In an attempt to secure the millions of connected devices that find their way into homes in the UK, the government is considering baseline security requirements for Internet of Things products. The new rules could include mandatory labels that tell customers how secure a device is, and retailers could be prohibited from selling anything without an IoT security label. The UK has only just begun the consultation process, though, so these rules won't be written into law just yet.
If adopted, the mandates might also require unique IoT device passwords that can't be reset to universal factory settings. They could demand that manufacturers offer a point of contact as part of a vulnerability disclosure and that manufacturers state the minimum length of time a device will receive security updates. Following the government's consultation period, the security label initiative will launch as a voluntary measure, meant to help customers determine which products have basic security features.
This isn't the first time the UK has shared its ideas on how to make the internet safer, and last year, it passed regulation allowing the government to fine "critical infrastructure" companies up to £17 million if they have inadequate cybersecurity defenses. It's not clear yet if these new IoT mandates will include any fines.