The Government is to introduce new legislation to protect millions of users of internet-connected household items from the threat of cyber hacks, forcing manufacturers to tighten up their privacy procedures.
Although the exact timetable has yet to be confirmed, the laws will now enter a second period of consultation, with Whitehall officials insisting they will be implemented "as soon as possible".
Designed to ensure all consumer smart devices sold in the UK adhere to three rigorous security requirements for the Internet of Things (IoT), they have been drawn up by the Department for Digital, Culture, Media & Sport (DCMS).
The measures have been developed in conjunction with industry and the National Cyber Security Centre (NCSC) and set a new standard for best practice requirements for companies that manufacture and sell consumer smart devices or products.
They rule that all consumer IoT device passwords must be unique and not resettable to any universal factory setting; manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner; manufacturers must also explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online.
Government research suggests there will be 75 billion IoT devices, such as TVs, cameras, home assistants and associated services, in homes around the world by the end of 2025.
Digital Minister Matt Warman said: "We want to make the UK the safest place to be online with pro-innovation regulation that breeds confidence in modern technology. Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety.
"It will mean robust security standards are built in from the design stage and not bolted on as an afterthought."
The Government’s ambition is to further develop legislation that effectively protects consumers, is implementable by industry and supports the long term growth of the IoT.
NCSC policy and communications director Nicola Hudson added: "Smart technology is increasingly central to the way we live our lives, so the development of this legislation to ensure that we are better protected is hugely welcomed.
"It will give shoppers increased peace of mind that the technology they are bringing into their homes is safe, and that issues such as pre-set passwords and sudden discontinuation of security updates are a thing of the past."
This follows the Government’s voluntary Secure by Design Code of Practice for consumer IoT security launched in 2018. The Code advocates for stronger cyber security measures to be built into smart products at the design stage, and has already been backed by Centrica Hive, HP and Panasonic.