FCC Launches Voluntary Labeling Program for Internet of Things (IoT) Devices and Products
The Federal Communications Commission (FCC) recently launched a voluntary cybersecurity labeling program called the “U.S. Cyber Trust Mark program” for wireless consumer Internet of Things (IoT) products. This labeling program aims to provide consumers with greater confidence in the security of their everyday devices and seeks to help businesses identify trustworthy products.
The program covers both “IoT devices” and “IoT products.”
- An IoT device is a device connected to the internet that can communicate wirelessly with the physical world and digitally through networks like Wi-Fi or Bluetooth.
- An IoT product includes the device and any extra components needed to use it fully, like a mobile app or backend system.
Initially, the program will focus on consumer IoT products like smart watches, home security systems, and other smart appliances. Mobile phones, general computing equipment like routers, and certain industrial or enterprise IoT products are not currently included the program but may be in added in the future. Medical devices, vehicles, and related equipment regulated by other federal agencies are also excluded, as are certain communications equipment identified as risks by the Secure and Trusted Networks Act.
Companies applying for the U.S. Cyber Trust Mark will need to have their products tested by an accredited lab, following criteria from the National Institute of Standards and Technology (NIST), and confirm they meet program rules. Once approved, companies can display the U.S. Cyber Trust Mark logo on their products, along with a QR code for consumers to scan and learn more about the product’s security.
In a tandem effort, The Department of Energy has also announced plans to develop cybersecurity labeling requirements for smart meters and power inverters, essential for future smart grids. Internationally, the Department of State will collaborate with allies to harmonize standards and mutual recognition of similar labeling efforts.
The comment period for this proposed rule is open through April 15, 2024. In particular, the FCC is looking for feedback on adding more assurances for consumers regarding products with the FCC IoT Label and addressing vulnerabilities from “risky” countries.
If you would like additional information about the FCC’s labeling rules, including suggestions for best practices, please contact our IoT subject matter expert, Ronald E. Quirk at req@commlawgroup.com or our privacy & data protection subject matter expert, Linda McReynolds at lgm@commlawgroup.com.