The UK's Product Security and Telecommunications Infrastructure (PSTI) Act mandates IoT manufacturers to implement cybersecurity practices like avoiding default passwords, providing security update timelines, and reporting vulnerabilities, with penalties of up to £10m or 4% of global revenue; the law also covers imported products, emphasizing consumer security, while critics argue for stricter standards, and it aligns with the ETSI EN 303 645 standard, focusing on key IoT security aspects, as the National Cyber Security Centre offers guidance for consumers and retailers, emphasizing post-purchase security measures and software updates to enhance overall cybersecurity in the IoT ecosystem.
https://www.infosecurity-magazine.com/news/smart-device-security-law-today/