SB 898 creates a new chapter in California’s Business and Professions Code that forces makers of internet‑connected consumer products to commit to a minimum guaranteed support timeframe, display that timeframe to prospective buyers, and refrain from shortening it. The bill also requires public and owner notices six months before and on the date a product reaches “end of life,” with information about lost features, security risks, and options for continuing safe use.
Beyond manufacturers, the bill imposes duties on businesses that lease or supply connected products as part of a service: they must ensure manufacturer updates are received and applied and must replace devices at no extra cost to customers when a product reaches end of life, if a comparable replacement is reasonably available. Violations are treated as deceptive acts under the Unfair Competition Law, exposing companies to UCL enforcement and remedies.
At a Glance
What It Does
SB 898 requires manufacturers to set and conspicuously disclose a minimum guaranteed support timeframe (with a specific end date) on packaging, websites, and at point of sale, and bars later reductions. It requires two mandatory end‑of‑life notices and obliges businesses that lease or supply devices to apply updates and replace EOL units at no cost if a comparable device is reasonably available.
Who It Affects
Device manufacturers of consumer goods that connect to the internet (including hardware, companion apps, and cloud infrastructure), retailers selling those products in California, and service providers that lease or bundle connected products with customer services.
Why It Matters
The bill shifts lifecycle risk from buyers and service customers onto manufacturers and suppliers, formalizing support commitments and requiring concrete EOL communications—measures that change procurement, inventory, warranty planning, and security practices for IoT and cloud‑dependent consumer goods.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
SB 898 draws a bright line around how manufacturers must describe the lifespan and support of internet‑connected consumer products. It requires each manufacturer to commit to a minimum guaranteed support timeframe that includes a specific calendar date and to display that commitment prominently at point of sale, on product packaging, and on the product’s website.
Once the manufacturer posts that timeframe, the bill forbids shortening it, which prevents retroactive reductions in promised support windows.
The bill also imposes two concrete notification deadlines tied to end of life: a public and owner notice at least six months before support ends, and another notice on the day support stops. Those notices must explain what consumers will lose (features, interoperability), the security implications, and steps a consumer could take if they wish to keep using the product safely.
By spelling out content requirements for EOL notices, the statute aims to make end‑of‑life communication actionable rather than vague.SB 898 reaches beyond manufacturers to businesses that own or control connected products they lease or provide as part of a service. Those businesses must ensure manufacturer updates are promptly received and installed on their deployed devices.
When a product reaches end of life, the business must replace the device—at no extra charge to the customer—with a comparable unit capable of receiving necessary updates, but only if a comparable product is reasonably available to the business. Finally, the bill classifies violations as deceptive acts under California’s Unfair Competition Law, enabling civil enforcement and remedies under that statutory framework.
The Five Things You Need to Know
The bill defines “connected consumer product” to include hardware, companion mobile applications, and any necessary cloud infrastructure intended for consumer use that connects to the internet directly or indirectly.
Manufacturers must disclose a ‘minimum guaranteed support timeframe’ that ends on a specific calendar date and must display it at point of sale (when practicable), on product packaging, and on the product’s website.
Once disclosed, a manufacturer may not reduce the advertised minimum guaranteed support timeframe.
Manufacturers must notify the public and owners twice: six months before a product’s end of life and on the day it reaches end of life, including details on lost features, security risks, interoperability changes, and options to continue safe use.
Businesses that lease or provide connected products as part of a service must ensure updates are applied and must replace EOL products at no additional cost to customers with a comparable product if one is reasonably available.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Definitions for scope and key terms
This section sets the statutory vocabulary: a connected consumer product covers devices, mobile apps, and required cloud components that connect to the internet; end of life is when the manufacturer stops providing necessary support or updates; manufacturer and minimum guaranteed support timeframe are also defined. The definitions determine the bill’s reach—by including apps and cloud infrastructure, the law targets not just physical gadgets but whole service-dependent product ecosystems.
Support timeframe disclosure and no‑reduction rule
Subsection (a) requires manufacturers to establish and prominently disclose a minimum guaranteed support timeframe at point of sale when practicable and on packaging and the product webpage. Subsection (b) forbids a later reduction of that timeframe. Practically, manufacturers will need policies tying support commitments to specific dates and sales materials; they must also adopt internal controls to avoid shortening those commitments via product updates or policy changes.
End‑of‑life notification content and timing
This subsection mandates two notices—a six‑month advance notice and a notice on the end‑of‑life date—delivered both publicly and to owners. Notices must spell out actions a consumer can take to remain secure and list features lost, security risks, and interoperability reductions. Those content requirements mean manufacturers must prepare technical and customer‑facing explanations in advance rather than issuing cursory, legalistic statements at EOL.
Obligations for businesses that lease or supply devices
This provision imposes operational duties on businesses that own or control devices provided as part of a service: apply manufacturer updates promptly and replace products at their end of life with a comparable unit at no added cost to the customer if a reasonably available comparable product exists. Compliance will require asset tracking, update verification, and replacement budgeting within service contracts or subscription models.
Enforcement under the Unfair Competition Law
The statute labels violations as deceptive acts or practices under California’s UCL. That ties remedies to the UCL’s toolbox—potential equitable relief and restitution claims—rather than creating a new private right with bespoke penalties. Companies facing alleged violations should expect UCL litigation strategies (injunctions, restitution) rather than administrative fines embedded in the bill text.
Legislative intent on software tethering
The bill opens with an intent statement about software tethering, signaling the Legislature’s focus on situations where hardware is rendered dependent on software or remote services. While not operative, the clause explains the policy rationale guiding the bill: preventing devices from becoming unusable simply because manufacturers withdraw software or cloud support.
This bill is one of many.
Codify tracks hundreds of bills on Technology across all five countries.
Explore Technology in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Retail and individual consumers who buy connected products in California — they gain predictable, date‑certain support windows and clearer information on security and feature loss when products are retired.
- Customers of subscription or device‑as‑service offerings — businesses must apply updates and, in many cases, replace EOL units at no additional cost, reducing service disruptions and surprise upgrade charges.
- Security‑focused organizations and researchers — mandatory EOL notices that enumerate security risks create clearer signals for vulnerability management and risk assessments.
- Aftermarket and repair service providers — clearer support timeframes and EOL schedules improve planning for parts inventories, repair windows, and resale markets for used devices.
Who Bears the Cost
- Manufacturers of connected consumer goods — they must set, publish, and honor fixed support windows, prepare detailed EOL communications, and manage the legal risk of UCL claims if they fail to comply.
- Service providers and businesses that lease or supply devices — they must track updates, validate installations, and budget for no‑cost replacements when devices reach EOL, creating operational and capital costs.
- Small and niche hardware makers — those with limited margins or short product cycles may face disproportionate burdens to guarantee long support windows or to maintain cloud services for older products.
- Retailers and point‑of‑sale systems — sellers must display support timeframes at point of sale when practicable and ensure website and packaging compliance, adding logistics and labeling costs.
Key Issues
The Core Tension
The bill pits consumer predictability and security—longer, enforceable support commitments and clear EOL communications—against the commercial realities of hardware lifecycles, cloud dependency, and cost: guaranteeing long support or replacing devices protects users but can impose heavy, sometimes unbudgeted costs on manufacturers and service providers or push them to limit product availability in California.
SB 898 is straightforward in its demands but leaves important implementation questions open. The statute hinges on terms such as “necessary updates and support,” “comparable product,” and “reasonably available,” each of which will determine how onerous compliance becomes.
For example, manufacturers and lessees will disagree over whether feature deprecation counts as a loss requiring replacement, or whether security patches delivered only via cloud services meet the standard of “necessary updates.” Those interpretive gaps create litigation risk under the UCL because plaintiffs can argue that a company’s post‑sale conduct was deceptive even where technical judgments are arguable.
Operationally, the replacement duty for businesses that provide devices as part of a service creates supply chain and budgeting headaches. A business that must replace EOL devices 'at no additional cost' still needs to source comparable stock when global component shortages or product discontinuations are common.
The “reasonably available” qualifier softens the obligation but is fact‑sensitive and likely to drive disputes. Finally, the bill does not create a separate enforcement regime or civil penalty schedule; it folds disputes into the UCL framework, which favors broad equitable remedies but also introduces class‑action dynamics and attorney‑fee pressures that can magnify compliance costs beyond the direct cost of replacements or continued support.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.