FCC Announces Labeling Program for IoT Devices for Consumer Safety

The Federal Communications Commission (FCC) has recently voted to create a voluntary cybersecurity labeling program for Internet of Things (IoT) devices and other similar consumer-facing IoT-powered products.

“Under the program, qualifying consumer smart products that meet robust cybersecurity standards will bear a label — including a new “U.S Cyber Trust Mark” — that will help consumers make informed purchasing decisions, differentiate trustworthy products in the marketplace, and create incentives for manufacturers to meet higher cybersecurity standards,” the FCC said.

The latest announcement highlights the culmination of a longstanding White House project concerning a product labeling system that aims to notify consumers about the security risks linked with connected devices.

The program will result in the U.S. Cyber Trust Mark logo debuting on wireless consumer IoT products meeting cybersecurity standards.

Accompanied by a QR code, consumers can scan for details like product support duration and automatic software updates. The voluntary program, overseen by the FCC, involves public-private collaboration. 

Moreover, approved third-party administrators will manage tasks like evaluating applications and educating consumers. Accredited labs will conduct compliance testing. Eligible products include home security cameras, voice-activated shopping devices, and fitness trackers.

The Commission is also inviting public input on potential additional disclosure mandates including assessing if software or firmware for a product originates from or is managed by a company situated in a nation posing national security apprehensions.

Additionally, it seeks to determine if customer data gathered by the product will be transmitted to servers located in such countries.

Last month, the FCC banned robocalls generated by AI amid growing concern about the misuse of the technology. 

The commission granted state attorneys general the authority to pursue legal action against those still using the technology. Previously, attorneys general were limited to addressing the aftermath of receiving unwanted AI-generated robocalls.