UK PSTI

The United Kingdom (UK) government launched its Product Security and Telecommunications Infrastructure (PSTI) regime to secure connectable consumer products from cyberattacks. The devices covered include smartphones, wearable devices, and smart home appliances, as well as other product categories.

This legislation became mandatory from 29th April 2024. Manufacturers need to comply with the security requirements described therein or face potential penalties. TÜV SÜD can guide you with the requirements of the UK PSTI and help your products demonstrate compliance.

The bill comprises of three parts:

• Part 1: Product security
• Part 2: Telecommunications infrastructure
• Part 3: Final provisions

Part 1 of the PSTI regulation requires manufacturers, distributors, and importers to ensure that products placed on the UK market comply with minimum security requirements aimed at protecting the UK consumer.

The UK PSTI has the following security requirements for relevant connectable products, which manufacturers will be expected to comply with:

1. A ban on default passwords – Passwords must be unique per product and of a minimum strength
2. A means of reporting security issues and vulnerabilities in a product
3. Information on security update periods for a product (a defined support period with an end date)

A non-exhaustive list of examples of relevant connectable products which fall under the scope of the PSTI include:

• Smartphones
• Toys and baby monitors
• Smoke detectors
• Wearable products
• Smart home hubs
• Home appliances
• Smart alarm systems

As technology evolves and the products available to consumers become increasingly connected, the threat from malicious actors also increases.

Regulations are also evolving in response to these threats. The PSTI is one such example. It is very important to understand that any product which can “reasonably be used by a consumer” are considered in scope of the security requirements of the PSTI.

Compliance with the PSTI demonstrates that your products will keep their consumers safe from evolving cyber threats. Therefore, fulfilling PSTI regulations and obtaining a UK PSTI Statement of Compliance is important for UK market access.

As a leader in product cybersecurity testing, TÜV SÜD can help you understand and comply with the UK PSTI.

Our industry experts have successfully helped companies improve their cybersecurity – from cyber risk assessments to security certification projects.

With a structured approach to cybersecurity honed from experience, domain-specific know-how, and regulatory expertise, TÜV SÜD supports companies across various sectors.

By helping organisations comply with global cybersecurity standards, TÜV SÜD ensures our clients can access markets worldwide.

Our experts have first-hand knowledge of the PSTI regulations and can provide help with the following:

Training

We provide training to manufacturers and distributors to help them understand the UK PSTI and application of the framework.

Product Testing

We can test and assess your smart products to relevant standards and guidelines to determine cybersecurity health. We can provide the test reports and attestations of conformity which could be used in support when making your UK PSTI Statement of Compliance.

Assessment and advisory

Equipped with global regulatory experience, we can help you bring your smart products to the market faster by guiding you to be more consistent, efficient, and compliant in manufacturing and distribution.