Code of practice for IoT security in the UK

14 Oct 2018

The UK department for Digital, Culture, Media and Sport and the National Cyber Security Centre (NCSC), in engagement with industry and consumer associations, and academia, published a Code of Practice for Internet of Things (IoT) security. The aim of the code is to ensure that products are secured by design. As such, it provides guidance mainly to device manufacturers, IoT service providers, mobile application developers, and retailers. The Code of Practice includes 13 outcome-focused guidelines, which are based on good practices in IoT security. The first draft of the code was published as part of the department’s secure by design report  from March 2018

Explore the issues

The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'.

Cybersecurity is among the main concerns of governments, Internet users, technical and business communities. Cyberthreats and cyberattacks are on the increase, and so is the extent of the financial loss. 

Yet, when the Internet was first invented, security was not a concern for the inventors. In fact, the Internet was originally designed for use by a closed circle of (mainly) academics. Communication among its users was open.

Cybersecurity came into sharper focus with the Internet expansion beyond the circle of the Internet pioneers. The Internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its disadvantage.


The GIP Digital Watch observatory is provided by



and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top