Telephone : 01908 041 464 | Email : sales@isocomplianceregister.co.uk
Quick Jump

The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023

Overview

The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023, also known as the PSTI Regulations 2023, mark a significant step in ensuring the security of consumer connectable products in the United Kingdom. These regulations have been established under the Product Security and Telecommunications Infrastructure Act 2022 and the European Union (Withdrawal) Act 2018. The aim is to create a legislative framework that prevents manufacturers from selling insecure consumer connectable products to UK customers.

The PSTI Regulations 2023 are designed to address the growing concerns surrounding the security of consumer connectable products. These products, which include everything from smart home devices to wearable tech, offer immense benefits to consumers and businesses. However, their connectability also presents significant cybersecurity risks. Malicious actors can exploit vulnerabilities in these devices, leading to data breaches, cyber fraud, and even physical harm.

The primary objective of these regulations is to make the UK a safer place for online activities and business operations by ensuring that consumer connectable products meet fundamental security requirements. The regulations mandate manufacturers to comply with three key security requirements:

  • Banning Universal Default Passwords: Manufacturers are prohibited from using universal default passwords or easily guessable default passwords. These passwords, if compromised, can provide hackers with the ability to compromise devices at scale, posing significant security risks.
  • Reporting Security Issues: Manufacturers must maintain awareness of existing and emerging security issues related to their products. They are required to publish contact information for reporting these issues, enhancing transparency and responsiveness to security concerns.
  • Security Update Transparency: Manufacturers must disclose how long their products will be supported with security updates. This “defined support period” information helps consumers make informed decisions about product purchases based on security considerations.

The PSTI Regulations 2023 will come into force on the 29th of April 2024 and apply exclusively to the United Kingdom.

psti regulations

Do the PSTI Regulations 2023 affect my business?

The introduction of the PSTI Regulations 2023 has wide-ranging impacts on businesses operating in the UK, particularly those involved in manufacturing, distributing, or selling consumer connectable products. Here are some key impacts:

  • Compliance Costs: Businesses will need to invest in ensuring their products meet the security requirements outlined in the regulations. This may involve redesigning products, updating software, and implementing new security protocols. The estimated impact on businesses over a 10-year period is approximately £187.3 million.
  • Enforcement Costs: The public sector will incur costs related to enforcing compliance with the regulations. These costs are estimated at £5.86 million over a 10-year period.
  • Small Business Considerations: Small businesses, employing up to 50 people, are not exempt from these regulations. To mitigate potential disproportionate impacts on small businesses, tailored guidance will be provided to help them adjust their practices and minimize compliance costs.
  • Supply Chain Impact: The regulations affect various stages of the supply chain, from manufacturers to retailers. Each entity within the supply chain must ensure compliance with security requirements, potentially increasing costs and administrative burdens.
  • Transparency and Accountability: Manufacturers must be more transparent about security aspects of their products. This places an additional responsibility on businesses to communicate security-related information effectively to consumers.
  • Long-Term Support: Disclosing the defined support period for security updates may impact product development and business strategies, as companies need to plan for ongoing support.

While the PSTI Regulations 2023 impose compliance costs on businesses, they also provide benefits such as increased consumer trust and improved cybersecurity. Businesses operating in this sector should proactively work towards compliance to navigate the changing landscape of product security legislation.

Do I need the PSTI Regulations 2023 in my ISO Compliance Register?

You will need the PSTI Regulations 2023 in your ISO Compliance Register if your business falls under one or more of the following categories:

  • Manufacturers: Manufacturers of consumer connectable products must ensure their products meet the security requirements outlined in the regulations. Compliance involves investing in security measures, redesigning products, and providing ongoing support.
  • Retailers: Businesses that sell consumer connectable products are affected by the regulations. They need to ensure the products they offer comply with security requirements and provide customers with accurate information regarding security features.
  • Importers: Companies importing consumer connectable products into the UK are subject to compliance requirements and may need to work closely with manufacturers to ensure security standards are met.
  • Small Businesses: Small businesses, while impacted, receive tailored guidance to help them adapt to the new requirements without undue burden.
  • Consumers: While not businesses per se, consumers are indirectly affected by these regulations. They benefit from increased security and transparency in the products they purchase.

Legislation related to the PSTI Regulations 2023

Legislation related to the PSTI Regulations 2023 include:

  • Telecommunications Act 1984
  • Telecommunications (Security) Act 2021
  • The Telecommunications (Data Protection and Privacy) Regulations 1999
  • Product Security and Telecommunications Infrastructure Act 2022

More information

Visit the PSTI Regulations 2023 article on the legislation.gov.uk website.

Create an account in the ISO Compliance Register App and add this article to your Register.