The UK Product Security and Telecommunications Infrastructure (PSTI) came into effect on 29 April 2024.

The UK Product Security and Telecommunications Infrastructure (PSTI) came into effect on 29 April 2024.

As technology evolves rapidly, ensuring that the security and integrity of connecting products and telecommunications infrastructure remain intact and adaptive is crucial.

In the United Kingdom, the government launched its Product Security and Telecommunications Infrastructure (PSTI) to secure consumer connectable products, such as smartphones, wearable devices, and smart home appliances, against cyber-attacks.

Manufacturers are expected to comply, as the “consumer connectable product security regime” comes into effect on April 29, 2024.

The development of UK PSTI

The bill received Royal Assent on 6 December 2022. It entered into force in April 2023 with a 12-month transition period.

The regime comprises three parts of legislation:

  • Part 1: Product security
  • Part 2: Telecommunications infrastructure
  • Part 3: Final provisions

The PSTI Regulation will require minimum security requirements among manufacturers, importers, and distributors of consumable connectable products made available to UK consumers. It also provides a robust regulatory framework that will remain adaptable amid rapid technological advancement, the evolution of malicious actors' techniques, and the broader international regulatory landscape.

What are the UK PSTI’s security standards?

The UK PSTI has the following security requirements for relevant connectable products, which manufacturers will be expected to comply with:

  • Ban default passwords which are easy to guess and decipher using computers
  • Take into account a vulnerable disclosure policy to be provided by security researchers to be aware of identified risks, so that the manufacturer can take action before criminals do
  • Be transparent with the length of time for which the product will receive security updates

Manufacturers, importers, and distributors must ensure that the following products are compliant with the UK PSTI:

  • Smartphones
  • Connected cameras, televisions, and speakers
  • Connected children’s toys and baby monitors
  • Connected safety-relevant products, such as smoke detectors and door locks
  • IoT base stations and hubs which multiple devices can connect to
  • Wearable connected fitness trackers
  • Outdoor leisure products, like handheld connected GPS devices
  • Connected home automation and alarm systems
  • Connected home appliances, like washing machines and refrigerators
  • Smart home assistants


How TÜV SÜD can help?

TÜV SÜD can help you comply with the UK PSTI. Our experts have firsthand knowledge of the requirements. We offer the following:


We provide training to manufacturers and distributors to help them understand the UK PSTI and apply the framework to its products.


testingTesting and product certification

We can test your smart products to discover any defects early while checking for any regulatory compliance issues found in your product. We provide the test report and attestation of compliance for the UK PSTI.


advisoryAssessment and advisory

Equipped with global regulatory experience, we can help you bring your smart products to the market faster by guiding you to be more consistent, efficient, and compliant in manufacturing and distribution.

Why choose TÜV SÜD?

TÜV SÜD is a leader in product cybersecurity testing. Our industry experts have successfully helped companies improve their cybersecurity—from cyber risk assessments to security certification projects. With our experts’ first-hand knowledge of global cybersecurity standards, we can help you prepare and meet UK PSTI requirements.

With a structured approach to cybersecurity honed from experience, domain-specific know-how, and regulatory expertise, TÜV SÜD supports companies across various sectors. By helping organisations comply with global cybersecurity standards, TÜV SÜD ensures our clients can access markets worldwide.

Prepare for the UK PSTI with TÜV SÜD today. Contact us to learn more about our cybersecurity services.




ETSI EN 303 645 Cybersecurity for Consumer IoT

Find out what the ETSI EN 303 645 standard is and why it’s important for consumer IoT products and devices.

Learn More

Cybersecurity requirements Radio Equipment Directive

5 key points about the new cybersecurity requirements for RED

RED specifies cybersecurity requirements for wireless devices, coming into force on August 1, 2025.

Learn More

IECEE CB scheme

5 things you need to know about IECEE CB scheme

Learn about the CB scheme to export your electrical and electronic products more quickly around the world.

Learn More


Next Steps

Site Selector