In December 2022, the UK government officially passed the Product Security and Telecommunications Infrastructure Act 2022 (PSTIA), which will be enforced from April 29, 2024. It consists of two parts: one focusing on product safety requirements against cyberattacks, and the other supporting the deployment of mobile, fiber, and gigabit networks.
Under the PSTIA, the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations were established, outlining minimum security standards for products sold to UK consumers.
Key requirements of the PSTI Regulations include password standards, minimum security update cycles, and protocols for reporting security issues.
Scope of PSTI Regulations Applicable Products: Products that can connect to the internet (directly/indirectly) include:
- Smartphones
- Internet-connected cameras, TVs, and speakers
- Internet-connected children’s toys and baby monitors
- Internet-connected safety-related products like smoke detectors and door locks
- IoT base stations and hubs connecting multiple devices
- Bluetooth products supporting multipoint connections, such as headphones and speakers that can maintain simultaneous connections
- Wearable internet-connected fitness trackers
- Outdoor leisure products like handheld GPS devices (not wearable)
- Internet-connected home automation and alarm systems
- Internet-connected home appliances like washing machines and refrigerators
- Smart home assistants
Exempt Products: Products covered by existing legislation (including healthcare monitoring products and smart meters) or complex products (like autonomous vehicles) are not included in the PSTI Act. Additionally, products sold in Northern Ireland; desktop computers, tablets used by individuals aged 14 and above; smart meters, electric vehicle charging stations, and medical devices are exempt.
Businesses need to comply with the PSTIA by providing new compliance statements for their products. Non-compliance can result in significant fines and product recalls, so it’s crucial for manufacturers to assess and meet these regulatory requirements to protect their interests.