Good. I want to see (and be able to trust) the ‘Kite Mark’ on IoT devices…:
[…] The U.K.-based members of the supply chain will bear the regulatory burden. However, overseas manufacturers will be required to amend their product design and security policies in line with the regulations to meet contractual requirements with U.K. importers and distributors.
The U.K. government proposes designating a regulator that will monitor industry compliance. The proposals include the usual range of civil enforcement powers, such as fines — potentially up to 4% of annual worldwide turnover (reflecting the potential high levels of fines under the EU General Data Protection Regulation (GDPR)) — and product forfeiture, suspension, and recall. In cases of continued non-compliance, criminal sanctions could follow.
The proposals include a relatively short 9-month period to achieve compliance, which works on the assumption that producers and distributors are already preparing to meet many of these obligations.