Government publish Call for Views on Cyber Security of Enterprise Connected Devices

The Department for Science, Innovation and Technology has published a call for views on the security of enterprise connected devices, also known as Internet of Things (IoT) devices, which are used by businesses and organisations across the UK.

Recent research has highlighted serious vulnerabilities in these devices, some of which could allow attackers to gain control over a device or an entire network. The findings also showed widespread use of outdated software and revealed that many security issues stemmed from poor configuration or services, applications or features.

The government’s proposed measures build on the 11 principles published by the National Cyber Security Centre in 2022. These principles were designed to provide guidance for manufacturers in the secure design of enterprise connected devices. However, uptake and awareness of this guidance remains low and coupled with the rapid global growth of the IoT market, these challenges have prompted the government to reassess and strengthen the UK’s approach to enterprise device security.

Proposed Approach

In the Call for Views the government is proposing a two-part intervention, which would include the publication of a Code of Practice and several policy interventions to boost uptake of the security requirements.

The Call for views on enterprise connected device security closes at 11:59pm on 7 July 2025.