we’ve already got an “S” for Security in the IoT name, why do you need a separate Mark to call out how trustable ‘smart’ devices are?

This is not a good idea. Labelling certifications for things like electrical safety or radio emissions standards make sense, as they’re meeting regulatory requirements.

The problem with Cyber Security is there is no such thing as perfectly secure. A secure device today, could have a vulnerability discovered tomorrow. Additionally, a big part of Cyber Security for devices is maintaining software/firmware patching is up to date. A stamped mark to say something is secure would provide a false sense of security, and could reduce the awareness of the user to the potential risks of not maintaining their devices.

So I’m not entirely sure I can trust that there will be useful regulation, but it’s definitely an area where useful regulation is desperately needed. Smart everything in the privacy of your home sounds great until you look at how absurdly huge of an attack vector they create. The data exfiltration is bad on its own, but the possibility of deliberate back doors with minimal consequences for lesser known brands is out there, and even “credible” brands mostly don’t put near the effort into security they should.

Ideally I would make it a requirement that devices could be configured to never phone home (and published APIs or used standardized ones for self hosting). It won’t happen, but without it the companies willing to subsidize devices to be spyware have a massive competitive advantage.