New IoT cyber security laws - How manufacturers can prepare for

UK leads the way in IoT cyber security

The landmark Product Security and Telecoms Infrastructure Bill is currently being debated in UK parliament. This world-leading law will to help improve IoT cyber security and keep internet connected devices – such as phones, tablets and smart TVs – secure from cyber criminals.

The bill is set to prohibit the UK sales of connectable digital products with poor cyber security. New requirements will be placed on manufacturers and distributors of products that are able to connect to the internet or other devices.

The UK’s Digital Secretary, Nadine Dorries, said ‘Every product on our shelves has to meet all sorts of minimum requirements, like being fire resistant or a choking hazard. This is no different for the digital age where products can now carry a cyber security risk.’

Similar legislation is set to be rolled out across the EU.

Key facts about the Product Security and Telecoms Infrastructure Bill

When the new bill will make it harder for cyber criminals to hack internet connect products by:

• banning easy-to-guess default passwords, such as ‘admin’ or ‘1234’
• ensuring manufacturers are transparent about how long security updates will be available for their internet connected products
• ensuring a readily available public point of contact to make it easier for software flaws and bugs to be reported.

The law will apply to all devices that can access the internet, which include, but are not limited to:

• smart TVs
• games consoles
• security camera and alarm systems
• smart toys
• baby monitors
• smart home hubs
• smart home appliances such as washing machines and fridges

It also applies to products that can connect indirectly to the internet via other devices, such as smart light bulbs, smart thermostats and wearable fitness trackers.

Failure to comply could result in fines ​​of up to £10 million, or four per cent of global turnover. Fines of up to £20,000 per day will also apply in the case of an ongoing breach.

In certain cases, the designated regulator will have the power to recall non-compliant products, or stop the sale and supply of them altogether.

This is great news for consumers, but how can tech manufacturers and distributors prepare for this IoT cyber security legislation?

IoT Security Assured Certification

At Assure Technical, we have been an IASME Certification Body since 2016. Since then we have successfully certified 100s of companies with cyber security certifications such as Cyber Essentials.

Assure Technical are one of the first Certification Bodies to offer IoT Security Assured. IoT manufacturers and distributors can rely on our experience and fast, pain-free service to gain certification and be ahead of the curve when the new law comes into place.

We pride ourselves in offering an excellent level of service, which is reflected in our 4.8* Trustpilot rating.  We understand the needs of our clients and partners, delivering a pragmatic and flexible service to protect their information and assets. 

At Assure Technical, our people-first approach helps make security simple.