FCC launches consultation on IoT labelling

  • September 13, 2023
  • William Payne

The US Federal Communications Commission (FCC) has launched a consultation on its plans for IoT cybersecurity labelling. It is inviting comments and responses from industry, users and members of the public.

The FCC is proposing a cybersecurity labelling scheme for consumer IoT and smart devices. It will allow consumers to choose products that have a guarantee of cybersecurity protection and patches. The Commission believes the new scheme will increase consumer protection and confidence in the security of connected devices.

Details of the new scheme are laid out in the FCC 23-65A1 NPRM document.

The US Cyber Trust Mark is a voluntary scheme, unlike parallel schemes in Europe which are mandatory. Once committed and holding the FCC cybersecurity label, manufacturers must ensure that their devices remain secure and patched in a timely fashion.

The FCC is currently still deciding on multiple aspects of the proposed new scheme. One area still to be settled is just how it should seek to enforce decisions against Mark holders who are not updating their IoT device protection. At present, the FCC is considering civil litigation as a primary route, but it is considering other options as well.

Another area still to be settled is how wide the scope of the Trust Mark should be. At present, it covers smart home, fitness monitors and some other consumer devices. However, the Trust Mark could well expand in scope, and looks likely to include internet equipment such as routers.

A further area of indecision is how much data the FCC should require from manufacturers, and what level of disclosure it should demand in terms of how companies use data collected from consumer devices. This includes not only the devices themselves, but also smartphone appliances, cloud platforms, and analytics.

The consultation is open to first comments until September 24, and until October 10 for responses.