Last week, I have been asked by several news reporters what can be done to have more secure and privacy-preserving smart home technologies. In this post, I focus on some of the more recent and upcoming regulations and initiatives that are affecting, and likely to affect it more in the future, the IoT world. Purposely, I exclude the EU GDPR  and its US counterpart the CCPA, as I will talk about those in a separate post.

• The EU ePrivacy Regulation. This  EU regulation aims to ensure privacy in all electronic communications – including instant messaging apps and VoIP platforms, and machine-to-machine communications such as the IoT. Also, it carries an identical penalty regime for non-compliance as the GDPR.

• The EU Cybersecurity Act. This establishes an EU-wide cybersecurity certification framework for digital products, services, and processes. This includes the IoT, cloud infrastructure and services, threat intelligence in the financial sector, electronic health records in healthcare, and qualified trust services.

• The IoT Cybersecurity Improvement Act of 2020. This new US law establishes minimum security requirements for IoT devices owned or controlled by the federal government. Specifically, it requires any IoT devices purchased by the federal government to comply with the NIST standards and guidelines.

In the future, I will talk about some of the standards and best practice frameworks that can help organizations develop secure and privacy-preserving IoT technologies. Also, I will suggest some guidelines that consumers can adopt to secure their home devices.