Managing Editor, IFSEC Insider

Author Bio ▼

James Moore is the Managing Editor of IFSEC Insider, the leading online publication for security and fire news in the industry.James writes, commissions, edits and produces content for IFSEC Insider, including articles, breaking news stories and exclusive industry reports. He liaises and speaks with leading industry figures, vendors and associations to ensure security and fire professionals remain abreast of all the latest developments in the sector.
May 15, 2023


Whitepaper: Enhancing security, resilience and efficiency across a range of industries

IoT Security

Businesses given April 2024 deadline to comply with UK Product Security Act

The Government has announced that businesses impacted by the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act will need to comply by 29 April 2024.

RouterIoTSecurity-PiotrAdamowicz-AlamyStock-22The PSTI Act, which received Royal Assent in December 2022, is designed to ensure all IoT-based consumer products sold in the UK meet a minimum standard of security. It will impact all businesses which manufacture IoT or networked products – from CCTV camera to alarms, kettles, fridges and more.

The Act comprises two parts:

  • Part 1 of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022
  • The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations, subject to parliamentary approval.

From 29 April 2024, the law will require manufactures of UK consumer connectable products to comply with minimum standard requirements.

The minimum requirements are based on the UK’s Code of Practice for Consumer IoT Security, the global standard for consumer IoT security – ETSI EN 303 645 – and on advice from the National Cyber Security Centre.

The three key areas of compliance

Within the legislation, there are three key areas that will require compliance, which may impact on the fire and security market. These are:

  • Clear information on the support period at the point of sale – which is stating exactly how long the manufacturer will continue to provide updates, etc.
  • No default passwords – which, as the law states means in its first use, the user will have to use the unique password supplied with the product, and will not be able to use that supplied password again.
  • Reporting of security issues – this includes providing information on where anyone who finds a vulnerability can inform the manufacturer, and also for the manufacturer to inform its customers of the vulnerability and to provide a fix in a timely manner.

Find out more information on the PSTI Act and how it may affect you in our guide, here: The Product Security and Telecommunications Infrastructure (PSTI) Act 2022 – What does it cover?


Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.


Related Topics

Notify of
Inline Feedbacks
View all comments