The UK government unveiled a law to bolster security on consumer IoT devices, a move deemed necessary to protect millions of people from the threat of cyberattacks.

In a statement, minister for Digital and Broadband Matt Warman said the law was part of efforts to “make the UK the safest place to be online” and will be implemented as soon as possible.

The measures were drawn up in conjunction with the UK National Cyber Security Centre and will require manufacturers of consumer IoT devices to use unique passwords rather than a default factory setting; provide a public point of contact to report vulnerabilities; and state the minimum length of time during which devices will receive security updates.

Devices including televisions, cameras and home assistants are covered by the legislation.

Warman added the new law will “hold firms manufacturing and selling internet-connected devices to account”, noting “robust security standards are built in from the design stage and not bolted on as an afterthought”.

The law follows the introduction of Secure by Design, a voluntary code of practice for consumer IoT security, in 2018 which formed the basis for European Telecommunications Standards Institute rules.

GSMA Intelligence predicted IoT connections would hit 24.6 billion by end of 2025.