The law is for devices that come out of the box with a weak default. Like buying a wifi hotspot where the default is "admin123" would be bad. The default being random and printed on a label in the device is probably what this is aiming to usher in.
From what I see on the article, it looks like it mostly applies to manufacturer set passwords - though it does look like the devices are now required to prompt the user if they try to set a weak or common password (though I can't remember the last time I wasn't prompted)