	Federal Communications Commission	DA 24-297



DA 24-297
Released:  March 25, 2024

PUBLIC SAFETY AND HOMELAND SECURITY BUREAU ANNOUNCES FILING DEADLINES FOR COMMENTS AND REPLY COMMENTS REGARDING THE CYBERSECURITY LABELING FOR INTERNET OF THINGS FURTHER NOTICE OF PROPOSED RULEMAKING (FCC 24-26)
PS Docket No. 23-239

Comments Due:  April 24, 2024
Reply Comments Due:  May 24, 2024

On March 14, 2024, the Federal Communications Commission adopted a Report and Order and Further Notice of Proposed Rulemaking (FNPRM), FCC 24-26, establishing a voluntary cybersecurity labeling program for wireless consumer Internet of Things, or IoT, products that will help consumers make safer purchasing decisions, raise consumer confidence regarding the cybersecurity of the IoT products they buy, and encourage manufacturers to develop IoT products with security-by-design principles in mind. Cybersecurity Labeling for Internet of Things, PS Docket No. 23-239, Report and Order and Further Notice of Proposed Rulemaking, FCC 24-26 (Mar. 15, 2024) (FNPRM).
  The FNPRM proposes and seeks comment on additional national security declarations for the IoT labeling program. FNPRM at 81-82, paras. 162-166. 
  The proposed additional disclosures are intended to provide consumers with assurances that the products bearing the FCC IoT Label do not contain hidden vulnerabilities from high-risk countries, that the data collected by the products does not sit within or transit high-risk countries, and that the products cannot be remotely controlled by servers located within high-risk countries.  The FNPRM also seeks comment on whether the disclosed information should be included in the publicly accessible registry associated with the program; whether the fact that software or firmware originates from high-risk countries, data will be stored in such countries, or that products can be remotely controlled by servers within such countries, should make the products ineligible for the label altogether; and whether the federal Magnusson-Moss Warranty Act governing consumer product warranties is applicable. FNPRM at 82, paras. 164-166.

A summary of the FNPRM was published in the Federal Register on March 25, 2024, stating that comments on these proposed rules would be due 30 days after the date on which the Federal Register publication occurred, and that reply comments would be due 60 days after such Federal Register publication. See Federal Communications Commission, Cybersecurity Labeling for Internet of Things, 89 Fed. Reg. 20603 (March 25, 2024).
  Accordingly, by this Public Notice, the Public Safety and Homeland Security Bureau notifies interested parties that comments on the proposed rules are due on April 24, 2024, and reply comments are due on May 24, 2024.  The FNPRM contains the comment filing instructions. FNPRM at 85-84, paras. 174-177.

Additional Information.  For additional information on this proceeding, please contact Zoe Li, Cybersecurity and Communications Reliability Division, Public Safety and Homeland Security Bureau at Zoe.Li@fcc.gov or 202-418-2490; or Tara B. Shostek, Cybersecurity and Communications Reliability Division, Public Safety and Homeland Security Bureau at Tara.Shostek@fcc.gov or (202) 418-8130.
– FCC –



2