Recently, the British government announced the PSTI regulations, namely the Product Safety and Telecommunications Infrastructure (Security Requirements for Relevant Connected Products) Regulations 2023. This regulation was officially enacted on September 14, 2020, and it was determined that the PSTI safety system will take effect from April 29, 2024. This regulation applies to England, Wales, Scotland and Northern Ireland
Recently, the UK government announced the PSTI regulation, the Product Safety and Telecommunications Infrastructure (Safety Requirements for Associated Connectable Products) Regulations 2023. The regulation was formally legislated on September 14, 2023 and it was determined that the PSTI security regime will be effective from April 29, 2024 onwards. This legislation applies to England, Wales, Scotland and Northern Ireland.
The new PSTI regulations stipulate the minimum security baseline requirements for products provided to UK consumers. The regulations are mainly based on the UK Consumer IoT Security Code of Practice and the world's leading consumer IoT security standard ETSI EN 303 645, which requires passwords, minimum There are corresponding regulations and requirements on the security update time cycle and how to disclose security issues.
The new PSTI regulation sets out the minimum security baseline requirements for products supplied to consumers in the U.K. Its regulations are largely based on the U.K. Code of Practice for Consumer IoT Security as well as the world's leading consumer IoT security standard, ETSI EN 303 645, with corresponding regulations and requirements for passwords, minimum security update inter.
PSTI Introduction
Cybersecurity has become a key issue that cannot be ignored in modern society. According to GSMA forecasts, by 2025, the number of global IoT device connections will reach 25 billion. Among these connections, consumer IoT devices will account for 11 billion, while industrial IoT devices will reach 14 billion, accounting for more than half of the total global connections. With the rapid increase in the number of IoT devices worldwide, countries have formulated cybersecurity laws and regulations to strengthen the standardized management of IoT products on the market. The UK's Product Safety and Telecommunications Infrastructure Act 2022 (PSTIA) was formulated against this background.。
Cybersecurity has become a critical topic that cannot be ignored in modern society. According to the GSMA, by 2025, the number of global IoT device connections will reach 25 billion. Of these connections, consumer-grade IoT devices will account for 11 billion, while industrial-grade IoT devices will reach 14 billion, more than half of the total global connections. With the rapid increase in the number of IoT devices globally, countries have enacted cybersecurity laws and regulations to strengthen the standardization of IoT products in the market. The UK's Product Security and Telecommunications Infrastructure Act 2022 (PSTIA) was developed against this backdrop.
PSTIA consists of two parts:
Part 1: Lists product security requirements for in-scope connected products to help protect against cyberattacks.。
Part 1: sets out the product security requirements for in-scope connected products to help defend against cyber attacks.
Part 2: Focus on the deployment and expansion of mobile-enabled, full fiber and gigabit networks。
Part 2: Focuses on the deployment and expansion of mobile-enabled, full-fiber and gigabit networks.ow to disclose security issues.
Subsequently, the British government promulgated the Product Safety and Telecommunications Infrastructure (Safety Requirements for Related Connected Products) Regulations (hereinafter referred to as the "PSTI Regulations"), which stipulate the minimum safety requirements for products provided to British consumers. These regulations have been implemented in 2023. It was signed into law on September 14, 2016.
PSTI Product Range
The product range covered by the UK PSTI includes the vast majority of consumer connected products such as smartphones, smart appliances, smart home assistants, cameras, smart door locks, alarm systems, smart home hubs and voice assistants, outdoor activity equipment, children's toys and baby monitors, but also applies to products that cannot be connected directly to the internet but can be connected to multiple other devices, such as smart light bulbs, smart thermostats and wearable fitness trackers.
At the same time, PSTI 2023 also sets out a list of products that are excluded from the regulatory regime, including computers (desktop computers, laptops, tablets without cellular connectivity), medical devices, metering products such as electric vehicle charging pads and smart meters, as well as products supplied to Northern Ireland that are compliant with the relevant legislation are out of scope.
Impact of PSTIA on businesses
Under the PSTIA, as of April 29, 2024, all relevant products must be equipped with a new Declaration of Conformity. This regulation covers most connected products and has a wide scope of application. Companies that do not comply will face severe punitive measures: non-compliant companies could be fined up to £10 million or 4% of their global revenue, with additional penalties of up to £20,000 per day if the violation persists. In addition, the regulator has the power to recall offending products from the market and disclose details of the breach. It is therefore recommended that all relevant manufacturers take an inventory of products sold in the UK market, as well as those planned to be exported to the UK market, and begin a compliance assessment against the PSTI regulations immediately to protect the interests of the business.
