techUK
Printable version |
PSTI Regulations come into force
On 29 April, Product Security and Telecommunications Infrastructure Act Regulations came into force.
Product Security and Telecommunications Infrastructure Act Regulations have come into force today across the UK. All internet connected smart devices will be required by law to meet minimum-security standards.
About the PSTI Act
The Product Security and Telecommunications Infrastructure Act comprises two pieces of legislation:
Part 1 of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022; and
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.
The PSTI Act received Royal Assent in December 2022.
What are the Security Requirements?
Ban default passwords. Products that come with default passwords are an easy target for cyber criminals.
Require products to have a vulnerability disclosure policy. Security researchers regularly identify security flaws in products, but need a way to give notice to manufacturers of the risk they have identified, so that they can enable the manufacturer to act before criminals can take advantage. The Bill will provide measures to help ensure any vulnerabilities in a product are identified and flagged.
Require transparency about the length of time for which the product will receive important security updates. Consumers should know if their product will be supported with security updates, and if so, what the minimum length of time is that they can expect that support to continue.
More information can be accessed here.
Available Materials:
Published Government Guidance: Regulations: consumer connectable product security - GOV.UK (www.gov.uk)
The following guidance has been produced by the Smart Technology (Product Safety) Stakeholder Group, a round table forum for key stakeholders to discuss and promote best practice and safety in relation to smart technology: PSTI - Guide for Industry (electricalsafetyfirst.org.uk)
NCSC Consumer Snapshot: New security law for smart devices: Your rights as a consumer (ncsc.gov.uk)
techUK has supported the development of the PSTI Act for the past 6-years, since the development of the Consumer IOT Voluntary Code of Practice. We welcome the ambition of the Act, to strengthen resilience of connected devices across the UK. We continue to work with DSIT and the regulator OPSS, to ensure a smooth implementation, encourage compliance and develop best practice.
To join the techUK/AMDEA PSTI Act Manufacturers WG, please get in touch with Dan.Patefield@techuk.org.
Original article link: https://www.techuk.org/resource/psti-regulations-come-into-force.html