UK product cyber security - PSTI Act

UK product cyber security - PSTI Act

Red Overlay
UK product cyber security - PSTI Act
UK product cyber security - PSTI Act
Red Overlay

To discuss your requirements with one of our industry experts fill in the form below.

Heads up to be ready for the next UK product cyber security regime

On 6 December 2022, the UK Government passed the law on the Product Security and Telecommunication Infrastructure Act 2022, also called the PSTI Act.

The new PSTI measures

The new law includes measures that will introduce a series of improved and relevant security protections to tackle the ongoing threats of cybercrime including:

  • The use of universal default and easily guessable passwords on consumer-connectable products has been banned.
  • Mandatory reporting of security issues, including providing information on manufacturer contact details to enable notification of any vulnerability found.
  • Manufacturers will be required to inform customers about the product's security update support period before allowing purchase on their website.

This world-leading PSTI regime will come into effect on 29 April 2024 and it means that manufacturers have less than one year to become compliant with this new regime setting the minimum-security standards for IoT consumer products with internet connectivity. 

Who falls under the new requirement

This law applies to many different consumer IoT products, including but not limited to:

  • connected safety-relevant products such as smoke detectors, fire detectors and door locks;
  • connected home automation devices, smart doorbells and alarm systems;
  • Internet of things base stations and hubs to which multiple devices connect;
  • smart home assistants;
  • smartphones;
  • connected cameras (IP and CCTV);
  • wearables;
  • connected fridges, washers, freezers, coffee machines;
  • game consoles;
  • and other similar products.

Certain devices such as EV charging points and medical products amongst others are excluded from this regime.