Skip to content

legislation

Jump to bottom
Michael Richardson edited this page Dec 8, 2020 · 2 revisions

This is a list of IoT related legistlation that either has been passed, or is in the progress of being passed.

There is a wikipedia entry https://en.wikipedia.org/wiki/Internet_of_things#Government_regulation_on_IoT

and perhaps this page will migrate to wikipedia.

United States of America

Nationally

Passed Dec. 4, 2010: https://www.congress.gov/bill/116th-congress/house-bill/1668/text

https://www.govtrack.us/congress/bills/115/s88 Passed by the Senate in 2017, but never passed by the House.

https://www.govtrack.us/congress/bills/116/s1611 not yet passed by the House.

California

https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327

SB 327, Jackson. Information privacy: connected devices.
Existing law requires a business to take all reasonable steps to dispose
of customer records within its custody or control containing personal
information when the records are no longer to be retained by the business
by shredding, erasing, or otherwise modifying the personal information in
those records to make it unreadable or undecipherable. Existing law also
requires a business that owns, licenses, or maintains personal
information about a California resident to implement and maintain
reasonable security procedures and practices appropriate to the nature of
the information, to protect the personal information from unauthorized
access, destruction, use, modification, or disclosure....

Oregon

https://olis.leg.state.or.us/liz/2019R1/Measures/Overview/HB2395

Requires manufacturer to equip connected device with reasonable security
features that protect connected device and information that connected
device stores from access, destruction, modification, use or disclosure
that consumer does not authorize.

Europe

ETSI EN 303 645

https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.00.00_20/en_303645v020000a.pdf https://www.etsi.org/newsroom/press-releases/1549-2019-02-etsi-releases-first-globally-applicable-standard-for-consumer-iot-security

Note that ETSI documents do not have force of law, but are often referenced by laws.

Code of Practice for consumer IoT security

https://www.gov.uk/government/publications/code-of-practice-for-consumer-iot-security/code-of-practice-for-consumer-iot-security

This document also does not have force of law.

Australia

The blurb: https://www.homeaffairs.gov.au/reports-and-publications/submissions-and-discussion-papers/code-of-practice

The actual document: https://www.homeaffairs.gov.au/reports-and-pubs/files/code-of-practice.pdf

Clone this wiki locally