Manufacture, import, or sell a connected device? In addition to the potential hazards associated with the physical performance of the product, you also need to consider the potential hazards associated with the product’s connectivity. The Consumer Product Safety Commission (“CPSC”) is considering the Internet of Things and will hold a public hearing on May 16 for interested stakeholders to discuss the potential safety issues with connected products and the CPSC’s role in addressing these issues, along with industry best practices and current standards development. Privacy and personal data security issues in the IoT environment do not fall under the CPSC’s jurisdiction, but the agency has the authority to cover consumer hazards resulting from IoT products, which could include fire, burn, shock, tripping or falling, laceration, contusion, and chemical exposure.
The CPSC has identified two product safety challenges associated with IoT products: (1) preventing or eliminating hazardous conditions designed into products intentionally or without sufficient consideration; and (2) preventing and addressing incidents of hazardization. While the former falls into the CPSC’s wheelhouse of preventing and correcting consumer product issues, the latter is a non-traditional area of product safety activity and could pose some challenges with the high rate of growth of connected products. The CPSC defines hazardization as “the situation created when a product that was safe when obtained by a consumer, but which, when connected to a network, becomes hazardous through malicious, incorrect, or careless changes to operational code.” Examples include a connected cooktop with a software glitch that ignites without the consumer’s knowledge and starts a fire or an integrated home security system that fails to download a software update and the default condition is to deactivate the system, disabling the smoke alarms without the consumer’s knowledge.