The U.K. government announced today that it will usher in new regulations for internet-enabled smart devices that can be used around the home.

In a press release, the Department for Digital, Culture, Media and Sport said smart devices in the home, commonly called the “internet of things,” are on the rise but many of the connected devices lack basic security features. The department said that in terms of user privacy, manufacturers also must ensure that users feel secure with their devices.

Following a seven-month consultation with the U.K.’s Government Communications Headquarters, academics, manufacturers and retailers, a “Code of Practice” was created for connected devices, including wearables, smart appliances, smart home devices, digital assistants and monitoring devices.

The new regulations will mean:

• IoT device passwords must be unique and not resettable to any universal factory setting.
• Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy.
• Manufacturers of IoT products explicitly state the minimum length of time for which the device will receive security updates.

“Adhering to these three requirements is not a ‘silver bullet’ but they are the first practical step towards more secure devices,” said Digital Minister Matt Warman (pictured). “Achieving full market compliance with these three guidelines will ensure consumers are being given important protection against the most basic vulnerabilities.”

In the past, IoT devices have been sold with simple default passwords that at times could not be changed, while if vulnerabilities did occur, the manufacturer has had no way in getting touch with the customer. As for the last point, some manufacturers have not explained to customers how long support and updates will last. Sometimes support was just cut off without warning.

“Whilst the U.K. Government has previously encouraged industry to adopt a voluntary approach, it is now clear that decisive action is needed to ensure that strong cyber security is built into these products by design,” said Warman.

The new regulations are just the start, Warman said, adding that in the future the Code of Practice will require manufacturers to adhere to updated regulations. He said a “staged approach” to regulation should allow those manufacturers to get up to speed.

Photo: Gov.UK