If you use assistive technology (such as a screen reader) and need a
version of this document in a more accessible format, please email email@example.com.
Please tell us what format you need. It will help us if you say what assistive technology you use.
In March 2018 the Government published the Secure by Design report which advocated a fundamental shift in approach to securing IoT devices, by moving the burden away from consumers and ensuring that security is built into products by design. Central to the report was a draft Code of Practice primarily for manufacturers of consumer IoT devices and associated services. An informal consultation on the report and its proposed policy interventions was undertaken.
In October 2018 the Government is published the finalised Code of Practice for Consumer IoT Security. To simplify implementation of its thirteen guidelines, we are also publishing a mapping document that links the Code’s thirteen guidelines to existing recommendations and standards on IoT security. This mapping is also available as an open data JSON file and an interactive version is available on https://iotsecuritymapping.uk.
Whilst the Code is voluntary, implementing its 13 guidelines may help organisations achieve compliance with applicable data protection laws, such as the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). The Government’s ambition is for appropriate aspects of the Code of Practice to be legally enforceable and has commenced work to map out the impacts of regulatory intervention and to consider which aspects of regulatory change are necessary with further details to be shared in due course.
Tech companies HP Inc. and Centrica Hive Ltd are the first companies to sign up to commit to the code and the Government encourages other manufacturers and retailers to follow suit.
In addition, the Government is also publishing Consumer Guidance on Smart Devices in the Home to support the UK public with setting-up, managing and improving the security of their devices. This guidance has been produced in collaboration with industry and academic experts, the National Cyber Security Centre and consumer organisations.
Finally, the Government is publishing its response to the informal consultation from March, which sets out the intended future work in this area.
If your organisation would like to discuss making a pledge to implement the Code, please contact the Secure by Design team - firstname.lastname@example.org.
New additions to page: Code of Practice for consumer IoT security; Consumer guidance for smart devices in the home; Government response to the Secure by Design informal consultation; Rapid evidence assessment on labelling schemes and implications for consumer IoT security; Mapping of IoT Security Recommendations, Guidance and Standards to the UK's Code of Practice for Consumer IoT Security; and supporting JSONs.