There is a concern, and I think that the United States as well as the U.K. have adapted standards in the area of IoT, like a list. The U.K. has a standard of 10 things that it recommends in the IoT area, and vulnerability disclosure policies are number two.
In the U.S., the FTC, the Federal Trade Commission, has taken a very active stance in requiring certain things it sees in the development of this area, as well as the FDA with medical devices. The FDA issued a medical device safety action plan last year requiring a bunch of things, even the development life cycle or the launching of a medical device.
I think the unifying theme across all of these laws and standards is that, because everything is interoperable and connected, everyone has to be doing the same thing. I think that's the purpose of all of these policies and standards, unifying standards like NIST, in these different areas.