ALBANY, N.Y. — Senator Patricia Fahy (D—Albany) announced she is introducing the Connected Consumer Product End of Life Disclosure Act (S.8507 Fahy) to require manufacturers of internet-connected devices, ranging from smart home gadgets to medical and security equipment, to disclose the end of life date at time of purchase and how long they will provide essential support such as security updates, bug fixes, and firmware maintenance. The proliferation of smart technology and devices across our broader society shows just how urgent this is: there are an estimated seventeen billion connected devices worldwide, and if even a third become obsolete within five years, over 5.6 billion devices could be exposed to exploitation and security risks.

“End-of-life” smart devices are internet-connected products that manufacturers stop supporting after a set number of years. Once that support ends, companies no longer provide software updates, security patches, or bug fixes, leaving devices exposed to hackers, data theft, and botnet attacks. Features may stop working if cloud services shut down, and many devices simply won’t connect with newer systems. This means that a functioning product can quickly become unsafe, unreliable, or useless, leaving consumers with costly technology that’s effectively been abandoned by the manufacturer. This legislation enables consumers to make informed choices and be aware of when a device will be obsolete.

This legislation is being introduced amid alarming findings from Cornell University that more than 2 million embedded devices technically declared end-of-life are still actively in use, and nearly 300,000 of them persist for five years past their manufacturer-stated support, with many carrying high-risk cybersecurity vulnerabilities. There are more than 1.8 million smart-home-device users in New York State, according to Start.io.

This engineered turnover places a financial burden on consumers and passes on costs to the average American household, and particularly low-income households that cannot afford frequent replacements. Some studies estimate that planned obsolescence costs the average American household over $1,000 annually for technology devices.

“When you buy a device that promises to protect your home or monitor your health, you shouldn’t also be buying uncertainty and inherent security risks,” said Senator Patricia Fahy (D—Albany). “Most consumers don’t know that when they buy a smart device, it comes with a predetermined end of life date, or date when that device becomes vulnerable to cyberattacks, hacking, and more. If companies are going to sell devices that stay online, track consumers’ data, or keep our lives connected, this legislation says that they must be honest about how long those devices will be safe and supported, and they must notify consumers in advance when support is ending so people are not at risk without knowing. It’s time to end this practice of ripping off consumers while they unknowingly possess and continue to use obsolete and unsafe devices.”

Furthermore, this legislation also requires them to provide notice when a device reaches end of life. It would also require internet service providers that lease or provide connected devices to remove or replace unsupported devices, ensuring consumers are not left with devices that become security liabilities.

###