• 07948 570815
  • This email address is being protected from spambots. You need JavaScript enabled to view it.


UK’s IoT cyber security law proposal gathers pace

UK’s IoT cyber security law proposal gathers pace

There has been a huge increase ownership of smart, connected internet of things (IoT) devices among the general public.

Which demonstrates the necessity of the UK government’s proposed new cyber security laws, according to the Department for Digital, Culture, Media and Sport (DCMS).

The department has recently published figures that show almost half (49%) of UK consumers have bought at least one smart device since the outbreak of the Covid-19 pandemic in 2020. Such products may appear to offer a huge range of benefits, yet many of them are highly vulnerable to cyber attacks.


Planned new legislation to address this shortfall in device security will force suppliers to tell users at the point of sale for how long their product will receive security software updates and patches.

DCMS said it would now also be putting smartphones in scope of the planned legislation in light of responses to a recent call for public input. It said research had shown up to a third of people keep their smartphones for at least four years, but many brands only offer security updates for two years.

Recent University College London research found that out of 270 products tested, none displayed this information at point of sale or in any accompanying paperwork.


“Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems,” said digital infrastructure minister Matt Warman.

“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.

“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”

The law will also ban suppliers from selling devices with universal default passwords preset and force them to provide public contacts to make vulnerability reporting easier.

NCSC technical director Ian Levy added: “Consumers are increasingly reliant on connected products at work and at home. The Covid-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough.

“DCMS’ publication builds on the 2018 Code of Practice and ETSI EN 303 645 to clearly outline the expectations on industry. To protect consumers and build trust across the sector, it is vital that manufacturers take responsibility and pay attention to these proposals now.”

Image by Gerd Altmann from Pixabay

laptop 365 advert

AdvertisementLaptop Keys UK

Newsletter Subscribe




More Cyber Articles

More Tech Help Articles

More Tech Bull Articles

© {2019} Tech Bull UK. All Rights Reserved. Powered by Tech Bull UK