The Federal Communications Commission’s voluntary Cyber Trust Mark program, intended to certify the cybersecurity of Internet of Things (IoT) devices sold in the U.S., has hit a major roadblock as UL Solutions, the Illinois-based company chosen to serve as the program’s Lead Administrator, officially withdrew from its role. UL submitted its letter of withdrawal on December 19, 2025, after facing an internal national security investigation launched by the FCC last year into its global operations and alleged ties to China — including partnerships and technology testing facilities within Chinese borders — raising concerns about potential foreign influence and data security risks. The departure leaves the future of the Cyber Trust Mark initiative in deep uncertainty, with regulators yet to name a replacement administrator or clarify whether the program will continue under its original design. The program, introduced during the previous administration to help consumers identify devices meeting minimum cybersecurity standards, had not yet reached widespread implementation when the withdrawal occurred, prompting questions over the FCC’s ability to balance national security priorities with efforts to improve smart device security.
Sources:
https://www.techradar.com/pro/security/firm-overseeing-fccs-cyber-trust-mark-program-withdraws-over-ties-to-china
https://www.cybersecuritydive.com/news/fcc-cyber-trust-mark-iot-labeling-ul-withdraw/808732/
https://www.nextgov.com/cybersecurity/2026/01/ul-solutions-withdraws-lead-admin-fcc-cyber-label-program-amid-probe-china-ties/410448/
Key Takeaways
• UL Solutions’ withdrawal stems from an FCC national security investigation focusing on its China connections and associated testing facilities.
• The Cyber Trust Mark program’s future is unclear as the voluntary IoT cybersecurity labeling initiative now lacks its designated Lead Administrator.
• The episode underscores broader U.S. concerns about foreign influence in tech certification and the challenge of securing smart devices without compromising national security.
In-Depth
In a development that has cast doubt over one of the Federal Communications Commission’s flagship consumer cybersecurity initiatives, UL Solutions — the company tapped to oversee the Cyber Trust Mark program — has formally stepped away from its role amid heightened scrutiny of its ties to China. Launched during the Biden administration with bipartisan aspirations to raise the security baseline for connected devices like smart cameras, speakers, and appliances, the Cyber Trust Mark was modeled on trusted certification frameworks such as Energy Star. It aimed to help American buyers distinguish products that meet robust cybersecurity benchmarks.
However, as national security concerns escalated, the tone and priorities at the FCC shifted. Under Chairman Brendan Carr, the Commission initiated an internal review last summer into UL’s global operations, particularly its partnerships and testing labs in China — moves that raised red flags among conservative policymakers wary of potential influence or surveillance risks tied to Beijing. Though UL had been working with regulators to deliver foundational elements of the program, the ongoing security review and the broader climate of tech competition ultimately led it to withdraw its leadership on December 19, 2025.
This development leaves the program in limbo. With no clear replacement administrator identified and questions about how to manage security reviews without foreign entanglements still unresolved, the Cyber Trust Mark initiative’s rollout has stalled. The episode highlights the tension between improving consumer cybersecurity and safeguarding national tech infrastructure from foreign adversaries, sparking debate over how best to proceed without compromising either objective.
Sources follow the summary above.