UK launches consultation for new IoT consumer device regulation

1 May 2019

The UK Department for Digital, Culture, Media and Sport (DCMS) is launching a consultation about regulating Internet of things (IoT) consumer devices based on the IoT Code of Practice. According to the proposal, a new mandatory label will be accompanying IoT devices. The label will inform consumers about the level of security of the IoT devices they are purchasing. The proposal lists several possible suggestions for the label: (a) Manufacturers can choose whether to implement the UK government’s voluntary label or voluntarily pledge to implement the code guidelines (no regulation); (b) Retailers could only sell consumer IoT products that have the IoT security label. Manufacturers would have to self-assess and implement a security label on their consumer IoT products; (c) Retailers could only sell consumer IoT products that adhere to the top three guidelines of the code (unique passwords, vulnerability disclosure, and a minimum time for security updates) and the ETSI TS 103 645. Manufacturers would have to self-assess that their consumer IoT products adhere to the top three guidelines of the code; (d) Retailers could only sell consumer IoT products that comply with all 13 guidelines of the code and manufacturers would have to self-assess and ensure that the label is on the appropriate product packaging; (e) A potential consumer IoT certification scheme that may emerge from the EU cyber security certification framework established by the EU Cybersecurity Act could be adopted. The consultation is open till 5 June to the following parties: device manufacturers, IoT service providers, mobile application developers, retailers and those with a direct or indirect interest in the field of consumer IoT security, including consumer groups, academics, and technical experts.

Explore the issues

The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'.

Cybersecurity is among the main concerns of governments, Internet users, technical and business communities. Cyberthreats and cyberattacks are on the increase, and so is the extent of the financial loss. 

Yet, when the Internet was first invented, security was not a concern for the inventors. In fact, the Internet was originally designed for use by a closed circle of (mainly) academics. Communication among its users was open.

Cybersecurity came into sharper focus with the Internet expansion beyond the circle of the Internet pioneers. The Internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its disadvantage.

Consumer trust is one of the main preconditions for the success of e-commerce. E-commerce is still relatively new and consumers are not as confident with it as with real-world shopping. Consumer protection is an important legal method for developing trust in e-commerce.


The GIP Digital Watch observatory is provided by



and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top