CALL US: 206.533.3854
CALL US  206.533.3854
Full color aeon logo
By Toma Cristian, Cristian Ciurea and Ion Ivan -, CC BY 3.0,

New California Law Regulates “Internet of Things”

“Internet of Things”
Is getting regulated;
California leads

On January 1, 2020, California became the first state to specifically regulate the security of web-connected devices – commonly called “Internet of Things” (IoT) devices.

The new law, Cal. Civ. Code § 1798.91.04, says that:

A manufacturer of a connected device shall equip the device with a reasonable security feature or features that are all of the following:

  1. Appropriate to the nature and function of the device.
  2. Appropriate to the information it may collect, contain, or transmit.
  3. Designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.

It’s deemed a “reasonable” security feature if either of the following requirements are met:

  1. The preprogrammed password is unique to each device manufactured.
  2. The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.

A “connected devices” is “any device or other physical object that’s capable of connecting to the Internet, directly or indirectly, and that’s assigned an Internet Protocol address or Bluetooth address.”

This includes a broad range of devices, including “old school” technology like printers as well as newer technology such as “smart” refrigerators and digital assistants like Alexa.

(The hacking of a smart fridge network was a plot point on HBO’s Silicon Valley.)

The new California IoT law doesn’t apply to devices that are regulated by federal law, such as medical devices.

(The hacking of the Vice-President’s internet-connected pacemaker was a plot point in the series Homeland.)

The new law will be enforced by California’s Attorney General and does not provide for private rights of action by consumers affected by failures to comply with the law.

An Oregon IoT law, passed after California’s, also took effect on January 1. The Oregon law applies only to devices used primarily for family, personal, or household purposes.

The UK is also apparently planning to provide similar IoT device regulations.

Just like the haiku above, we like to keep our posts short and sweet. Hopefully, you found this bite-sized information helpful. If you would like more information, please do not hesitate to contact us here.

Related Articles

Is a Design Law Treaty coming?

WIPO announces
Plans for design law treaty
To streamline system

Read More

Federal Circuit Allows “Trump Too Small” Trademark

Federal Circuit:
First Amendment allows the
“Trump Too Small” trademark

Read More

When is trademark generic?

Generic trademarks:
Won’t be granted to start with,
And can be cancelled

Read More

Stay Informed

Sign up to receive Patent Poetry—a monthly roundup of key IP issues in our signature haiku format. Four articles (only 68 syllables); zero hassle.



International IP Protection