EMC China Lab

UK PSTI Compliance Overview

Views :
Update time : 2024-10-25

Introduction to UK PSTI Cybersecurity Law  

Starting April 29, 2024, the UK will enforce the cybersecurity provisions under the Product Security and Telecommunications Infrastructure (PSTI) Act of 2023, impacting consumer-connected devices across England, Scotland, Wales, and Northern Ireland. With less than four months until implementation, manufacturers exporting to the UK should expedite PSTI compliance certification to ensure smooth market entry.

 

PSTI Act Details  

The UK’s Consumer Connectable Product Security Scheme will take effect on April 29, 2024, mandating minimum security requirements for connectable products. These standards align with the UK's IoT security guidelines, the globally recognized ETSI EN 303 645, and recommendations from the UK’s National Cyber Security Centre. The scheme will also require other supply chain businesses to prevent the sale of insecure consumer products within the UK.

 

PSTI Act Legislation Includes:  

- Part 1 of the 2022 Product Security and Telecommunications Infrastructure (PSTI) Act  

- 2023 Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations  

 

PSTI Act Timeline  

- Approved: December 2022  

- Draft Published: April 2023  

- Enacted into Law: September 14, 2023  

- Enforcement Date: April 29, 2024  

 

Key PSTI Documents  

1. UK PSTI Act Overview (https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime)  

2. 2022 Product Security and Telecommunications Infrastructure Act (https://www.legislation.gov.uk/ukpga/2022/46/part/1/enacted)  

3. 2023 PSTI Security Regulations (https://www.legislation.gov.uk/uksi/2023/1007/contents/made)  

 

Scope of Products under PSTI  

The PSTI Act covers Internet-connectable products, including but not limited to smart TVs, IP cameras, routers, and smart home products.  

Exceptions (Schedule 3 Excepted Products) include:  

- Desktop computers, laptops, tablets (without cellular connectivity), medical devices, smart meters, EV chargers, and Bluetooth single-point devices. While these products may have cybersecurity requirements, they fall outside PSTI scope and may be governed by other laws.

 

PSTI Compliance Requirements  

The PSTI Act's security requirements focus on:  

1. Secure default passwords  

2. Vulnerability reporting and management  

3. Software updates  

 

Compliance can be demonstrated through direct assessment under the PSTI Act or by meeting standards outlined in ETSI EN 303 645, fulfilling all three requirements.

 

ETSI EN 303 645 IoT Security Standards  

Thirteen categories include:  

1. Default password security  

2. Vulnerability management  

3. Software updates  

4. Secure storage of sensitive data  

5. Communication security  

6. Minimizing exposure  

7. Data protection  

8. Software integrity  

9. System resilience  

10. Telemetry checks  

11. Data deletion  

12. Simplified device setup  

13. Input validation  

 

PSTI and ETSI EN 303 645 Testing Process  

To demonstrate PSTI compliance, manufacturers must meet minimum standards for passwords, software maintenance, and vulnerability reporting. Evaluation reports and self-declaration of compliance are required. ETSI EN 303 645 is recommended as a dual compliance measure, supporting both PSTI and upcoming EU CE RED cybersecurity directives, effective August 1, 2025.

 

Service Advantages  

- R&D phase cybersecurity consulting and evaluation  

- CE RED directive cybersecurity consulting and evaluation  

- California SB-327 compliance consulting  

- UK PSTI compliance consulting  

- FCC voluntary cybersecurity certification consulting  

- Cybersecurity consulting for Brazil, Singapore, and global markets


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
What is Amazon GPSR Certification? What is Amazon GPSR Certification?
10 .30.2024
GPSR, effective Dec 13, 2024, requires EU labeling for safe products. JJR Laboratory offers low-cost...
Introduction to UN38.3 Battery Testing Introduction to UN38.3 Battery Testing
10 .30.2024
UN38.3 Certification ensures lithium batteries pass safety tests for transport, including altitude a...
Handheld Label Printer ICASA Certification in Sout Handheld Label Printer ICASA Certification in Sout
10 .30.2024
Handheld label printers with Bluetooth require ICASA certification in South Africa, involving compli...
Safety Testing of Food Contact Materials Safety Testing of Food Contact Materials
10 .30.2024
Testing for food contact materials is crucial for safety. Compliance with EU directives and national...
What is Germany WEEE Registration? What is Germany WEEE Registration?
10 .30.2024
Germany‘s WEEE registration requires recycling of certain electronic waste. Non-compliance risks rem...
What is the EU WEEE Directive 2012/19/EU? What is the EU WEEE Directive 2012/19/EU?
10 .30.2024
The WEEE Directive categorizes electrical products into six types, ensuring proper recycling and reg...
Low Voltage Electrical Equipment CE Certification Low Voltage Electrical Equipment CE Certification
10 .29.2024
CE Certification for Low Voltage Equipment: Enables EU market access by meeting Directive 2014/35/EU...
CE Testing Laboratory CE Testing Laboratory
10 .29.2024
China JJR is an expert in CE certification testing. As an ISO/IEC 17025 accredited CE marking testin...

Leave Your Message