In September, California Governor Jerry Brown signed into law a new bill aimed at regulating the security of IoT devices, and it’s set to go into effect in a few short months on January 1, 2020.

While the goal of the law is to better address the risks that increased connectivity brings into the workplace, it instead leaves us with more questions than answers. Broad guidance and lack of clarity around what a “reasonable security feature” is make it difficult for organizations responsible for complying with the law. Yes, it’s a great first step to better securing IoT devices, but it ultimately fails at outlining specific instruction.