Consumer IoT Devices: Get Ready for the US Cyber Trust Mark

Cooley alert
August 2, 2023

American consumers have benefited in countless ways from Internet of Things (IoT) devices. Unfortunately, cyberattacks have sharply increased in recent years, often through vulnerabilities in IoT devices. In an effort to curb such attacks, the Biden-Harris administration proposed the creation of the US Cyber Trust Mark to help consumers identify products that are less vulnerable to cyberattacks.

The US Cyber Trust Mark will be a voluntary program under which conforming IoT products that meet certain cybersecurity criteria developed by the National Institute of Standards and Technology will be officially certified under a process adopted by the Federal Communications Commission (FCC). Certified products will be permitted to include the US Cyber Trust Mark logo on product packaging alongside a QR code. The QR code will link to a national registry of certified devices to provide consumers with specific and comparable security information about smart products.

The administration plans to educate consumers to look for the new label when buying products and has already started encouraging major US retailers to prioritize labeled products when placing them on the shelf and online. Leading electronics, appliance and consumer product manufacturers have already announced their support for the program.

The details of the US Cyber Trust Mark program are still being developed. Interested parties will have an opportunity to comment on specifics, like the criteria devices must meet to be certified and how the program will be enforced. Proposals are likely to include requirements for unique and strong default passwords, secured data transmissions, access controls, the ability to update software and incident detection capabilities. Also expected are requirements to give consumers the ability to set and change passwords and delete their data. Depending on the specific rules adopted, compliance with the new program could impose significant additional costs on product manufacturers.

The FCC will release a notice of proposed rulemaking (NPRM), which will contain specific proposals for the US Cyber Trust Mark program. Device creators, manufacturers, retailers, consumers and other interested parties will have an opportunity to comment on the proposals in the NPRM. After comments are received, the FCC will vote to adopt the new rules. The program is expected to be up and running in 2024.

For more information about the US Cyber Trust Mark program and the FCC’s proposed implementation, please reach out to one of the Cooley attorneys listed below.

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.