Smart products including TVs, smartphones, speakers and toys will have to be sold with basic security protections against hackers under a new law announced by the government.
The law - called the Product Security and Telecommunications (PSTI) bill - will aim to prevent the sale of insecure connected consumer products in the UK, and includes fines of up to £10m for manufacturers, importers and distributors that fail to comply with the requirements.
We are all buying more smart products, with the average UK household now having more than nine connected devices.
Despite consumers largely assuming that any connected products on sale are secure, just one in five manufacturers apply basic security requirements for their connected products, according to government research.
Cybercriminals are increasingly targeting our smart devices for purposes of fraud, surveillance and other malicious purposes.
In July 2021, we filled a home with smart devices and it was bombarded with more than in a single week. This included a camera that was successfully hacked using a default password and the video feed accessed to spy on us.
While products must comply with a range of rules to prevent them from causing physical harm to your safety, similar requirements are not place to protect you from security or privacy threats
The PSTI bill has three core measures designed to increase security standards, including;
A new regulator will be appointed to oversee the new rules, and have the power to fine companies for non-compliance up to £10 million or four per cent of their global turnover.
Alongside product manufacturers, the rules also apply to store and online retailers, which could be forbidden from selling products to UK customers unless they meet the required security standards and pass on important information, such as about software updates, to consumers
The Bill applies to all connected products that can access the internet to function, including smartphones, smart TVs, security cameras, baby monitors and more.
It also applies to smart devices that don't directly connect to the internet, but possibly use a hub or bridge to get online, such as a smart light bulb or wearable fitness tracker.
Exempt from the law are laptop and desktop computers, as they have various options for malware and virus protection, along with connected cars, smart meters, electrical vehicle charging points and medical devices.
The government has also said it will not regulate the security of second hand smart devices currently, but the Bill gives ministers the power to extend to scope at a later date to include this.
Minister for Media, Data and Digital Infrastructure Julia Lopez said: 'Every day hackers are making attempts to worm their way into our smart devices. Most of us assume if it's for sale, it's safe. Yet many are not, which has caused countless lives to be ruined by fraud and theft.
'Our Bill will put a firewall around everyday tech from phones and thermostats to dishwashers and doorbells, and see huge fines for those who fall foul of tough new security standards.'
Rocio Concha, Which? Director of Policy and Advocacy, said: 'Which? has worked with successive governments on how to crack down on a flood of poorly-designed and insecure products that leave consumers vulnerable to cyber-criminals - so it is positive that this Bill is being introduced to parliament.
'The government needs to ensure these new laws apply to online marketplaces, where Which? has frequently found security-risk products being sold at scale, to prevent people from buying smart devices that leave them exposed to scams and data breaches.'