California governor signs country's first IoT security law

The new Internet of Things law calls for "reasonable" security features.

CNET News staff
James Martin/CNET

California Gov. Jerry Brown has signed into law a broad cybersecurity bill governing Internet of Things devices, making the state the first in the nation to adopt such legislation.

Brown signed the bill, SB 327, on Friday. The law mandates that any maker of an Internet-connected, or "smart," device ensure the gadget has "reasonable" security features that "protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure."

In June, California passed a data-privacy law that some have called the country's toughest. It includes stopping the collection and sale of personal data upon request from consumers. The new IoT rule, however, has garnered mixed reviews.

Some observers say the law, which will go into effect on Jan. 1, 2020, is vague and doesn't go far enough in its protections. Others, however, say the California rule will focus attention on the issue of IoT security because the state's size effectively sets standards that will be followed throughout the country.