California § 1798.91.04. 1798.91.04. (Amended (as added by Stats. 2018, Ch. 860, Sec. 1) by Stats. 2022, Ch. 785, Sec. 2.)

California Statutes

§ 1798.91.04. — 1798.91.04. (Amended (as added by Stats. 2018, Ch. 860, Sec. 1) by Stats. 2022, Ch. 785, Sec. 2.)

California § 1798.91.04.

JurisdictionCalifornia

Code CIVCivil Code - CIV

Div. 3.DIVISION 3. OBLIGATIONS

Title1.81.26.

Part 4.TITLE 1.81.26. Security of Connected Devices

This text of California § 1798.91.04. (1798.91.04. (Amended (as added by Stats. 2018, Ch. 860, Sec. 1) by Stats. 2022, Ch. 785, Sec. 2.)) is published on Counsel Stack Legal Research, covering California primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

Cal. Civil Code - CIV Code § 1798.91.04. (2026).

Text

(a)A manufacturer of a connected device shall equip the device with a reasonable security feature or features that are all of the following:

(1)Appropriate to the nature and function of the device.

(2)Appropriate to the information it may collect, contain, or transmit.

(3)Designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.

(b)Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met:

(1)The preprogrammed password is unique to each device manufactured.

(2)The device contains a secu

Free access — add to your briefcase to read the full text and ask questions with AI

(a)
A manufacturer of a connected device shall equip the device with a reasonable security feature or features that are all of the following:
(1)
Appropriate to the nature and function of the device.
(2)
Appropriate to the information it may collect, contain, or transmit.
(3)
Designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.
(b)
Subject to all of the requirements of subdivision (a), if a connected
device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met:
(1)
The preprogrammed password is unique to each device manufactured.
(2)
The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.
(c)
A manufacturer of a connected device may elect to satisfy the requirements of subdivision (a)
by ensuring the connected device does all of the following:
(1)
Meets or exceeds the baseline product criteria of a NIST conforming labeling scheme.
(2)
Satisfies a conformity assessment as described by a NIST conforming labeling scheme that includes a third-party test, inspection, or certification.
(3)
Bears the binary label as described by a NIST conforming labeling scheme.

Legislative History

Amended (as added by Stats. 2018, Ch. 860, Sec. 1) by Stats. 2022, Ch. 785, Sec. 2. (AB 2392) Effective January 1, 2023. See similar section in the Title 1.81.26 added by Stats. 2018, Ch. 886.