MPs to debate landmark IoT security law

The proposed Product Security and Telecoms Infrastructure Bill will receive its second reading in the House of Commons today in a debate to be opened by current digital secretary Nadine Dorries, as it takes a significant step forward towards becoming law.

The bill – which mandates improved cyber protections for smartphones and other smart or connected internet of things (IoT) devices – has been years in the making. Its scope has expanded over time to include new provisions that will supposedly spur the roll-out of full-fibre broadband services by making it easier for operators to upgrade and share infrastructure, and reform the process of how they go about negotiating with landowners to whose property they need access.

At its core it places strict new requirements on the manufacturers and retailers of connected consumer technology, banning easy-to-guess default passwords programmed onto devices, creating a vulnerability-reporting system, and forcing manufacturers to be upfront about how long their products will receive security updates.

Failure to comply could result in fines of up to £10m, or 4% of global turnover, and up to £20,000 for every day in the case of ongoing breaches.

“Whether it’s your phone, smart speaker or fitness tracker, it’s vital that these devices are kept secure from cyber criminals,” said Dorries.

“Every product on our shelves has to meet all sorts of minimum requirements, like being fire resistant or [noting if it’s] a choking hazard, and this is no different for the digital age where products can now carry a cyber security risk. 

“We are legislating to protect people across the UK and keep pace with technology as it transforms our everyday lives,” she said.

The bill will apply to any device that can access the internet, including smartphones and smart TVs, games consoles, security cameras and connected alarms, smart toys and baby monitoring kit, smart home hubs and voice activated assistants (such as Alexa) and connected appliances such as washing machines and fridges.

Also in scope will be products that, while they can connected to other devices, do not directly access the internet themselves – such as smart lightbulbs…