California state lawmakers should be lauded for SB 327, their well-intentioned legislative attempt at tackling one of the most pressing issues in the tech sector: IoT security. But as the law went into effect at the start of the year, they will also (unfortunately) soon be faced with the reality that it is inadequate for today’s security threat landscape.

To its credit, SB 327 – popularly known as the IoT security law – provides a good first step towards much-needed and extensive cybersecurity legislation: with an estimated 22 billion connected devices worldwide (and as many as 75 billion connected devices by 2025), the very existence of an IoT security law is encouraging. And further praise is warranted because the scope of the bill includes all devices that can connect directly or indirectly to the internet, as well as all connected devices sold in California – not just manufactured there.