The UK Product Security and Telecommunications Infrastructure (PSTI) came into effect on 29 April 2024.
The UK Product Security and Telecommunications Infrastructure (PSTI) came into effect on 29 April 2024.
As technology evolves and the products available to consumers become increasingly “connected”, the threat from malicious actors also increases.
In the United Kingdom, the government launched its Product Security and Telecommunications Infrastructure (PSTI) regime to secure connectable products used by consumers, such as smartphones, wearable devices, and smart home appliances, as well as other product categories, against cyber attacks. This legislation became mandatory from 29th April 2024, and manufacturers are obliged to comply with the security requirements described therein or face potential penalties.
The development of UK PSTI
The bill received Royal Assent on 6 December 2022. It entered into force in April 2023 with a 12-month transition period.
The regime is comprised of three main parts:
Part 1 of the PSTI Regulation requires manufacturers, distributors, and importers to ensure that products placed on the UK market comply with minimum security requirements aimed at protecting the UK consumer.
What are the UK PSTI’s security requirements?
The UK PSTI has the following security requirements for relevant connectable products, which manufacturers will be expected to comply with:
A non-exhaustive list of examples of relevant connectable products which fall under the scope of the PSTI include:
How CAN TÜV SÜD help?
It is very important to understand that any product which can “reasonably be used by a consumer” are considered in scope of the security requirements of the PSTI.
TÜV SÜD can help you understand and comply with the UK PSTI. Our experts have first-hand knowledge of the requirements and can provide help with the following:
Training
We provide training to manufacturers and distributors to help them understand the UK PSTI and application of the framework.
Product Testing
We can test and assess your smart products to relevant standards and guidelines to determine cybersecurity health. We can provide the test reports and attestations of conformity which could be used in support when making your statement of compliance to the PSTI.
Assessment and advisory
Equipped with global regulatory experience, we can help you bring your smart products to the market faster by guiding you to be more consistent, efficient, and compliant in manufacturing and distribution.
Why choose TÜV SÜD?
TÜV SÜD is a leader in product cybersecurity testing. Our industry experts have successfully helped companies improve their cybersecurity—from cyber risk assessments to security certification projects. With our experts’ first-hand knowledge of global cybersecurity standards, we can help you prepare and meet the UK PSTI requirements.
With a structured approach to cybersecurity honed from experience, domain-specific know-how, and regulatory expertise, TÜV SÜD supports companies across various sectors. By helping organisations comply with global cybersecurity standards, TÜV SÜD ensures our clients can access markets worldwide.
Prepare for the UK PSTI with TÜV SÜD today. Contact us to learn more about our cybersecurity services.
Find out what the ETSI EN 303 645 standard is and why it’s important for consumer IoT products and devices.
Learn More
RED specifies cybersecurity requirements for wireless devices, coming into force on August 1, 2025.
Learn More
Learn about the CB scheme to export your electrical and electronic products more quickly around the world.
Read More
Site Selector
Global
Americas
Asia
Europe
Middle East and Africa