A good initiative taken by the California United States on the security of IoT devices. It seems States are learning a lesson & protective their citizens. European has GDDR law to ask each & every user to accept the cookie popup appears whichever site or application you use. it basically asks for the consent from the user.
Most important point this law has a procedure and enforce manufacturer to not have a default password. This is a significant step because most of the user never change the default password and it is easy to hack. Some users even keep their device SNO as default password like home routers etc.
Impact of this Law
Automobile manufacturers sell their cars worldwide, but they are customized for local markets. The car you buy in the United States is different from the same model sold in Mexico, because the local environmental laws are not the same and manufacturers optimize engines based on where the product will be sold. The economics of building and selling automobiles easily allows for this differentiation.
But software is different. Once California forces minimum security standards on IoT devices, manufacturers will have to rewrite their software to comply. At that point, it won’t make sense to have two versions: one for California and another for everywhere else. It’s much easier to maintain the single, more secure version and sell it everywhere.
Another view of the same topic:
California has passed an IoT security bill, awaiting the governor’s signature/veto. It’s a typically bad bill based on a superficial understanding of cybersecurity/hacking that will do little improve security, while doing a lot to impose costs and harm innovation.