| | EN
Location:Home - > Europe > United Kingdom - The UK Product Security and Telecommunications Infrastructure (Product Security) regime

United Kingdom

Voltage: 230V
Frequency: 50Hz
Official Language: English

1.Close cooperation and connection with the certification body
2.Thoughtful aftersales assistance
3.Rich practical experience guidance for kinds of product

The UK Product Security and Telecommunications Infrastructure (Product Security) regime

In December 2022, the UK passed the Product Security and Telecommunications Infrastructure Act 2022, referred to as PSTI.

The Act consists of two main parts.

PART 1 Product security

For the requirements of Part 1 of the Product Security and Telecommunications Infrastructure Act 2022, the Department for Science, Innovation and Technology (DSIT) has formulated the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 [draft], which will require manufacturers of UK consumer-connectable products to comply with minimum security requirements. This draft has yet to be passed by the British Parliament.


PART 2 Telecommunications infrastructure

Because many of the connected products on the market today suffer from fundamental cybersecurity flaws, as these products become more globally pervasive, they become easier targets for cybercriminals and can have significant risk for consumers and infrastructure. Therefore, the product must have basic protective measures.


This security regime is expected to come into effect on April 29, 2024. And from that date, companies involved in the supply chain of these products will need to comply with this legislative framework. A grace period of 12 months is expected from the date of publication until implementation.


The new cybersecurity regime is mandatory and applies to all connected consumer products made available to UK consumers, regardless of how they are sold. Typical products include IoT appliances such as smartphones, tablets, laptops, connected toys, connected monitors, smart doorbells, washing machines and refrigerators.


The security requirements in the regulation, the main requirements are derived from and related to the three major principles of the Code of Practice for Consumer IoT Security and the requirements of the ETSI EN 303 645 standard.


According to the Act, the use of easy-to-guess preset passwords will be banned, and relevant manufacturers must be more transparent about product security update periods and establish a better public reporting system for product vulnerabilities. If the operator violates the regulations, depending on the circumstances, it may face a fine of up to 10 million pounds or 4% of the global turnover, and if it continues to violate the regulations, it may face a daily fine of up to 20,000 pounds.


As this regulation is still under review, we will continue to monitor any updates.


What to do now?

It is suggested to consider the key safety priorities established in the code as a reference frame for product design.

Perform ETSI EN 303 645 test.



Copyright © 2008-2019 BTL Inc. All Rights Reserved ICP NO.18145055粤ICP备18145055号  技术支持:东莞网站设计