dang, that new version of the Product Security and Telecommunications Infrastructure Act goes hard. you can no longer sell an IoT product in the UK if it doesn't have a secure password initialisation feature and the ability for users to change its passwords.
@gsuberland I’m very split on some of that stuff if it’s the same as it was when I last read it. Secure auth and commitment to security updates is a big win. Requiring signed firmware less so if you care about being able to continue using things once the vendor abandons them.