On August 10, the Federal Communications Commission (“FCC”) released a Notice of Proposed Rulemaking (“NPRM”) concerning the creation of a “voluntary cybersecurity labeling program that would provide easily understood, accessible information to consumers on the relative security of an IoT device or product, and assure consumers that manufacturers of devices bearing the Commission’s IoT cybersecurity label adhere to widely accepted cybersecurity standards.” The NPRM reflects the proposal previewed in Chairwoman Jessica Rosenworcel’s announcement last month, which we covered here.

The accompanying Securing Smart Devices Fact Sheet states that proposed program would be based on the National Institute of Standards and Technology’s recommended Internet of Things criteria.  The Fact Sheet also outlines a number of issues for which the FCC invites public comment, including:

  • The scope of devices or products for sale in the U.S. that should be eligible for inclusion in the labeling program,
  • Who should oversee and manage the program,
  • How to develop the security standards that could apply to different types of devices or products,
  • How to demonstrate compliance with those security standards, 
  • How to safeguard the cybersecurity label against unauthorized use, and
  • How to educate consumers about the program.

The FCC estimates that the new program “could be up and running by late 2024” if the agency votes to establish the program after the public comment period.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Matthew DelNero Matthew DelNero

Matt DelNero provides expert regulatory counsel to companies of all sizes in the telecommunications, technology and media sectors. As a former senior official with the FCC and longtime private practitioner, Matt helps clients achieve their goals and navigate complex regulatory and public policy…

Matt DelNero provides expert regulatory counsel to companies of all sizes in the telecommunications, technology and media sectors. As a former senior official with the FCC and longtime private practitioner, Matt helps clients achieve their goals and navigate complex regulatory and public policy challenges.

Matt serves as co-chair of Covington’s Technology & Communications Regulation (“TechComm”) Practice Group and co-chair of the firm’s Diversity, Equity, & Inclusion initiative.

Matt advises clients on the full range of issues impacting telecommunications, technology and media providers today, including:

  • Structuring and securing FCC and other regulatory approvals for media and telecommunications transactions.
  • Obtaining approval for foreign investment in broadcasters and telecommunications providers.
  • Broadband funding under federal and state programs, including under the FCC’s Universal Service Fund (USF) and NTIA’s Broadband Equity, Access, and Deployment (BEAD) Program.
  • Representing broadcasters, media networks, and other content owners and producers on both existing and proposed FCC regulations and policies.
  • FCC enforcement actions and inquiries.
  • Online video accessibility, including under the Communications and Video Accessibility Act (CVAA) and Americans with Disabilities Act (ADA).
  • Equipment authorizations for IoT and other devices.
  • Spectrum policy and auctions, including for 5G.
  • Privacy and data protection, with a focus on telecommunications and broadband providers.

Matt also maintains an active pro bono practice representing LGBTQ+ and other asylum seekers, as well as veterans petitioning for discharge upgrades—including discharges under ‘Don’t Ask, Don’t Tell’ and predecessor policies that targeted LGBTQ+ servicemembers.

Prior to rejoining Covington in January 2017, Matt served as Chief of the FCC’s Wireline Competition Bureau. He played a leading role in development of policies around net neutrality, broadband privacy, and broadband deployment and affordability under the federal Universal Service Fund (USF).

Chambers USA ranks Matt within “Band 1” in his field and reports that he is a “go-to attorney for complex matters before the FCC and other federal agencies, drawing on impressive former government experience.” It also quotes clients who praise him as “an outstanding regulatory lawyer…[who] understands the intersection between what’s important for the client’s operations and how the law impacts those operations.”

Photo of Jennifer Johnson Jennifer Johnson

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors…

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors, television companies, trade associations, and other entities on a wide range of media and technology matters. Jennifer has almost three decades of experience advising clients in the communications, media and technology sectors, and has held leadership roles in these practices for almost twenty years. On technology issues, she collaborates with Covington’s global, multi-disciplinary team to assist companies navigating the complex statutory and regulatory constructs surrounding this evolving area, including product counseling and technology transactions related to connected and autonomous vehicles, internet connected devices, artificial intelligence, smart ecosystems, and other IoT products and services. Jennifer serves on the Board of Editors of The Journal of Robotics, Artificial Intelligence & Law.

Jennifer assists clients in developing and pursuing strategic business and policy objectives before the Federal Communications Commission (FCC) and Congress and through transactions and other business arrangements. She regularly advises clients on FCC regulatory matters and advocates frequently before the FCC. Jennifer has extensive experience negotiating content acquisition and distribution agreements for media and technology companies, including program distribution agreements, network affiliation and other program rights agreements, and agreements providing for the aggregation and distribution of content on over-the-top app-based platforms. She also assists investment clients in structuring, evaluating, and pursuing potential investments in media and technology companies.

Photo of Andrew Longhi Andrew Longhi

Andrew Longhi advises national and multinational companies across industries on a wide range of regulatory, compliance, and enforcement matters involving data privacy, telecommunications, and emerging technologies.

Andrew’s practice focuses on advising clients on how to navigate the rapidly evolving legal landscape of state…

Andrew Longhi advises national and multinational companies across industries on a wide range of regulatory, compliance, and enforcement matters involving data privacy, telecommunications, and emerging technologies.

Andrew’s practice focuses on advising clients on how to navigate the rapidly evolving legal landscape of state, federal, and international data protection laws. He proactively counsels clients on the substantive requirements introduced by new laws and shifting enforcement priorities. In particular, Andrew routinely supports clients in their efforts to launch new products and services that implicate the laws governing the use of data, connected devices, biometrics, and telephone and email marketing.

Andrew assesses privacy and cybersecurity risk as a part of diligence in complex corporate transactions where personal data is a key asset or data processing issues are otherwise material. He also provides guidance on generative AI issues, including privacy, Section 230, age-gating, product liability, and litigation risk, and has drafted standards and guidelines for large-language machine-learning models to follow. Andrew focuses on providing risk-based guidance that can keep pace with evolving legal frameworks.