If adopted, the mandates might also require unique IoT device passwords that can't be reset to universal factory settings. They could demand that manufacturers offer a point of contact as part of a vulnerability disclosure and that manufacturers state the minimum length of time a device will receive security updates. Following the government's consultation period, the security label initiative will launch as a voluntary measure, meant to help customers determine which products have basic security features.

This isn't the first time the UK has shared its ideas on how to make the internet safer, and last year, it passed regulation allowing the government to fine "critical infrastructure" companies up to £17 million if they have inadequate cybersecurity defenses. It's not clear yet if these new IoT mandates will include any fines.