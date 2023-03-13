The Internet of Things (IoT) is a rapidly growing area of emerging technology. Estimates vary, but there are expected to be over 75 billion connected devices worldwide by 2030. In many cases, the level of security within these devices is lower than their end users expect, and the presence of basic security flaws leaves individuals, businesses and organisations vulnerable to a range of harms.

The Mirai DDOS attack helped to focus the attention of policymakers, and a range of policy initiatives are underway in the European Union, Japan, the United Kingdom, the United States, Australia, Singapore, India, Finland, Germany and many other jurisdictions.

There is a great deal of consensus already. All approaches agree that universal default passwords in products add needless risk, and that products are more secure when their manufacturers abide by strong and coordinated processes to manage vulnerabilities. There is also agreement on the importance of software updates and ‘patching’ to address these vulnerabilities, as well as a number of globally applicable Technical Standards in this sector, from ISO 29147 and 27402/4 to ETSI EN 303 645, and a range of mapping options, that show consensus between these Technical Standards.

2023 is a landmark year, as many of these policies are now implemented into law and consumerfacing approaches, including labelling, which is taking place in Finland, Singapore and Germany, and work is underway in the United States and Japan. There is a risk that the slightly differing approaches in each country are increasingly viewed as ‘fragmentation’, and that this will cause confusion among businesses and introduce inefficiency into the economy.

Key questions for discussion at the Global Forum: