The UK Product Security and Telecommunications Infrastructure (PSTI) came into effect on 29 April 2024.

The UK Product Security and Telecommunications Infrastructure (PSTI) came into effect on 29 April 2024.

As technology evolves and the products available to consumers become increasingly “connected”, the threat from malicious actors also increases.

In the United Kingdom, the government launched its Product Security and Telecommunications Infrastructure (PSTI) regime to secure connectable products used by consumers, such as smartphones, wearable devices, and smart home appliances, as well as other product categories, against cyber attacks. This legislation became mandatory from 29th April 2024, and manufacturers are obliged to comply with the security requirements described therein or face potential penalties. 

The development of UK PSTI

The bill received Royal Assent on 6 December 2022. It entered into force in April 2023 with a 12-month transition period.

The regime is comprised of three main parts:

  • Part 1: Product security
  • Part 2: Telecommunications infrastructure
  • Part 3: Final provisions

Part 1 of the PSTI Regulation requires manufacturers, distributors, and importers to ensure that products placed on the UK market comply with minimum security requirements aimed at protecting the UK consumer.

What are the UK PSTI’s security requirements?

The UK PSTI has the following security requirements for relevant connectable products, which manufacturers will be expected to comply with:

  1. A ban on default passwords – passwords must be unique per product and of a minimum strength
  2. A means of reporting security issues and vulnerabilities in a product
  3. Information on security update periods for a product (a defined support period with an end date)

A non-exhaustive list of examples of relevant connectable products which fall under the scope of the PSTI include:

  • Smartphones
  • Toys and baby monitors
  • Smoke detectors
  • Wearable products
  • Smart Home Hubs
  • Home Appliances
  • Smart Alarm Systems


How CAN TÜV SÜD help?

It is very important to understand that any product which can “reasonably be used by a consumer” are considered in scope of the security requirements of the PSTI.

TÜV SÜD can help you understand and comply with the UK PSTI. Our experts have first-hand knowledge of the requirements and can provide help with the following:


We provide training to manufacturers and distributors to help them understand the UK PSTI and application of the framework.


testingProduct Testing

We can test and assess your smart products to relevant standards and guidelines to determine cybersecurity health. We can provide the test reports and attestations of conformity which could be used in support when making your statement of compliance to the PSTI.


advisoryAssessment and advisory

Equipped with global regulatory experience, we can help you bring your smart products to the market faster by guiding you to be more consistent, efficient, and compliant in manufacturing and distribution.

Why choose TÜV SÜD?

TÜV SÜD is a leader in product cybersecurity testing. Our industry experts have successfully helped companies improve their cybersecurity—from cyber risk assessments to security certification projects. With our experts’ first-hand knowledge of global cybersecurity standards, we can help you prepare and meet the UK PSTI requirements.

With a structured approach to cybersecurity honed from experience, domain-specific know-how, and regulatory expertise, TÜV SÜD supports companies across various sectors. By helping organisations comply with global cybersecurity standards, TÜV SÜD ensures our clients can access markets worldwide.

Prepare for the UK PSTI with TÜV SÜD today. Contact us to learn more about our cybersecurity services.




ETSI EN 303 645 Cybersecurity for Consumer IoT

Find out what the ETSI EN 303 645 standard is and why it’s important for consumer IoT products and devices.

Learn More

Cybersecurity requirements Radio Equipment Directive

5 key points about the new cybersecurity requirements for RED

RED specifies cybersecurity requirements for wireless devices, coming into force on August 1, 2025.

Learn More

IECEE CB scheme

5 things you need to know about IECEE CB scheme

Learn about the CB scheme to export your electrical and electronic products more quickly around the world.

Learn More


Next Steps

Site Selector