UL Solutions, the Illinois-based firm overseeing the FCC’s Cyber Trust Mark program, has withdrawn from its lead role following national security concerns over its ties to China.
The Internet of Things (IoT) cybersecurity labeling program was installed in January under the Biden adminstration only weeks before US President Donald Trump was sworn into office.
The FCC’s voluntary program was designed to help consumers “make informed decisions” about which wireless IoT smart devices to purchase, with products that meet robust cybersecurity standards receiving the US Cyber Trust Mark label.
The program relies on a public-private collaboration, with UL Solutions designated as the Lead Administrator and one of eleven approved Cybersecurity Label Administrators (CLAs) at its inception.
Chanté Maurio, Vice President and General Manager of Identity Management and Security at UL Solutions, submitted an official notice of withdrawal to the US Federal Communications Commission (FCC) on December 19th.
“Over the last year, we have worked diligently and collaboratively to make significant progress supporting the FCC’s objectives for the Program,” the one-page letter states.
“We’ve led a broad-based stakeholder process to develop recommendations for the technical requirements, market surveillance practices, and rules for the design and use of the Program label, among other initiatives,” Maurio said.
“Having now delivered many of the foundational elements of the Lead Administrator role and given other considerations, we respectfully submit our notice of withdrawal as Lead Administrator effective as of the date of this letter,” he said.
FCC investigates deep ties to China
In June, the FCC’s Council on National Security, under the direction of the Trump administration, launched an investigation to determine the program’s future, Fox News reported at the time.
FCC Chairman Brendan Carr, who led the investigations, in an internal FCC memo, expressed deep concern that UL Solutions and certain other labeling administrators would become “a back door to CCP sabotage."
Taking issue with a joint venture between UL Solutions and the state-owned China National Import and Export Commodities Inspection Corp., based in Beijing, Carr also noted that UL Solutions still has "18 China-based testing locations," calling three of them "particularly alarming."
He said the company had not "shied away" from its ties to China since being approved to lead the USCTM, Fox News reported.
"The idea behind the Cyber Trust Mark is sound. However, under the current setup, Chinese companies with ties to the CCP could use this program to get a US government-backed stamp of approval,” said Rep. John Moolenaar, head of the House Select Committee on the CCP, on the national security conflict.
That’s not just misleading – it’s dangerous. We can’t let a cybersecurity label give Americans a false sense of safety while handing Beijing a loaded gun inside our own networks,” he said.
Biden’s executive order states that by January 4th, 2027, all IoT products sold to the US government must carry a new US Cyber Trust Mark label.
Although some of Biden’s last-minute cybersecurity initiatives were scrapped by the President when he took office, Trump kept the Trust Mark provision.
The program covers all IoT smart products sold in the US, including home security cameras, TVs, internet-connected appliances, fitness trackers, and baby monitors. The set of security standards for the USCTM was approved by the National Institute of Standards and Technology (NIST).
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked