Heads up to be ready for the next UK product cyber security regime

The new law includes measures that will introduce a series of improved and relevant security protections to tackle the ongoing threats of cybercrime including:

• The use of universal default and easily guessable passwords on consumer-connectable products has been banned.
• Mandatory reporting of security issues, including providing information on manufacturer contact details to enable notification of any vulnerability found.
• Manufacturers will be required to inform customers about the product's security update support period before allowing purchase on their website.

This world-leading PSTI regime will come into effect on 29 April 2024 and it means that manufacturers have less than one year to become compliant with this new regime setting the minimum-security standards for IoT consumer products with internet connectivity. 

This law applies to many different consumer IoT products, including but not limited to:

• connected safety-relevant products such as smoke detectors, fire detectors and door locks;
• connected home automation devices, smart doorbells and alarm systems;
• Internet of things base stations and hubs to which multiple devices connect;
• smart home assistants;
• smartphones;
• connected cameras (IP and CCTV);
• wearables;
• connected fridges, washers, freezers, coffee machines;
• game consoles;
• and other similar products.

Certain devices such as EV charging points and medical products amongst others are excluded from this regime.