Cyber security

New government cyber security laws to protect smart devices

Makers of smart devices including phones, speakers and doorbells will need to tell customers upfront how long a product will be guaranteed to receive vital security updates under government plans to protect people from cyber attacks.

New figures commissioned by the government show that 49% of UK residents have purchased at least one smart device since the start of the Covid-19 pandemic.

These everyday products, such as smartwatches, TVs and cameras, offer a huge range of benefits, yet many remain vulnerable to cyber attacks and just one vulnerable device can put a user’s network at risk.

To counter this threat, the government is planning a new law to make sure virtually all smart devices meet these requirements:

  • Customers must be informed at the point of sale the duration of time for which a smart device will receive security software updates.
  • A ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’, that are often preset in a device’s factory settings and are easily guessable.
  • Manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.

Smartphones are the latest product to be put in scope of the planned Secure By Design legislation and following a call for views on smart device cyber security, the government has responded.

It comes after research from a consumer group found a third of people kept their last phone for four years, while some brands only offer security updates for a little over two years.

The government continues to urge people to follow National Cyber Security Centre (NCSC) guidance and change default passwords, as well as regularly update apps and software to help protect their devices from cyber criminals.

Commenting, Minister for Digital Infrastructure, Matt Warman said: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.

“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy, and are making devices harder to break into by banning easily guessable default passwords.

“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”


Security updates are a crucial tool for protecting people against cyber criminals trying to hack devices.

The government believes that by forcing tech firms to be upfront about when devices will no longer be supported, the law will help prevent users from unwittingly leaving themselves open to cyber threats by using an older device whose security could be outdated.

Last month, Digital Secretary, Oliver Dowden, set out his ten tech priorities which included keeping the UK safe and secure online, and the government published its Integrated Review of defence and security.

The government also played a vital role in developing the first major international standard for consumer device cyber security to help manufacturers protect consumers around the world from falling victim to cyber attacks.

National Cyber Security Centre Technical Director, Dr Ian Levy added: “Consumers are increasingly reliant on connected products at work and at home. The Covid-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough.

“DCMS’ [Department for Culture, Media and Sport] publication builds on the 2018 Code of Practice and ETSI EN 303 645 to clearly outline the expectations on industry.

“To protect consumers and build trust across the sector, it is vital that manufacturers take responsibility and pay attention to these proposals now. It is also important to support uptake of good practice and provide industry with opportunities to innovate.

“I’m pleased to see the pilots, funded by DCMS, begin to test ways in which customers will be able to gain confidence in the security of these devices.”

The government intends to introduce legislation as soon as parliamentary time allows.

Public Sector Executive, Feb/March, Cover

PSE Feb/March, 23

Greater choice, greater results

Our February/March 2023 edition of PSE brings you expert comment and analysis on a range of key public sector topics, from EV infrastructure to Digital transformation and reducing carbon emissions. Learn how the UK Government is investing in highway and freight innovation or read Cllr Matthew Hicks discuss the first step towards an exciting future for Suffolk, alongside so much more…

Videos...

View all videos
#PSE365: Public Sector Decarbonisation

Be A Part Of It!

PSE365: Public Sector Decarbonisation Virtual Event | 21 Mar 2023

PSE has created a full calendar of events to address the most important issues that influence the delivery of public sector services. 

Over 365 days you’ll have the opportunity to hear from a range of highly motivating, informative and inspirational speakers. These speakers will equip you with knowledge and unique insight to enable you to overcome the challenges that you face.

Industry Survey

What are the biggest issues facing the Public Sector?

 Public Sector Executive is undergoing some in-depth research around the issues the Public Sector is facing and the importance of deploying and using new technology within Public Sector organisations. 

We are asking for your help to better understand how public sector organisations are utilising technology to support their digital strategy and your opinion on what the biggest issues facing the public sector are.

This survey only takes a couple of minutes to complete and to thank you for your time and for filling out our survey, we'll enter you into a prize draw to win a £50 Amazon voucher.

In order to assist public sector organisations with improving their existing technology estate, we hope to leverage our findings to share best practises and innovations across the public sector.

More articles...

View all