Another great step would be a guarantee of making the firmware Open Source after no more than a certain amount of time, and having that guarantee known at compile time. Effectively, that means the device will always be supportable.
It's not inconceivable that this could be a requirement for getting a label (or some tier of label.) It depends how the advocacy comes out on the record.
The requirement can be easily bypassed by going bankrupt before the required time is up. You will soon hear advice like "if you want to get in to the IoT space, create a new C Corp for each iteration of your product..."
Whatever you require them to disclose after X years, it must be escrowed with a trusted third party in advance.
It's not inconceivable that this could be a requirement for getting a label (or some tier of label.) It depends how the advocacy comes out on the record.