The government has assigned a 10-year expenditure of $49.5 million for the establishment of a security labeling initiative for consumer-grade Internet of Things (IoT) devices, as outlined in its recently released cyber security strategy. The proposed initiative, described as a "voluntary labeling scheme for consumer-grade smart devices," is intended to be collaboratively designed by both industry stakeholders and regulators.
Following this announcement, the Office of Impact Analysis (OIA) conducted an investigation and disclosed its findings this week. The OIA determined that the 10-year regulatory cost associated with this initiative would amount to $49.5 million, a relatively minor burden in a market estimated by the OIA to be $2.5 billion annually.
The OIA explored two potential voluntary labeling approaches: a straightforward star rating system similar to the one employed in Singapore and a label akin to the "use by" dates found on food products. The analysis revealed that the star rating option was favored by both surveyed consumers and manufacturers.
According to the assessment, the anticipated annual regulatory expense for industry players would be $7.8 million in the initial year and $4.6 million in subsequent years. Meanwhile, the estimated cost for the government is projected to be approximately $5 million over a four-year period.
The primary financial burden for industry participants would stem from obtaining the star rating, which could be as high as $3,700 per device. The government's costs would be associated with administering the industry body responsible for overseeing the labeling scheme.
It is noteworthy that the analysis did not delve into the costs associated with another proposal in the cyber strategy, which suggests the adoption of mandatory security standards by the industry for consumer devices.