the proposal Telecommunications Infrastructure and Product Security Bill will receive its second reading today in the House of Commons in a debate that will be opened by the current digital secretary Nadine Dorriessince it takes an important step forward to become law.
The bill, which calls for better cyber protections for smartphones and other smart or Internet-of-Things (IoT)-connected devices, has been years in the making. Its scope has been broadened over time to include new provisions that are supposed to boost the deployment of full fiber broadband services by making it easier for operators to upgrade and share infrastructure, and reforming the negotiation process with landowners whose property they need access to.
In essence, it imposes strict new requirements on manufacturers and retailers of connected consumer technology, banning easy-to-guess default passwords programmed into devices, creating a vulnerability reporting system, and forcing manufacturers to be upfront about how long they will receive their products. security updates
Failure to comply could result in fines of up to £10 million, or 4% of global turnover, and up to £20,000 per day for continued breaches.
“Whether it’s your phone, smart speaker or fitness tracker, it’s critical these devices are protected from cybercriminals,” Dorries said.
“Every product on our shelves has to meet all sorts of minimum requirements, like being fire resistant or [noting if it’s] a choking hazard, and this is no different for the digital age, where products can now carry a cybersecurity risk.
“We are legislating to protect people across the UK and keep pace with technology as it transforms our daily lives,” he said.
The bill will apply to any device that can access the internet, including smartphones and smart TVs, game consoles, connected security cameras and alarms, smart toys and baby monitoring kit, smart home hubs and voice-activated assistants. (such as Alexa) and connected appliances. such as washing machines and refrigerators.
Also in scope will be products that, while able to connect to other devices, do not directly access the internet on their own, such as smart light bulbs and thermostats or wearable fitness trackers.
Matthew Evans, Director of Markets at Tech UK, he said: “The industry has long supported the shared ambition of improving the cyber resiliency of devices and has worked with DCMS on the secure design agenda for the past five years. Most providers already adhere to the principles of the legislation and, if implemented in practice, this will protect consumers and ensure they have access to a wide range of connected devices.
“TechUK also welcomes the government’s efforts to reform the Electronic Communications Code, which is essential to speeding up the rollout of gigabit and 5G infrastructure. The industry looks forward to more clarity on code amendments to ensure we can provide the connectivity consumers and businesses need,” he added.
consumer rights organization Which?which has taken an active role in the development of the bill through various consultations and stakeholder engagement, welcomed news of its progress.
“Smart home products can bring great convenience to our daily lives, however, time and time again we have discovered security flaws that can leave people vulnerable to scams, data breaches and even put their security at risk, which is why this new legislation is an important first step,” said Rocío Concha, director of policy and advocacy.
“However, it is vital that new rules are applied to online marketplaces, where Which? has frequently encountered unsafe products being sold en masse. The government must also clarify how compensation for products that do not meet safety requirements will work within the existing framework of consumer rights.
“The bill must be supported by a strong and well-resourced enforcement regime that reflects the many different ways smart products are manufactured and sold to consumers,” added Concha.