“The report and draft Code of Practice advocates a fundamental shift in approach to moving the burden away from consumers having to secure their devices and instead ensure strong cyber security is built into consumer IoT products by design.
The draft Code of Practice for industry contains 13 practical steps to improve the cyber security of consumer IoT.”
Audience of the draft CoP is Device Manufacturers, IoT Service Providers, and Mobile Application Developers (!)
https://www.enisa.europa.eu/news/member-states/uk-government-published-security-by-design-report