Published 29 April 2023
Last updated 31 October 2023 — See all updates
Product Security and
Telecommunications Infrastructure Act 2022 - Part 1
The Product Security and
Telecommunications Infrastructure (Security Requirements for
Relevant Connectable Products) Regulations 2023
Details
The UK’s consumer connectable product security regime will come
into effect on 29 April 2024.
From that date, the law will require manufacturers of UK consumer
connectable products to comply with minimum security
requirements.
These minimum security requirements are based on the UK’s
Code of Practice for
Consumer IoT security, the leading global standard for
consumer IoT security ETSI EN
303 645, and on advice from the UK’s technical authority for
cyber threats, the National Cyber Security Centre. The regime
will also ensure other businesses in the supply chains of these
products play their role in preventing insecure consumer products
from being sold to UK consumers and businesses.
The regime comprises two pieces of legislation:
- Part 1 of the Product Security and Telecommunications
Infrastructure (PSTI)
Act 2022; and
- The Product Security and Telecommunications Infrastructure
(Security Requirements for Relevant Connectable Products)
Regulations 2023.
The PSTI
Act received Royal Assent in December 2022. The government
published a full draft of the PSTI
(Security Requirements for Relevant Connectable Products)
Regulations in April 2023 and these regulations were signed into
law on 14 September 2023. The consumer connectable product
security regime will enter into effect on 29 April 2024.
