Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, whether her Department plans to lay regulations to set a time limit for provision of security updates for (a) CCTV doorbells and (b) other connectable or IoT products.

The government is committed to ensuring that the benefits that connectable technologies offer to individuals and the economy, are not at the expense of consumer security. The Product Security and Telecommunications Infrastructure Act, which received Royal Assent in December 2022, will ensure that security requirements are met for consumer connectable products, including smart doorbells, sold to UK customers.

Regulations will be made shortly to implement the new Act, making the UK market the first in the world to benefit from these new protections. Manufacturers of consumer connectable products sold to UK consumers will be required to stop using universal default and easily-guessable default passwords. Regulations will also require these manufacturers to publish a vulnerability disclosure policy on how security issues affecting their products can be reported to them, as well as information on the minimum length of time for which the manufacturer will provide security updates covering the product.