Why you can trust us

Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.

UK mulls security warnings for smart home devices

It might prohibit retailers from selling products without the labels.

In an attempt to secure the millions of connected devices that find their way into homes in the UK, the government is considering baseline security requirements for Internet of Things products. The new rules could include mandatory labels that tell customers how secure a device is, and retailers could be prohibited from selling anything without an IoT security label. The UK has only just begun the consultation process, though, so these rules won't be written into law just yet.

If adopted, the mandates might also require unique IoT device passwords that can't be reset to universal factory settings. They could demand that manufacturers offer a point of contact as part of a vulnerability disclosure and that manufacturers state the minimum length of time a device will receive security updates. Following the government's consultation period, the security label initiative will launch as a voluntary measure, meant to help customers determine which products have basic security features.

This isn't the first time the UK has shared its ideas on how to make the internet safer, and last year, it passed regulation allowing the government to fine "critical infrastructure" companies up to £17 million if they have inadequate cybersecurity defenses. It's not clear yet if these new IoT mandates will include any fines.