In order to drive greater adoption of IoT, the public needs to feel comfortable that the products and services they buy or use are not only fit for purpose in terms of functionality, but that they also protect them from potential cyber-related threats.
Legislation passed in other countries is likely to affect Scottish companies looking to export IoT devices and provide IoT services into these countries.
In October 2018, the UK Government Department for Digital, Culture, Media & Sport (DCMS) published the Code of Practice for Consumer IoT security.
These guidelines are aimed at everyone involved in the development, manufacture, service provision and retail of consumer IoT devices and services to ensure that they are ‘secure by design’.
The code considers consumers to be all end-users of IoT products and services. Products include children’s toys, smart cameras and TVs, wearable health trackers, home automation and safety products such as smoke detectors and burglar alarms.
While focused on products and services typically used in the home, the general principles are applicable to those used in commercial and industrial environments.
The new EU Cyber Security Act will come into force providing ENISA, the European Union Agency for Cybersecurity, an ongoing mandate to help the EU achieve a common, high-level of cyber security across all member states through better communication and collaboration.
Other regulation activities in IoT-related cyber security elsewhere in the world include the approval of the Californian Security of Connected Devices bill in USA.