0845 130 8499
x
x


The PSTI Act & Product Security: What you need to know

 

What is PSTI?

The Product Security and Telecommunications Infrastructure (PSTI) Act, originally signed off in 2022, comes into effect on 29th April 2024.

The Act comprises of two sections, the first focussing on product security, and the second on improvements needed to the telecommunications infrastructure on the UK.

Objective

To ensure consumers of connectable devices (IoT products) are better protected against cyberattacks.

Who does it affect?

Manufacturers, importers, and distributors of connectable devices

Which products are covered?

The legislation covers all devices that can be connected to a network or internet, including:

  • Smartphones
  • Cameras, speakers, and TV’s.
  • Wearable fitness trackers
  • Children’s toys and baby monitors
  • Internet of Things hubs and base stations that connect to several devices.
  • Safety products such as smoke detectors or door locks
  • Home automation alarm systems
  • Smart home appliances
  • Smart home assistants
  • Outdoor connected leisure products such as non-wearable GPS trackers

The Act excludes the following:

  • EV charge points
  • Medical devices that fall under the MDR
  • Smart meters
  • Computer equipment such as laptops and desktops that do not have the ability to connect to a cellular network.

How to Comply

The PSTI Act is self-regulating legislation, whereby the Secretary of State has the powers to examine products to ensure compliance.

The security element of the legislation incorporates the following:

  • Default passwords, or easily guessed passwords are banned.
  • Manufacturers must have a product “vulnerability disclosure policy” to allow external parties to report and publish product vulnerabilities.
  • Manufacturers must provide details of how long the product will be supported with security updates.
  • A statement of compliance must be provided by manufacturers, following a suitable evaluation of the product.

Non-compliance

The Act creates an enforcement regime to prevent goods that do not comply with the security standards set out in the legislation from being sold in the UK. Any manufacturers falsely claiming their products are compliant face a maximum fine of £10 million, or 4$ of worldwide revenue, whichever is greater.

More information

For more information, please visit.

https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime

https://www.legislation.gov.uk/uksi/2023/1007/schedule/4/made

For more information about how IMS can help you comply with the PSTI Act, contact the IMS team today