The U.K. has implemented laws requiring IoT devices to comply with minimum cybersecurity standards to prevent attacks exploiting default passwords, with regulations demanding unique passwords, vulnerability reporting channels, and security update guarantees
The country aims to enhance national cybersecurity defense and be a global leader by enforcing rules on manufacturers, importers, and distributors, ensuring devices are built securely, combatting vulnerabilities that nation-state hackers exploit, such as Mirai variants. The law has replaced a voluntary code introduced in 2018 and requires manufacturers to provide security updates for a specified time, establishing a point of contact for security bug reporting, and offering unique passwords among other requirements. The law, enforced by the Office for Product Safety and Standards, represents a significant step to improve consumer protection, boosting trust in connectable devices, supporting national cybersecurity resilience, and promoting informed consumer decisions based on manufacturers' security support period. ```https://www.bankinfosecurity.com/secure-by-design-uk-enforces-iot-device-cybersecurity-rules-a-24964