On July 16th 2020, the UK Government launched a call for views on its proposals for regulating consumer smart product cyber security. This regulation would follow the publication of the Code of Practice for Consumer Internet of Things Security, published in 2018. The scope of the new regulation would include AI-based products such as smart home assistants or connected home automation.
The government proposed different cybersecurity requirements:
- Ban universal default passwords in consumer smart products
- Implement a means to manage reports of vulnerability, i.e. “a transparent route for external parties to report vulnerabilities and receive useful feedback, allowing third parties to report security vulnerabilities to the manufacturer”.
- Provide transparency on for “how long, at a minimum, the product will receive security updates”
The proposed regulation also includes an obligation for ‘producers’ to meet the security requirements before supplying or making a product available on the market, and a requirement of ‘duty of care’ on ‘distributors’. If adopted, the regulation would be enforced by an enforcement body, which will be designated later by the government.
Finally, the UK Government stressed its wish to work with a wide range of stakeholders:
Responses to the call for views should be submitted before September 6th, 2020.
Source : https://www.gov.uk/government/publications/proposals-for-regulating-consumer-smart-product-cyber-security-call-for-views/proposals-for-regulating-consumer-smart-product-cyber-security-call-for-views