UK Introduces New Cybersecurity Legislation for IoT Devices
The UK government has today introduced new legislation to Parliament that aims to better protect consumers’ IoT devices from hackers.
The Product Security and Telecommunications Infrastructure (PSTI) Bill places new cybersecurity standards on manufacturers, importers and distributors of internet-connectable devices, such as phones, tablets, smart TVs and fitness trackers. The legislation will also apply to products that can connect to multiple other devices but not directly to the internet, like smart light bulbs and smart thermostats.
These requirements include banning universal default passwords, forcing firms to be transparent about actions they are taking to fix security flaws in their products and creating a better public reporting system for any vulnerabilities discovered. In addition, these companies will have a duty to investigate compliance failures, produce statements of compliance and maintain appropriate records of this.
Failure to comply could result in heavy fines issued by a new regulator – up to £10m of 4% of their global turnover, as well as up to £20,000 a day in the case of an ongoing contravention. The regulator will also be given the power to require firms to comply with the security requirements, recall their products or stop selling or supplying them