New laws to protect smart doorbells and other gadgets are world-first, minister claims
Paul Scully pledges that provisions are being made for imminent implementation of act
New laws on consumer tech security requirements will make the UK the first country in the world to offer such legal protections to the likes of smart doorbells, a minister has claimed.
The Product Security and Telecommunications Infrastructure Act – which received royal assent and passed into law in December – sets out measures that manufacturers of connected devices must adhere to. This includes a requirement that all devices must be sold with a unique password, and offer users no option to then reset this to a standard generic option.
Firms that sell internet-connected devices – which now encompasses products such as televisions and fridges, as well as phones and smart speakers – will also be required to provide clear information at the point of sale about the length of time for which products will receive patches and other security updates. Buyers must be kept informed of any subsequent changes to this policy.
- Digital minister says government will pass law to make smart devices safer ‘as soon as we can’
- Does the UK need an IoT regulator?
- Labour MP: If a device is called ‘smart’ – don’t buy it
The regulatory enforcement regime for the law – through which breaches could be punished with multimillion-pound fines, according to the government – has yet to be put in place.
But, according to Paul Scully, a minister at the recently created Department for Science innovation and Technology, such regulations will be passed imminently. After which, this country will offer world-leading protections to “consumer connectable products – including smart doorbells – sold to UK customers”.
“The government is committed to ensuring that the benefits that connectable technologies offer to individuals and the economy, are not at the expense of consumer security,” he said, in answer to a written parliamentary question from Labour shadow digital minister Stephanie Peacock.
Scully added: “Regulations will be made shortly to implement the new act, making the UK market the first in the world to benefit from these new protections. Manufacturers of consumer connectable products sold to UK consumers will be required to stop using universal default and easily guessable default passwords. Regulations will also require these manufacturers to publish a vulnerability disclosure policy on how security issues affecting their products can be reported to them, as well as information on the minimum length of time for which the manufacturer will provide security updates covering the product.”
Share this page
CONTRIBUTIONS FROM READERS
Please login to post a comment or register for a free account.
MSPs are issued with advice following consultation with National Cyber Security Centre
SMS alerts initiative has been in the works for five years and was originally slated to launch in October
Campaigners warn that ‘virtual actions are not adequately addressed’ by existing law or pending legislation
Cabinet Office minister says that department will release new guidelines ‘as soon as possible’
Related Sponsored Articles
Digital transformation will play a key role in the future of local government. David Bemrose, Head of Account Strategy for Local Government at Crown Commercial Service (CCS), introduces a new...