PSTI UK

As technology evolves rapidly, ensuring that the security and integrity of connecting products and telecommunications infrastructure remain intact and adaptive is crucial.

In the United Kingdom, the government launched its Product Security and Telecommunications Infrastructure (PSTI) to secure consumer connectable products, such as smartphones, wearable devices, and smart home appliances, against cyber-attacks.

Manufacturers are expected to comply, as the “consumer connectable product security regime” comes into effect on April 29, 2024.

The development of UK PSTI

The bill received Royal Assent on 6 December 2022. It entered into force in April 2023 with a 12-month transition period.

The regime comprises three parts of legislation:

• Part 1: Product security
• Part 2: Telecommunications infrastructure
• Part 3: Final provisions

The PSTI Regulation will require minimum security requirements among manufacturers, importers, and distributors of consumable connectable products made available to UK consumers. It also provides a robust regulatory framework that will remain adaptable amid rapid technological advancement, the evolution of malicious actors' techniques, and the broader international regulatory landscape.

What are the UK PSTI’s security standards?

The UK PSTI has the following security requirements for relevant connectable products, which manufacturers will be expected to comply with:

• Ban default passwords which are easy to guess and decipher using computers
• Take into account a vulnerable disclosure policy to be provided by security researchers to be aware of identified risks, so that the manufacturer can take action before criminals do

• Be transparent with the length of time for which the product will receive security updates

Manufacturers, importers, and distributors must ensure that the following products are compliant with the UK PSTI:

• Smartphones
• Connected cameras, televisions, and speakers
• Connected children’s toys and baby monitors
• Connected safety-relevant products, such as smoke detectors and door locks
• IoT base stations and hubs which multiple devices can connect to
• Wearable connected fitness trackers
• Outdoor leisure products, like handheld connected GPS devices
• Connected home automation and alarm systems
• Connected home appliances, like washing machines and refrigerators

• Smart home assistants

CONTACT US

How TÜV SÜD can help?

TÜV SÜD can help you comply with the UK PSTI. Our experts have firsthand knowledge of the requirements. We offer the following:

Training

We provide training to manufacturers and distributors to help them understand the UK PSTI and apply the framework to its products.

Testing and product certification

We can test your smart products to discover any defects early while checking for any regulatory compliance issues found in your product. We provide the test report and attestation of compliance for the UK PSTI.

Assessment and advisory

Equipped with global regulatory experience, we can help you bring your smart products to the market faster by guiding you to be more consistent, efficient, and compliant in manufacturing and distribution.

Why choose TÜV SÜD?

TÜV SÜD is a leader in product cybersecurity testing. Our industry experts have successfully helped companies improve their cybersecurity—from cyber risk assessments to security certification projects. With our experts’ first-hand knowledge of global cybersecurity standards, we can help you prepare and meet UK PSTI requirements.

With a structured approach to cybersecurity honed from experience, domain-specific know-how, and regulatory expertise, TÜV SÜD supports companies across various sectors. By helping organisations comply with global cybersecurity standards, TÜV SÜD ensures our clients can access markets worldwide.

Prepare for the UK PSTI with TÜV SÜD today. Contact us to learn more about our cybersecurity services.