FCC Seeking Input on New Internet of Things Cybersecurity Program

Cooley alert
September 6, 2023

As we explained in an August 2023 client alert, the US Cyber Trust Mark program will provide consumers with information about the relative security of an Internet of Things (IoT) device or product. The Federal Communications Commission (FCC) recently took the next step in establishing the US Cyber Trust Mark program when it released a notice of proposed rulemaking (NPRM) seeking input about the rules and processes that will govern the program. This is the last step the FCC must take prior to setting final rules.

In the NPRM, the FCC asks for comment on which devices or products should be eligible for the US Cyber Trust Mark program, how the program should be managed and administered, and whether it should be managed or administered by the FCC or third parties. The FCC also seeks comment on the criteria and standards a device or product must satisfy to be eligible to display the US Cyber Trust Mark’s logo. While participation in the program will be voluntary, parties choosing to participate must adhere to the program’s standards, and the FCC is asking what enforcement measures should be adopted to ensure compliance by program participants. The FCC proposes that program participants file for renewal each year, and it asks how the program can ensure consumers have access to up-to-date information regarding the participating device or product.

The FCC proposes to develop the qualifying standards jointly with industry groups and other stakeholders, and it seeks comment on whether the FCC or an outside entity is in the best position to convene stakeholders and timely establish the details of a testing program. The FCC proposes that the standards be based on cybersecurity criteria developed by the National Institute of Standards and Technology (NIST), but it also asks whether other criteria should be considered. The FCC notes that NIST already has identified the key elements of a labeling program, and it seeks comment on various aspects of the NIST standards.

Comments on the FCC’s proposals are due on October 6, 2023, and reply comments are due on November 10, 2023. We expect the FCC will prioritize this proceeding – meaning that the new program could be launched as soon as the second half of 2024. For more information about the US Cyber Trust Mark program and the FCC’s proposed implementation, please reach out to one of the Cooley lawyers listed below.

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.