UK publishes its plans on IoT devices cybersecurity regulation

The UK’s government publishes its response to the call for views on proposals for regulating IoT devices’ cybersecurity from July 2020. The document provides an overview of the government’s intentions on regulating IoT devices’ cybersecurity. According to the plan, the government plans to create a new scheme of regulation to protect consumers from insecure IoT devices, including smart speakers, smart televisions, connected doorbells, and smartphones. The document details three main security regulatory requirements: banning universal default passwords, implementing a means to manage reports of vulnerabilities, and providing transparency on how long the product will receive security updates. The report also refers to creating an enforcement body that will be equipped with powers to investigate allegations of non-compliance, take steps to ensure compliance, and provide support to relevant economic actors to enable them to comply with their obligations. The document also summarizes the government’s feedback on its call for views and details the government’s response to the feedback received.