Credit: LittleVisuals/Pixabay
New legislation on consumer tech security requirements will make the UK the first country in the world to offer such legal protections for smart doorbells, a minister says.
The Product Safety and Telecoms Infrastructure Act – which received royal assent and came into force in December – lays down measures manufacturers of connected devices must comply with. This includes the requirement that all devices be sold with a unique password and not provide users with a way to then reset this to a generic default option.
Companies that sell internet-connected devices – which now includes products like televisions and refrigerators, as well as phones and smart speakers – must also provide clear information at the point of sale about how long the products will receive patches and other security updates. Buyers must be kept informed of any subsequent changes to this policy.
Related Content
The regulatory enforcement system for the law – which the government says could carry fines of millions of pounds for breachers – has yet to be put in place.
But according to Paul Scully, a minister at the recently created Department of Scientific Innovation and Technology, such regulations will be passed shortly. According to this, this country will offer world-leading protection for “connected consumer products – including smart doorbells – sold to British customers”.
“The Government is committed to ensuring that the benefits that connected technologies bring to individuals and the economy do not come at the expense of consumer safety,” he said in response to a written parliamentary question from Labor Party shadow digital secretary Stephanie Peacock.
Scully added: “Regulations to implement the new law will soon be in place, making the UK market the first in the world to benefit from these new safeguards. Manufacturers of consumer products that are sold to consumers in the UK must stop using universal default passwords and easily guessable default passwords. The regulations will also require these manufacturers to publish a vulnerability disclosure policy on how to report security issues affecting their products, as well as information on the minimum length of time the manufacturer will provide security updates to the product.”
