California's SB-327 for IoT Security places responsibility on whom?

California's SB-327 for IoT Security emphasizes the accountability of device manufacturers in ensuring the security of Internet of Things devices. The law mandates that makers of connected devices must incorporate reasonable security features that are appropriate to the device's nature and function. This can include measures like unique passwords and regular software updates to protect against unauthorized access and vulnerabilities.

By placing the responsibility on the manufacturers, the legislation aims to improve the overall security landscape of connected devices, as these companies typically have more control over the design and production processes. While consumers, retailers, and government regulators play significant roles in the ecosystem, the primary obligation under this specific law is focused on the makers of the devices, thereby incentivizing them to prioritize security at the design stage.