IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
James Moore is the Managing Editor of IFSEC Insider, the leading online publication for security and fire news in the industry.
James writes, commissions, edits and produces content for IFSEC Insider, including articles, breaking news stories and exclusive industry reports. He liaises and speaks with leading industry figures, vendors and associations to ensure security and fire professionals remain abreast of all the latest developments in the sector.
The Government has announced that businesses impacted by the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act will need to comply by 29 April 2024.
The PSTI Act, which received Royal Assent in December 2022, is designed to ensure all IoT-based consumer products sold in the UK meet a minimum standard of security. It will impact all businesses which manufacture IoT or networked products – from CCTV camera to alarms, kettles, fridges and more.
The Act comprises two parts:
Part 1 of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations, subject to parliamentary approval.
From 29 April 2024, the law will require manufactures of UK consumer connectable products to comply with minimum standard requirements.
The minimum requirements are based on the UK’s Code of Practice for Consumer IoT Security, the global standard for consumer IoT security – ETSI EN 303 645 – and on advice from the National Cyber Security Centre.
The three key areas of compliance
Within the legislation, there are three key areas that will require compliance, which may impact on the fire and security market. These are:
Clear information on the support period at the point of sale – which is stating exactly how long the manufacturer will continue to provide updates, etc.
No default passwords – which, as the law states means in its first use, the user will have to use the unique password supplied with the product, and will not be able to use that supplied password again.
Reporting of security issues – this includes providing information on where anyone who finds a vulnerability can inform the manufacturer, and also for the manufacturer to inform its customers of the vulnerability and to provide a fix in a timely manner.
Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.
Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.
Businesses given April 2024 deadline to comply with UK Product Security ActBusinesses impacted by the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act will need to comply by 29 April 2024.
James Moore
IFSEC Insider | Security and Fire News and Resources
Related Topics
Whitepaper: Enhancing security, resilience and efficiency across a range of industries
Podcast: Episode 18 – Transforming security: The role of secure IoT connectivity within fire and security applications
Video surveillance tech on the rise in luxury homes
The 