I'm quite surprised the Kitemark still exists - I thought it had been superceded by CE marking.
In any case, I can't see any government wanting to run acceptance testing of internet appliances. What would it need ? Sealed packet filters on PCs ? A ban on building any internet-connected device even in your own home ? Months of approval testing as for wireless products ?
So the best we're likely to get is self-certification. I guess that could be coupled with a big stick if you self-certify and your product is then broken into and used for an attack, but can you see the big OS vendors opening themselves to this ?
For all the recent horror stories about IoT-based attacks, they only exist because they're currently low-hanging fruit, easier to find and hack than the former targets, PCs. Regulation will cost too much and software quality will only ever be 'just good enough' - as it always has been in any other arena.
If you want to protect the net against this sort of abuse, the net has to defend itself. You're never going to be in control of the endpoints, so it needs to be able to manage uncooperative endpoints. Perhaps by source address verification, probably by some other means that can also handle rogue ISPs.