IoTAA Security Labelling Scheme

What is the Security Labelling Scheme?

The IoTAA Security Labelling Scheme is a voluntary consumer-facing certification program that provides an independent assessment of the security posture of Internet of Things (IoT) devices sold in Australia. Devices that achieve certification display an IoTAA security label clearly indicating their certification level — making it easy for consumers to compare products.

Administered by the IoTAA Scheme Operator and delivered through accredited testing bodies, the scheme is aligned with the mandatory requirements of the Cyber Security Act 2024 (s.15 and s.16) and internationally recognised standards including ETSI EN 303 645 and ISO/IEC 27001.

Why Should Consumers Care?

Insecure IoT devices are among the most common entry points for cybercriminals into home and business networks. An IoTAA-certified product means you can trust:

• Unique passwords — Devices ship with unique or user-set passwords, not default shared credentials.
• Security updates — The manufacturer is committed to releasing security patches for a defined support period.
• No unnecessary ports — The device minimises its attack surface by disabling unused network interfaces.
• Secure communications — Sensitive data is encrypted in transit and at rest.
• Vulnerability disclosure — The manufacturer has a public process for accepting and responding to security vulnerability reports.

How to Check a Product

Before purchasing an IoT device, look for the IoTAA security label on the packaging. Then use the Product Register to verify the label is authentic and check the device's current certification status.