Global menu

Our global pages


California Regulates the Internet-Of-Things

  • China
  • Hong Kong
  • Other


California’s state legislature has passed a new law to regulate certain aspects of Internet of Things (IoT or connected) device security. The new legislation, known as SB-327, will impact manufacturers around the world when it comes into effect in January 2020. In particular, any company selling IoT devices in California must equip their products with “reasonable security features.”

SB-327 is not prescriptive in defining “reasonable security features”, adopting a principles-based approach that requires security features to be:

1.appropriate to the nature and function of the device;

2.appropriate to the information it may collect, contain or transmit; and

3.designed to protect the device and any information it contains from unauthorised access, destruction, use, modification or disclosure.

As a result, the nature of the security features required under SB-327 will vary from IoT device to IoT device.

While California is the first mover in the US, other states will doubtless introduce similar measures to protect consumers from the increased cyber and privacy risks that are associated with IoT devices.

Although SB-327 is not scheduled to come into effect until January 2020, manufacturers and wholesalers are well-advised to start planning now. This is particularly true for manufacturers, which will require lead time to design and implement the necessary security features. Click here to read the full article. This article was originally published in ‘Law Tech News – Online’ on 14 November 2018.