IoT security Requirements

 Our new law will hold firms anufacturing and selling internet-connected devices to account and stop hackers threatening people's privacy and safety," said Matt Warman, minister for digital and broadband at DCMS.

They also follow on from the previously suggested voluntary best practice requirements, but the legislation would require that IoT devices sold in the UK must follow three particular rules to be allowed to sell products in the UK. They are:

• All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting
• Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner
• Manufacturers of consumer IoT devices must explicitly state the minimum length of time that the device will receive security updates at the point of sale, either in store or online