The federal German body responsible for information security has published some recommendations for how consumers’ internet routers should behave by default, including limiting the initially-enabled services, requiring firewall functionality, and mandating the deletion of all personal data on a factory reset https://www.theregister.co.uk/2018/11/20/germany_versus_openwrt_ccc/.

This looks like a welcome first step, even if some argue it doesn’t go far enough.