The Biden administration officially launched the new US Cyber Trust Mark labeling program in early January before leaving office. What happens next to the program under the month-old Trump administration is unclear, given expected broad cutbacks to US government programs and staffing.
While it is a relatively small program amid a vast array of US government projects, the Cyber Trust Mark program is not insignificant as a form of consumer protection, and is being followed by advocates as a kind of litmus test for the recently installed Trump regime.
Cyber Trust Mark is a voluntary program designed to allow makers of consumer Internet of Things electronics to apply a trust label to their products to signify a level of security to consumers, something like the Energy Star label for energy efficiency. It is managed by the FCC, which appointed UL Solutions as the lead administrator in December.
At that time, UL Solutions said it will work with the FCC and program stakeholders to develop a national registry of certified products that consumers can access via a QR code on the Cyber Trust Mark label. From there, the registry will have more detailed information about each product. “As smart devices become increasingly integrated into our lives, it’s crucial that we trust these products are designed, built and managed to adhere to high security and privacy standards,” said Chanté Maurio, UL Solutions vice president and general manager of identity management and security.
Work on the program began as early as August 2023 with the FCC seeking public comment on how to create it and in March 2024, the FCC adopted rules based on public input.
The FCC has also posted some general information on a web site. Included is an FAQ that explains what consumers will find once they scan a QR code on a future Cyber Trust Mark label affixed to a new product. This information will include: how consumer can change a default password to prevent hacks; how to configure the device securely, whether updates and patches are automatic and if not how consumers access them; and the product’s minimum support period end date or a statement that the device is not supported and the consumer should not rely on the maker to release security updates.
On Jan. 7, the Biden White House announced the Cyber Trust Mark labels would begin appearing on products in the US in 2025. Anne Neuberger, then-deputy national security advisor for cyber, said she had expected labeled products in the year.
“Americans buying home alarm systems and baby monitors need to know hackers can’t disable the alarm system remotely or hack in to watch their babies asleep. Companies need to have an incentive to bake security into products, and the U.S. government wants to give American consumers that confidence,” Neuberger said at the time, according to reports.
“We know consumers want secure devices. They don’t know how to ask for it. They don’t know how to assess it. So by giving this label, we feel consumers now can say, ‘I know how to get a secure device,’” she said.
The White House said in January that Best Buy and Amazon had endorsed the program. Companies wanting to display the mark can consult the National Institute of Standards and Technology to determine if they should encourage customers to choose a strong password or automatically start with a default password for each product.
The Biden administration was also working late in its administration to order federal agencies to only use products with the Cyber Trust Mark beginning in 2027, Neuberger had said in January. The status of that order is not clear.
FCC officials, Best Buy and Amazon could not be reached to comment on the status of the consumer-focused program despite repeated attempts. UL Solutions said Friday it is moving forward with the Cyber Trust Mark program.
“From a UL Solutions perspective, we are moving forward with our role as Lead Administrator, working with stakeholders to develop the recommendations required by the FCC’s Report & Order,” said Kathy Fieweger, senior vice president communications for UL Solutions in an email to Fierce. She referred other questions to the FCC.
Analysts, however, said the program could lay in limbo as the Trump administration reviews hundreds of government programs across agencies. Because the program is voluntary, it might be allowed by a Trump FCC to stay in effect but not be promoted or flourish, one analyst suggested.
Jack Gold, lead analyst at J. Gold Associates, said the program is likely to be “totally in limbo for now.” He added: “I don’t think it will survive, or at least not be enforced in any way. Trump and company are cutting back on all programs and with new heads of the various agencies wanting to basically cut staff and budgets, it’s hard to see how such a program, fairly minor in the overall scheme of things, will be moving forward.”
The Cyber Trust Mark labeling program would be small potatoes compared to other programs being sidetracked or cut under the Trump administration.
The Trump administration has made a record number of executive orders in its first full month in office that include cuts to programs and personnel, with more on the way. One of particular concern to consumers was the halting of work at the Consumer Financial Protection Bureau. Also, health and human services agencies including the CDC are on the chopping block for some programs with the situation changing daily. Elon Musk’s DOGE is expected to target Pentagon cuts. Republicans in Congress are considering cuts amounting to $800 billion in clean-energy tax credits and $400 billion in tax credits for zero-emission electricity.