4.1 This guide is intended to apply in conjunction with applicable end-product specific performance or design standard requirements to address the overall system safety of a connected consumer product. Designers and manufacturers of a connected consumer product, with assistance from conformity assessment bodies, or others, as deemed desirable, should identify applicable and relevant product standards. They should assess and document if or how connectivity potentially affects the ability of such products to meet overall product-safety requirements, as well as conflicts or requirements, if any, that may or should not be applicable to the connected consumer product. This guide recognizes that the overall system safety of the connected consumer product is the primary objective. Property damage, including non-functionality of the connected consumer product, is only included to the extent that such property damage poses a risk of personal injury. Data security beyond the extent necessary to ensure system safety, or privacy-related issues, are not addressed in this guide although measures to address the protection of personal information may help mitigate connected consumer product safety issues.
4.2 This guide provides guidelines for:
4.2.1 Remote updates;
4.2.2 Software, firmware, and configuration risk management designed to ensure compliance with an end product safety standard and to prevent the creation of an unanticipated hazard from the connected consumer product; and
4.2.3 Cybersecurity risk controls for the software, firmware, and configuration of architecture and design.
4.2.4 The use of artificial intelligence (AI) in connected consumer products.
Область применения1.1 This guide provides guidance for connected consumer products, as defined in 1.1.1, as it relates to physical product safety hazards created by virtue of their connectivity. It applies to connected products that need testing and evaluation to prevent cybersecurity vulnerabilities and weaknesses that could compromise the safety-related performance of the product, create a physical safety hazard in the product or its operation, or result in a noncompliance to the underlying end product safety standard.
1.1.1 Connected consumer product or Internet of Things (IoT) consumer device means any consumer device or physical object that is capable of connecting to the internet or other network, directly or indirectly, and is assigned an internet, Bluetooth, or other communication protocol address or identifier. A non-exhaustive list of examples includes:
1.1.1.1 Connected children’s products such as toys and juvenile products such as baby monitors;
1.1.1.2 Connected safety-related products such as smoke alarms and door locks;
1.1.1.3 Connected TVs and speakers;
1.1.1.4 Wearable connected health trackers and smart apparel;
1.1.1.5 Connected home automation, security or surveillance cameras, and alarm systems;
1.1.1.6 Connected appliances (for example, washing machines and refrigerators); and
1.1.1.7 Connected smart home assistants.
1.1.1.8 Consumer products with functions or features that utilize artificial intelligence.
1.2 Safety, for this guide, is defined as the freedom from an unreasonable risk of physical injury or illness resulting from mechanical contact, hazardous energy release, or exposure to hazardous chemicals from the connected product. Physical injury or illness may include burns, lacerations, strains, contusions, suffocation, strangulation, poisoning, disease, seizures, internal injuries, shock, or other injuries to the body. Property damage related to non-functionality of the connected device is only included to the extent that such property damage leads to a safety issue. Safety, for this standard, does not include privacy or personal data security, or physical harms potentially resulting from privacy or personal data breaches.
1.3 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.
1.4 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.