[JoBrad]

You can't hold someone liable for a standard that isn't legally defined. So, defining regulation that sets a reasonable expectation of security that every IoT manufacturer has to adhere to is not a bad idea, and helps everyone.

> On top of that, if actual harm comes to users of these devices as a result of these devices then we already have plenty of consumer laws protecting them.

When was the last time a software company was held liable for their software not working correctly, and exposing users unnecessarily? Most of them EULA their way out of any lawsuit to begin with.