The seismic shift for security in smart devices isn’t coming – it’s here. From 4 March 2026, mandatory minimum security standards will apply to most consumer smart devices sold in Australia. This means that manufacturers, importers or suppliers of connected devices to the Australian market will not be able to sell them unless they meet the standards (for those caught unprepared there will be 12 months’ grace).
Protecting consumers by eliminating worst practices
Smart devices are no longer novelties. They’re everywhere; in our workplaces, our homes and in our pockets and handbags. These devices connect to networks and collect and process data. Many have cameras, microphones and location tracking. A compromised device can turn into much more than a mild inconvenience.
For many years, protection for Australian consumers of smart devices has consisted of little more than a mishmash of best practice documents, voluntary guidance and industry-led initiatives. While some manufacturers have taken security seriously, others have not and consumers have had no easy way to tell the difference. The new requirements have been designed to eliminate the riskiest practices and set a minimum disclosure baseline.
The Australian Government has moved from encouragement to enforcement. Access to the Australian market is tied to meeting the minimum standard and the obligation to comply sits with the entity putting the product on the market.
Beyond the minimum – putting power in the hands of consumers
The Government is not only mandating minimum standards. Last year, it appointed IoT Alliance Australia to lead the co-design and delivery of the Security Labelling Scheme for Smart Devices and signed the Joint Statement on the Global Cybersecurity Labelling Initiative (GCLI) with 10 other countries.
The scheme is voluntary and slated to start in March 2027. Once launched, it will shift the security choice from the manufacturer to the consumer. “What security features do we want to include?” will become “What security level do I want?”
Making security as simple as energy star ratings
Now in the co-development phase with a pilot due to begin in October 2026, the Security Labelling Scheme for Smart Devices will give manufacturers a direct way to highlight certified security credentials through a label that consumers can understand at a glance.
The label will give consumers a clear, recognisable signal that a device has met defined security criteria. This will change expectations just as energy star ratings have done – once people were able to compare energy ratings on whitegoods, they started to factor energy efficiency into buying decisions. Smart device security hasn’t had that kind of visibility. The labelling scheme will change that.
For manufacturers and suppliers, this can look like both opportunity and risk
The impact is commercial and reputational and will be visible to consumers at point of sale.
The opportunities:
- The label will offer vendors with strong security a clear way to showcase it to consumers using language and symbols that they will recognise
- Base-level certification will have value. Higher-level certification will carry even more weight
- Security will shift from being a cost to a market differentiator
The risks:
- If your products are secure and you don’t use the label, you risk underselling them
- If your products are not secure, they will be passed over for those that are.
Get in early, get involved and get ahead
Looking forward, there is a lot of value in engaging early with the development of the labelling Scheme. IoTAA is engaging with industry and consumers to finalise the certification processes and communications leading to a pilot program starting October 2026. This program will be a live test of how the Scheme will operate in practice.
If you are a manufacturer, supplier or distributor, this is the moment to step forward. Click here to register your interest in learning more and participating in the pilot.
Early involvement gives you visibility of where things are heading, the opportunity to be guided through the process (and be pre-approved) and importantly, be promoted as a foundation Scheme partner.
The shift has happened. The only question now is who treats it as a compliance headache and who treats it as a competitive advantage.
About the author: Frank Zeichner is a leader in IoT technologies with more than 40 years’ experience across the tech sector and the founding CEO of the IoT Alliance Australia (IoTAA). He now directs IoTAA’s Security Labelling Scheme for Smart Devices program.
IoT Alliance Australia (IoTAA) is the peak industry body advancing IoT for good and championing a data smart Australia.
