CPSC to Hear About the Safety Consequences If a Smart Device Isn’t So Smart

Manufacture, import, or sell a connected device? In addition to the potential hazards associated with the physical performance of the product, you also need to consider the potential hazards associated with the product’s connectivity. The Consumer Product Safety Commission (“CPSC”) is considering the Internet of Things and will hold a public hearing on May 16 for interested stakeholders to discuss the potential safety issues with connected products and the CPSC’s role in addressing these issues, along with industry best practices and current standards development. Privacy and personal data security issues in the IoT environment do not fall under the CPSC’s jurisdiction, but the agency has the authority to cover consumer hazards resulting from IoT products, which could include fire, burn, shock, tripping or falling, laceration, contusion, and chemical exposure.

The CPSC has identified two product safety challenges associated with IoT products: (1) preventing or eliminating hazardous conditions designed into products intentionally or without sufficient consideration; and (2) preventing and addressing incidents of hazardization. While the former falls into the CPSC’s wheelhouse of preventing and correcting consumer product issues, the latter is a non-traditional area of product safety activity and could pose some challenges with the high rate of growth of connected products. The CPSC defines hazardization as the situation created when a product that was safe when obtained by a consumer, but which, when connected to a network, becomes hazardous through malicious, incorrect, or careless changes to operational code.” Examples include a connected cooktop with a software glitch that ignites without the consumer’s knowledge and starts a fire or an integrated home security system that fails to download a software update and the default condition is to deactivate the system, disabling the smoke alarms without the consumer’s knowledge.

The Commission wants to hear about a wide range of topics such as whether current voluntary standards sufficiently address safety hazards specific to connected devices, the role the government should play in keeping consumers safe regarding IoT devices, and who should be considered responsible for hazards or injuries among various contributors to an internet-connected product associated with an incident.

If you would like to present at the hearing, transcripts of oral comments must be submitted by May 2. Anyone can attend the hearing on May 16. For further details, click here for the full text of the CPSC’s notice.