Policy paper

Secure by Design

This report sets out the Government's work to help ensure the consumer "internet of things" (IoT) is secure by design, with security built in from the start.


Secure by Design report

Literature Review


The Government’s ambition is to make the UK the most secure place in the world to live and do business online, and the best place in the world to start and grow a digital business.

This report advocates a fundamental shift in approach: moving the burden away from consumers having to secure their devices and instead ensuring strong security is built into consumer “internet of things” (IoT) products by design. It also sets out the need for greater action by Government and industry, and proposes a range of measures to better protect citizens and the wider economy.

The central proposal of this report is a draft Code of Practice aimed primarily at manufacturers of consumer IoT products and associated services. It has been developed through extensive engagement with industry and subject matter experts and sets out thirteen practical steps to improve the security of consumer IoT.

IoT security is a global challenge requiring global collaboration. The Government is working with international partners and through international organisations to collectively take action to secure consumer IoT products and associated services at every stage of their lifecycle.

The publication of this report, and particularly the draft Code of Practice, is intended to stimulate further dialogue with industry, international partners, academic institutions and civil society. Further details on how to provide input on the proposed interventions are included in the report.

Also being published alongside this report is a literature review which sets out a range of evidence, international activity and recommendations on the subject of IoT security.

Published 7 March 2018