Makers of smart devices including phones, speakers, and doorbells will need to tell UK customers upfront how long a product will be guaranteed to receive vital security updates under groundbreaking plans to protect people from cyber attacks.
More on the news here:
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>This legislative progress is encouraging and should serve as an example to other European governments.</p> <p> </p> <p>The main challenge of high-tech legislation is to actually enforce the law: people may buy substandard IoT devices abroad in a few clicks, while customs have insufficient resources to monitor compliance with highly complicated legislation amid the influx of foreign goods. A toothless law will unlikely deter bad practices that it aims to regulate.</p> <p> </p> <p>It would, however, certainly be interesting to measure the impact of Californian IoT security law, enacted in 2018 and effective since 2020, on the consumer protection of Californians.</p> <p> </p> <p>Individual standing under the new law – one’s capacity to bring a private lawsuit seeking damages in addition to monetary fines issued by the government – is likewise essential to provide aggrieved individuals with redress and bring stronger incentives to comply with the law. Problematically, most of the insecure and dangerous IoT devices are manufactured in third-party countries that are oftentimes ignorant to any judicial cooperation with the UK authorities. Thus, however good the law will be, its practical enforcement will be decisive for its eventual success.</p>