PSTI for Consumer Connectable Product Security
PSTI, UK Product Safety and Telecommunications Infrastructure Act
The UK government passed the Product Security and Telecommunications Infrastructure Act (PSTI Act) in 2022, which will come into effect on April 29, 2024. Companies involved in the consumer IoT product supply chain are required to comply with minimum security requirements which are based on the UK consumer IoT security practice guidelines/
ETSI EN 303 645
standard and recommendations from the National Cyber Security Centre; required that manufacturers, importers, and distributors carry the relevant products must comply with the security standards. If not, they may face fines of up to £10 million or 4% of their global turnover.
The Importance of IoT Device Security
New regulations in development for IoT devices.
- Multiple security challenges in the real world.
- Cybersecurity regulations establish standardized security protocols for connected devices.
UK PSTI
Some measures
- No universal default passwords.
- Mandatory reporting of security issues.
- Manufacturers will be required to inform customers about the product's security update support period before allowing purchase on their website.
Applicable to
- Smart home assistants.
- Smartphones.
- Connected cameras (IP and CCTV); wearables.
- Internet of Things base stations and hubs to which multiple devices connect.
- Connected home automation devices, smart doorbells, and alarm systems, etc.