United Kingdom Introduces Regulations For IoT Devices

Table of Contents

The United Kingdom has announced a new law concerning the security of Internet of Things (IoT) devices. Digital Minister Matt Warman announced that all connected devices sold in the United Kingdom must adhere to three requirements:

  • All IoT devices must have a unique password that can’t be reset to it’s universal factory setting.
  • IoT device manufacturers must provide a “public point of contact” for users to report vulnerabilities, to be dealt with in a “timely manner”.
  • Manufacturers of IoT devices must also state the minimum length of time that they’ll be updating their devices’ security. This information must be explicit wherever the device is sold, be it online or in a store.

Related: European Union Might Regulate Internet of Things 

Bulbrite Solana Standard Color Smart Platform Integrations
The box for the Bulbrite Solana Standard Color bulb, an IoT device.

In a press release from the Department for Digital, Culture, Media and Sport (DCMS), Warman said,

“We want to make the UK the safest place to be online with pro-innovation regulation that breeds confidence in modern technology. Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety. It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”

DCMS developed these regulations with the National Cyber Security Centre as well as private industry. The government plans on further developing legislation regarding IoT devices to protect consumers. Previously in 2018, the United Kingdom government passed the Secure by Design Code of Practice, which said that security measures should be implemented in the design stage of IoT products. As there will be 75 billion IoT devices by the last months of 2025, the government of the United Kingdom seeks to prevent cyber hacks.

Internet of Things Legislation in the United States

Currently, there is no federal legislation regarding IoT devices in the United States. California was the only state to pass legislation regarding the cybersecurity of connected devices. Under this law, which went into effect on the first day of 2020, IoT device manufacturers must include “reasonable security features” including a unique, pre-programmed password for each device as well as authentication when using the device for the first time. Since it’s passing last May, no other state has passed any IOT cybersecurity legislation.


Why does IoT require security?

Iot devices require security because without it, they can be hacked into, which means that hackers could gain access to your personal information. That may include your email, address, payment information, and more. Hackers could also infringe on your privacy, remotely controlling devices in your home or even spying on you through Wi-Fi connected security cameras.

How can I secure my Internet of Things?

There are a few different actions to take to secure your Internet of Things devices. You can use a secure router, enable two or multi-factor authentication on your devices, creating long, complicated and unique passwords for each device, and routinely perform security updates.

What does the Internet of Things include?

The Internet of Things includes a plethora of different devices like light bulbs, plugs, security cameras and systems, video doorbells, Bluetooth trackers, and more.

Aliza Vigderman

Aliza Vigderman

Aliza is a journalist living in Brooklyn, New York. Throughout her career, her work has spanned many intersections within the tech industry. At SquareFoot, a New York-based real estate technology company, she wrote about the ways in which technology has changed the real estate industry, as well as the challenges that business owners face when they want to invest in property. At Degreed.com, an education technology website, Aliza created digital content for lifelong learners, exploring the ways in which technology has democratized education. Additionally, she has written articles for The Huffington Post as well as her own content on Medium, the online publishing platform. Aliza’s love of journalism and research stems from the excellent Journalism program at Brandeis University. At Brandeis, Aliza interned as a research assistant at the Schuster Institute for Investigative Journalism, a non-profit “news room without walls”. There, Aliza was paired with an investigative journalist and used academic databases to obtain data on everything from the suicide rates in Bhutan to local Boston court cases. Her last position was as an account executive at Yelp, educating business owners on the power of technology to increase revenue. Throughout, however, her heart remained with tech journalism, and she’s thrilled to be writing for Security Baron. When she’s not keeping afloat of the latest tech trends, Aliza likes to cook, read, and write. A former high school “Class Clown,” Aliza has completed two feature-length screenplays, a pilot, and countless comedic sketches. On her days off you can find her relaxing in Prospect Park, trying the latest flavors at Ample Hills Ice Cream, and spending time with friends and family.