Legislation updates

The Product Security and Telecommunications Infrastructure (PSTI) Act is now law in the UK, requiring manufacturers of consumer IoT products to meet minimum cybersecurity standards. From 29 April 2024, your products must:

• Eliminate default passwords
• Provide a clear vulnerability disclosure policy
• Be transparent about security update support timelines

Non-compliance can lead to significant penalties, including fines of up to £10 million or 4% of global revenue, enforcement notices, and product recalls.

In the year since enforcement began, many manufacturers have faced significant challenges in achieving full compliance:

• Uncertainty around product scope
• Implementation delays due to the complexity of managing compliance across new and existing inventory
• Supply chain hurdles, as importers and distributors now also share responsibility under the PSTI Act
• Difficulty producing the required Statement of Compliance (SoC), as defined in Schedule 4 of the PSTI Regulations 2023

To help manufacturers demonstrate compliance and lead in security best practices, Secured by Design (SBD) offers the Secure Connected Device (SCD) accreditation. Developed with the Department for Science, Innovation and Technology (DSIT), this scheme:

• Evaluates products against all 13 ETSI EN 303 645 provisions
• Offers the only police-recognised IoT security certification in the UK
• Enhances trust with distributors, retailers, and consumers
• Supports industry leadership in security innovation

For more information, please visit: https://www.securedbydesign.com/internet-of-things