IoT regulations: potential Government changes must strike a fine balance
The Government is setting out proposals to strengthen regulations around the Internet of Things (IoT), but there is a fine balance to be struck between protecting consumers and inhibiting innovation. Proposed regulations may force strong cyber security to be included in IoT devices by design, rather than leaving the consumer to make their own provision.
There is now a consultation on formal regulation within which are proposals that all IoT device passwords should be unique with no option for a ‘factory reset’, that manufacturers must provide a public point of contact for the reporting of issues, and that a minimum length of time must be stated during which a product will receive security updates.
The consultation proposes three possible ways to achieve this. The lightest regulation would see retailers mandated to sell only products bearing an IoT security label whose manufacturers have self-declared appropriate levels of cyber security in order to be able to apply the label. More rigorous would be mandating retailers to sell only products that adhere to the top three guidelines of the Code of Practice for IoT Security, whose manufacturers have self-declared this specific adherence. Toughest of all would be to mandate retailers to sell only products that adhere to all thirteen guidelines in the Code of Practice, the manufacturers again having self-declared this full adherence in order to display the IoT security label.
It is a difficult area to negotiate. Many consumers hanker for ever more technologically advanced and integrated technology in their homes and lives, but adopt it in the belief that appropriate cyber security is inbuilt. That is not always the case, leaving consumers vulnerable and manufacturers at risk of potentially ruinous legal action when things go wrong. However, putting the manufacturers under pressure may protect consumers whilst at the same time frustrating them by slowing innovation in this country that may be continuing unchecked elsewhere.
Ministers and officials are now considering the findings of the consultation process.