Sarah Lyons, from the National Cyber Security Centre, said firms making the products needed to take responsibility.
"Businesses have a major role to play in protecting the public by ensuring the smart products they manufacture, import or distribute provide ongoing protection against cyber-attacks and this landmark Act will help consumers to make informed decisions about the security of products they buy," she said.
Ken Munro a security researcher for Pen Test Partners, a firm that carries out ethical hacking against smart devices, described the new law as "a step in the right direction".
"It's got teeth, which I love," he said.
Previously it has been too easy for manufacturers to end support for older products as they rolled out new models, he said, and it would be useful for consumers to be able to compare how many years of support were promised for the product they are purchasing.
A longer support period suggested a manufacturer that was generally taking cyber-security seriously, he said.
"I think some device manufacturers at the bottom of the market might pay lip-service and do the bare minimum to make their products secure," he said.
Rocio Concha, director of policy and advocacy at consumer group Which? said the new law would give consumers "vital protections".
But the Office for Product Safety and Standards should be prepared to "take strong enforcement action against manufacturers if they flout the law" he added.