PSTI Regulations come into force
Product Security and Telecommunications Infrastructure Act Regulations have come into force today across the UK. All internet connected smart devices will be required by law to meet minimum-security standards.
About the PSTI Act
The Product Security and Telecommunications Infrastructure Act comprises two pieces of legislation:
Part 1 of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022; and
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.
The PSTI Act received Royal Assent in December 2022.
What are the Security Requirements?
Ban default passwords. Products that come with default passwords are an easy target for cyber criminals.
Require products to have a vulnerability disclosure policy. Security researchers regularly identify security flaws in products, but need a way to give notice to manufacturers of the risk they have identified, so that they can enable the manufacturer to act before criminals can take advantage. The Bill will provide measures to help ensure any vulnerabilities in a product are identified and flagged.
Require transparency about the length of time for which the product will receive important security updates. Consumers should know if their product will be supported with security updates, and if so, what the minimum length of time is that they can expect that support to continue.
More information can be accessed here.
Available Materials:
Published Government Guidance: Regulations: consumer connectable product security - GOV.UK (www.gov.uk)
The following guidance has been produced by the Smart Technology (Product Safety) Stakeholder Group, a round table forum for key stakeholders to discuss and promote best practice and safety in relation to smart technology: PSTI - Guide for Industry (electricalsafetyfirst.org.uk)
NCSC Consumer Snapshot: New security law for smart devices: Your rights as a consumer (ncsc.gov.uk)
techUK has supported the development of the PSTI Act for the past 6-years, since the development of the Consumer IOT Voluntary Code of Practice. We welcome the ambition of the Act, to strengthen resilience of connected devices across the UK. We continue to work with DSIT and the regulator OPSS, to ensure a smooth implementation, encourage compliance and develop best practice.
To join the techUK/AMDEA PSTI Act Manufacturers WG, please get in touch with [email protected].
Dan Patefield
Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.
Upcoming Cyber Security events
Joint techUK / UKspace Satellite Telecommunications Committee Q2 Meeting 2024
London Meeting
Joint techUK/UKspace Positioning, Navigation and Timing Committee 2024 Q2 Meeting
London and Online Meeting
Cyber Security updates
Sign-up to get the latest updates and opportunities from our Cyber Security programme.