CPSC to Hold Hearing on Internet-Connected Consumer Products

By John A. Hodges

The Consumer Product Safety Commission (CPSC) is venturing into new territory:  potential safety issues associated with internet-connected consumer products.[1]  Interconnectivity within and among products (the Internet of Things or IoT) presents new challenges to CPSC.  The agency will conduct a public hearing on May 16, 2018; written comments are due by June 15.  CPSC will use the information from this proceeding to inform its future risk management work.  Industry should participate in order to assure that its own perspectives are taken into account.

Risk of Harm from IoT

CPSC acknowledges that IoT can benefit consumers.  But it also asserts that IoT can introduce potential for harm – such as fire, burn, shock, tripping or falling, laceration, contusion, and chemical exposure.[2]  The Commission asserts jurisdiction in this area and urges regulators, standards organizations, and business and consumer advocates to work collaboratively to develop a framework for best practices.

CPSC says that the product safety challenges of IoT products include:

1. Prevention or elimination of hazardous conditions designed into products intentionally or without sufficient consideration, g., high-risk remote operation or network enabled control of products or product features.[3]
2. Preventing and addressing incidents of hazardization. Hazardization is when a product that was safe when obtained by a consumer becomes hazardous through malicious, incorrect, or careless changes to operational code when connected to a network.  Managing these kinds of hazards may involve examination of “policies related to code encryption and security, authorized access to programming, and defensive measures (and countermeasures) for device software.”^[4]

Areas for Discussion at the Hearing

CPSC is looking for input at the hearing on a host of topics, including the following:

• The adequacy of current voluntary standards and/or safety regulations to address safety hazards specific to IoT-connected devices.
• The potential for new safety standards, design principles, controls, or supervisory systems to prevent injury for IoT-connected devices; who should develop such standards; and whether such standards should be mandatory or voluntary.
• Potential certification requirements before IoT devices are released to the market.
• Best practices, controls, and supervisory systems.
• Incidents and injuries already caused by IoT devices, how they are distinguished from other incidents, and how incident data can be collected.
• Potential collaboration with other federal agencies and outside stakeholders to address potential safety hazards related to IoT.
• What role should government play, including CPSC?
• Consumer education and recall notices.
• Responsibilities for hazards or injuries among the multiple contributors to an internet-connected product or resulting from interdependencies between products.
• CPSC won’t address personal data security or privacy implications of IoT-connected devices.

Industry Participation Needed

This proceeding will likely play a significant role regarding rules governing safety of IoT devices and related liability.  Industry should participate in order to help shape the dialog and outcome.

* * * *

For more information regarding Harris, Wiltshire & Grannis LLP’s consumer product safety practice, please contact John A. Hodges at +1 (202) 730-1326 or by e-mail at jhodges@hwglaw.com or Adrienne Fowler at +1 (202) 730-1343 or by e-mail at afowler@hwglaw.com.

This advisory is not intended to convey legal advice. It is circulated to our clients and others as a convenience and is not intended to reflect or create an attorney-client relationship as to its subject matter.

[1]  83 Fed. Reg. 13122 (March 27, 2018).

[2]  Id. at 13123.

[3]  Id.

[4]  Id.