IoT end-of-life law proposed for the US

Forums › Gadgets, robotics, home automation, electronics (including wearables) › IoT end-of-life law proposed for the US

neb

11294 posts

Uber Geek

Trusted

Lifetime subscriber

#319086 20-Mar-2025 22:42

Just got forwarded this link to a proposed IoT device end-of-life law for the US:

The proposed Connected Consumer Product End of Life Disclosure law addresses these growing risks by raising the bar for smart device manufactures and Internet service providers. Among other mandates, the law requires smart device manufacturers to:

Clearly disclose the minimum guaranteed support time frames for products during which the manufacturer will provide security and software updates by placing that date on the product package and/or disclosing that information at the point of sale.
Proactively notify consumers when their connected consumer products will lose support
Provide information to customers as to how they should handle the connected consumer product’s end of life.
Notify device owners about the end of product support, providing a list of features lost, and vulnerabilities and security risks that are likely to result from the end of support.
Provide device owners with clear information about actions they can take if they want to continue using the product in a secure manner
The law also addresses the problem of smart, connected devices that are no longer supported, but that remain Internet connected, making them easy prey for hackers.

Since it's the US it has zero chance of passing but it'd be nice to have NZ adopt something like it.

floydbloke

3501 posts

Uber Geek

ID Verified

#3355818 21-Mar-2025 08:07

That'd be great to have

They should also be made to publish their proposed enshittifaction roadmap.

Thanks for explaining "plethora".

It means a lot.

Wise

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).

SaltyNZ

8153 posts

Uber Geek

Trusted

2degrees

Lifetime subscriber

#3355838 21-Mar-2025 09:15

Also, when an IoT/cloud-dependent device is to be EOLed, the manufacturer must:

Release a final firmware update that frees the device from lock-in to the manufacturer's original cloud service
Release full API specs for the cloud service
Release firmware source code including header-level source for any third-party proprietary libraries

It will be explicitly not a copyright, trademark or patent violation for users to create OSS replacements for the cloud service, and for the manufacturer to release the header-level source for any of their code with proprietary library integration (so they can't claim it is impossible to release the source code because it will take them 15 years to scrub the proprietary references).

Otherwise, "Provide information to customers as to how they should handle the connected consumer product’s end of life" will simply devolve to "recycle it" and "clear information about actions they can take if they want to continue using the product in a secure manner" will simply be "sorry, you can't".

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.