• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Bedfordshire
  • Milton Keynes
  • Northamptonshire
  • Awards
  • Knowledge Hub
  • Contact Us
  • About Us
    • Sustainability
    • The Podcast
    • ATB TV
All Things Business

All Things Business

First For Local UK Business News

  • Education
  • Professional Services
    • Legal
    • Finance
    • Recruitment & HR
    • Creative Marketing
  • Property
  • Environment
    • Wellbeing
  • Industry
    • Industry
    • Manufacturing
    • Motors
    • Logistics
    • Technology
  • Events
    • Events
    • Food & Drink
    • Sport
  • News

Legislating for security in the technological age

News, Technology | December 1, 2021

Controlling smart kitchen appliance with mobile application

Over recent months, the number of smart devices purchased by UK consumers has increased significantly, with the Department for Digital, Culture, Media and Sport, reporting around 49% of UK residents have purchased such a device since March 2020.

However, whether these devices employ sufficiently robust security measures to prevent cyber attacks is a long-standing question and something that the government is attempting to rectify through the introduction of legislation on the matter. 

What is the Internet of Things? 

The Internet of Things (IoT) is the term given to the interconnection of everyday objects, such as smart TVs, fitness trackers and smartphones, via the internet, resulting in the ability for them to send and receive data.  

For example, the connection between your smartphone and fitness tracker allows you to receive messages, control your music streaming app and then provide you with data regarding your heart rate, calories burned and average pace. 

According to the government, the primary aim of any proposed legislation is to ensure devices are secure and that technological advancement does not come at the cost of consumer security, currently one of the most frequently cited barriers to growth in this sector.

Examples of cyber attacks against IoT products, such as Amazon’s Ring home security camera, when hacked devices resulted in owners being harassed through the two-way communication functions, demonstrate consumers’ concerns are justified. 

Red Internet of things key on a black computer keyboard

What will the legislation say? 

The legislation seeks to prohibit the sale of certain connected devices that do not meet three security requirements: 

  • Using universal and easily guessed passwords such as ‘password’ by default will be banned. This will apply to the device itself and also to pre-installed apps, irrespective of whether they were produced in-house by the device manufacturer or a third party.
  • Providing a public point of contact for customers to report vulnerabilities to the manufacturer, ensuring they are resolved more quickly. The Internet of Things Security Foundation demonstrated in 2018 that less than 10% of global consumer companies offered such a facility. 
  • Informing consumers at the time of purchase, about the minimum period for which security updates will be provided for the device, which is currently around two years, despite research showing that 33% of consumers kept their last mobile phone for around four years.

The code has been designed to expand on the UK Government’s existing Code of Practice for Consumer IoT Security, published in 2018, and align with international standards including EN 303 645, which was adopted in 2020. 

Who and what does it apply to? 

At present there is a non-exhaustive list of the products that come within the scope of the legislation, including smartphones, connected cameras, TVs and speakers, wearable connected fitness trackers and smart home assistants.

Notably, devices used in industrial and business settings are not within scope and nor are second-hand smart products and devices such as laptop and desktop PCs that do not have cellular connection capabilities. 

The legislation will apply to those within the consumer smart device supply chain, including manufacturers, representatives, importers and distributors. Manufacturers will be required to publish a publicly accessible declaration of conformity on their website, take action if a product reaches the market that falls foul of the security requirements and also to cooperate with enforcement authorities when this happens.

Where the manufacturer is based in another jurisdiction, the obligations that they would ordinarily be subject to, will be passed on to the authorised representative (if applicable) or the importer of the products (if not).

Finally, distributors such as wholesalers and retailers will fall within the remit of the legislation and be expected to verify the presence of the required declaration of conformity and to comply with enforcement activities. 

A person sees a white inscription on a black smartphone display

Enforcement and non-compliance 

The government has stated that the enforcement body will have the ability to ‘investigate allegations of non-compliance and to take steps to ensure compliance’.

Specifically, the powers will include the powers of search and entry, information sharing, the ability to serve corrective measures, sanctions and, should a case be deemed serious enough, the power to bring criminal proceedings.

However, it has also confirmed that there will be a grace period between the legislation receiving royal assent and coming into force, giving businesses an opportunity to adapt. 

Key considerations

The above will only be a starting point and through the use of secondary legislation, is likely to become broader in scope as time passes. Therefore, early compliance is not only likely to assist in convincing consumers their cyber security is a priority, but also as the scope broadens, in ongoing compliance due to the foundations already being in place. 

Although there is no official start date for the legislation, it is expected to be introduced ‘when parliamentary time allows’, so those likely to be affected by it should remain
vigilant and begin considering the impact on their business accordingly.

Peter Kouwenberg is an Associate Solicitor in the Corporate and Commercial department of Taylor Walton Solicitors and specialises in providing data protection advice.

He also deals with all types of commercial contract including terms and conditions of business, distribution agreements and subcontracting. 

For more information call Taylor Walton Solicitors on 01582 731161 or visit 

www.taylorwalton.com

Peter Kouwenburg

Peter Kouwenberg

Associate Solicitor 

Taylor Walton Solicitors 

 

Bedfordshire

Related stories

  • Bedford Blues Supporters Bedfordshire
    July 1, 2022

    Get ready now for an exciting season ahead

    Season tickets for Bedford Blues’ upcoming 2022/23 Championship campaign are now on sale. Membership offers supporters the opportunity to enjoy another scintillating…
  • Taylor Walton: Experience Feeds Into Plans For The Future - All Things Business Bedfordshire
    July 1, 2022

    Experience Feeds Into Plans For The Future – All Things Business

    Taylor Walton, a renowned regional law firm working from offices in Luton, St Albans and Harpenden, can trace its roots back more…
  • Joining forces with charity in bid to enlist donors Bedfordshire
    July 1, 2022

    Joining forces with charity in bid to enlist donors

    Leighton Buzzard-based Peli BioThermal has pledged its support to leading blood cancer charity DKMS UK to help with the charity’s fight against…

Primary Sidebar

Stay up to date on All Things Business

Get the latest business round ups, stories and ATB podcasts delivered straight to your inbox.

All Things Business Podcast

Online Edition

Northamptonshire edition, click here
Milton Keynes edition, click here
Bedfordshire edition, click here

Most Read

  • Plumbing and Gas Solutions Strategic changes to drive service to the next level
  • Scott Norville Setbacks prove challenging for lease firm and its clients
  • Eddisons Eddisons makes £1.8m property agency acquisition, strengthening Midlands operation
  • Avery Creative Motivation to find the courage to make changes
  • AFP Services AFP Services – CIMA “SME of the Year” 2022

Footer

REGIONS

Northamptonshire
Milton Keynes
Bedfordshire
 

COMPANY

About Us
Contact
Awards
Podcast
Knowledge Hub
Sustainability
Request A Copy

Northamptonshire Office

1 Queensbridge, Northampton
NN4 7BF
Tel: 01604 267677

Milton Keynes and Bedfordshire Office

The Pinnacle, 170 Midsummer Boulevard, Milton Keynes,
MK9 1BP
Tel: 01908 030688

London Office

25 Bedford Square
London
WC1B 3HH
Tel: 0208 1760176

Follow us on

  • Facebook
  • Instagram
  • LinkedIn
  • Twitter

All Things Business is a publication produced by All Things Management Ltd. Registered in England No. 9590677


Privacy Policy