televisions, doorbells and thermostats.

As well as increasing protective measures for devices, the legislation also makes provisions for a tough new regulatory environment, in which companies in breach of the law could face multimillion-pound fines.

Put before parliament this week, the Product Security and Telecommunications (PSTI) Bill proposes a requirement for the makers of phones and other smart devices to implement a number of security measures, including the clear provision of a point of contact to whom security researchers and consumers can report product bugs or flaws.

The laws will also introduce a ban on default generic passwords being pre-installed; each individual device will need to be equipped with its own unique password – which cannot then be reset to a standard factory setting. 

All products will also need to provide consumers with clear information – at point of sale – about the minimum length of time for which a device will receive patches and other security updates. If a product will receive no such updates after the point of purchase, this must be made clear at the outset, and buyers must also be kept updated with any changes in policy.

Related content

This proposal is particularly apposite, the government claimed, as about 80% of firms currently have no such measures in place.

Businesses in scope of the laws will include the manufacturers and retailers – both online and in shops – of any devices that can access the internet. As well as smartphones and computers, this will also include a comprehensive range of smart devices, such as security cameras, fridges, voice-activated virtual assistants, and baby monitors. Also covered by the bill are “products that can connect to multiple other devices but not directly to the internet… [such as] smart light bulbs, smart thermostats and wearable fitness trackers”, the government said.

The legislation will be enforced by a regulator – to be designated once the bill passes into law – that will have to power hit firms that contravene the law with fines of £10m or 4% of global turnover. Ongoing breaches of the rules could be punished with penalties of £20,000 a day.

Minister for media, data and digital infrastructure Julia Lopez said: “Every day hackers attempt to break into people’s smart devices. Most of us assume if a product is for sale, it’s safe and secure. Yet many are not, putting too many of us at risk of fraud and theft. Our bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards.”

Dr Ian Levy, technical director of the National Cyber Security Centre, added: “I am delighted by the introduction of this bill which will ensure the security of connected consumer devices and hold device manufacturers to account for upholding basic cybersecurity. The requirements this bill introduces – which were developed jointly by DCMS and the NCSC with industry consultation – mark the start of the journey to ensure that connected devices on the market meet a security standard that’s recognised as good practice.”

In addition to the smart-device measures, the PSTI bill also includes provisions intended to expedite to rollout of broadband and mobile networks. According to the government, the legislation proposes “reforms [that] will encourage quicker and more collaborative negotiations with landowners hosting the equipment, to reduce instances of lengthy court action which are holding up improvements in digital connectivity”.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

HMRC launches £140m procurement to support comms digitisation
26 April 2023

Five-year contract will cover all incoming and outgoing messages and ambition to operate in ‘similar ways to leading private sector companies’

Digital minister: ‘It’s important to the government that the British public has confidence in how we use their data’
23 May 2023

In a piece written for PublicTechnology, parliamentary secretary Alex Burghart discusses progress with One Login and the significance of legislative changes

HMRC finds strong support for online Child Benefit claims – but ‘digital by default’ would cause problems for one in five users
17 May 2023

Department publishes findings of study conducted ahead of planned digitisation initiative

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...