PSTI Regulations come into force

Product Security and Telecommunications Infrastructure Act Regulations have come into force today across the UK. All internet connected smart devices will be required by law to meet minimum-security standards.

About the PSTI Act

The Product Security and Telecommunications Infrastructure Act  comprises two pieces of legislation:

Part 1 of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022; and

The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.

The PSTI Act received Royal Assent in December 2022.

What are the Security Requirements?

Ban default passwords. Products that come with default passwords are an easy target for cyber criminals.

Require products to have a vulnerability disclosure policy. Security researchers regularly identify security flaws in products, but need a way to give notice to manufacturers of the risk they have identified, so that they can enable the manufacturer to act before criminals can take advantage. The Bill will provide measures to help ensure any vulnerabilities in a product are identified and flagged.

Require transparency about the length of time for which the product will receive important security updates. Consumers should know if their product will be supported with security updates, and if so, what the minimum length of time is that they can expect that support to continue.

More information can be accessed here.

Available Materials:

Published Government Guidance: Regulations: consumer connectable product security - GOV.UK (www.gov.uk)

The following guidance has been produced by the Smart Technology (Product Safety) Stakeholder Group, a round table forum for key stakeholders to discuss and promote best practice and safety in relation to smart technology: PSTI - Guide for Industry (electricalsafetyfirst.org.uk)

NCSC Consumer Snapshot: New security law for smart devices: Your rights as a consumer (ncsc.gov.uk)

techUK has supported the development of the PSTI Act for the past 6-years, since the development of the Consumer IOT Voluntary Code of Practice. We welcome the ambition of the Act, to strengthen resilience of connected devices across the UK. We continue to work with DSIT and the regulator OPSS, to ensure a smooth implementation, encourage compliance and develop best practice.

To join the techUK/AMDEA PSTI Act Manufacturers WG, please get in touch with [email protected].

Dan Patefield

Head of Cyber and National Security, techUK

Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.

Before joining techUK he worked as Forum Lead for the Westminster eForum. In this role he had a focus on the technology and telecoms space, on issues ranging from Broadband and Mobile Infrastructure, the Internet of Things, Cyber Security, Data and diversity in tech. Dan has a BA in History from the University of Liverpool.

Email:

[email protected]

Phone:

020 7331 2165

Read lessmore

Upcoming Cyber Security events

23 May 2024

Telecoms Security Act: Industry Sessions - May 2024

Online Meeting

28 May 2024

Telecoms Infrastructure Working Group Meeting

Meeting

19 June 2024

Joint techUK / UKspace Satellite Telecommunications Committee Q2 Meeting 2024

London Meeting

Cyber Security updates

Sign-up to get the latest updates and opportunities from our Cyber Security programme.