Bill to ban sales of gadgets with poor cyber security to receive second reading

MPs are set to debate a new law to keep consumers’ phones, tablets, smart TVs, fitness trackers and other devices secure from cybercriminals.

It will place new cyber security requirements on the manufacturers and sellers of consumer tech which can connect to the internet or other devices.

The government says that under the bill, easy-to-guess default passwords which come programmed into digital devices and present an easy target for cybercriminals will be banned.

Manufacturers will have to be more transparent to customers about the length of time products will receive security updates for connectable products and create a better public reporting system for vulnerabilities found in those products.

Failure to uphold the measures could result in fines ​​of up to £10 million or four per cent global turnover, plus up to £20,000 per day in the case of an ongoing breach.

Ahead of introducing the bill in the House of Commons, Digital Secretary Nadine Dorries said:

“Whether it’s your phone, smart speaker or fitness tracker, it’s vital that these devices are kept secure from cybercriminals.

“Every product on our shelves has to meet all sorts of minimum requirements, like being fire resistant or a choking hazard and this is no different for the digital age where products can now carry a cyber security risk.

“We are legislating to protect people across the UK and keep pace with technology as it transforms our everyday lives.”

The bill will give ministers powers to put new requirements on the manufacturers, importers and distributors of consumer tech devices.

  • Along with other measures, firms will be required to ban universal default passwords which are pre-set on devices – such as ‘password’ or ‘admin’ – and are an easy target for cyber criminals. Any preloaded product passwords will need to be unique and not resettable to universal factory settings.

The new rules will also apply to products which can connect to multiple other devices but not directly to the internet, such as smart light bulbs, smart thermostats and wearable fitness trackers.