EMC China Lab

UK PSTI Compliance Overview

Views :
Update time : 2024-10-25

Introduction to UK PSTI Cybersecurity Law  

Starting April 29, 2024, the UK will enforce the cybersecurity provisions under the Product Security and Telecommunications Infrastructure (PSTI) Act of 2023, impacting consumer-connected devices across England, Scotland, Wales, and Northern Ireland. With less than four months until implementation, manufacturers exporting to the UK should expedite PSTI complianCE certification to ensure smooth market entry.

 

PSTI Act Details  

The UK’s Consumer Connectable Product Security Scheme will take effect on April 29, 2024, mandating minimum security requirements for connectable products. These standards align with the UK's IoT security guidelines, the globally recognized ETSI EN 303 645, and recommendations from the UK’s National Cyber Security Centre. The scheme will also require other supply chain businesses to prevent the sale of insecure consumer products within the UK.

 

PSTI Act Legislation Includes:  

- Part 1 of the 2022 Product Security and Telecommunications Infrastructure (PSTI) Act  

- 2023 Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations  

 

PSTI Act Timeline  

- Approved: December 2022  

- Draft Published: April 2023  

- Enacted into Law: September 14, 2023  

- Enforcement Date: April 29, 2024  

 

Key PSTI Documents  

1. UK PSTI Act Overview (https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime)  

2. 2022 Product Security and Telecommunications Infrastructure Act (https://www.legislation.gov.uk/ukpga/2022/46/part/1/enacted)  

3. 2023 PSTI Security Regulations (https://www.legislation.gov.uk/uksi/2023/1007/contents/made)  

 

Scope of Products under PSTI  

The PSTI Act covers Internet-connectable products, including but not limited to smart TVs, IP cameras, routers, and smart home products.  

Exceptions (Schedule 3 Excepted Products) include:  

- Desktop computers, laptops, tablets (without cellular connectivity), medical devices, smart meters, EV chargers, and Bluetooth single-point devices. While these products may have cybersecurity requirements, they fall outside PSTI scope and may be governed by other laws.

 

PSTI Compliance Requirements  

The PSTI Act's security requirements focus on:  

1. Secure default passwords  

2. Vulnerability reporting and management  

3. Software updates  

 

Compliance can be demonstrated through direct assessment under the PSTI Act or by meeting standards outlined in ETSI EN 303 645, fulfilling all three requirements.

 

ETSI EN 303 645 IoT Security Standards  

Thirteen categories include:  

1. Default password security  

2. Vulnerability management  

3. Software updates  

4. Secure storage of sensitive data  

5. Communication security  

6. Minimizing exposure  

7. Data protection  

8. Software integrity  

9. System resilience  

10. Telemetry checks  

11. Data deletion  

12. Simplified device setup  

13. Input validation  

 

PSTI and ETSI EN 303 645 Testing Process  

To demonstrate PSTI compliance, manufacturers must meet minimum standards for passwords, software maintenance, and vulnerability reporting. Evaluation reports and self-declaration of compliance are required. ETSI EN 303 645 is recommended as a dual compliance measure, supporting both PSTI and upcoming EU CE RED cybersecurity directives, effective August 1, 2025.

 

Service Advantages  

- R&D phase cybersecurity consulting and evaluation  

- CE RED directive cybersecurity consulting and evaluation  

- California SB-327 compliance consulting  

- UK PSTI compliance consulting  

- FCC voluntary cybersecurity certification consulting  

- Cybersecurity consulting for Brazil, Singapore, and global markets


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
Amazon and Temu Require FCM Test Reports Amazon and Temu Require FCM Test Reports
04 .29.2025
Amazon and Temu now require FCM reports—JJR Laboratory provides testing to ensure your products meet...
Electric Kettle Amazon Canada Compliance Certifica Electric Kettle Amazon Canada Compliance Certifica
04 .29.2025
Electric kettles on Amazon Canada must meet SOR/2016-181, CSA 22.2 No. 60335-2-15, and C22.2 No. 64....
Do You Understand Amazon Compliance Certification? Do You Understand Amazon Compliance Certification?
04 .29.2025
Stay compliant on Amazon with JJR Lab’s certified CPC & ISO 17025 testing—ensure product safety,...
Pet Products CE Mark Pet Products CE Mark
04 .29.2025
Smart pet products entering EU/US markets require CE, FDA, ASTM compliance. JJR Testing Laboratory p...
US Toy Safety Standards US Toy Safety Standards
04 .29.2025
JJR Lab provides toy testing per US standards: small parts are banned or require warnings for kids u...
Toy Toxicology Testing CA Toy Toxicology Testing CA
04 .28.2025
JJR Laboratory offers toy toxicology testing, including 4.3 Toxicology and 4.6.2 Mouth Actuated Toys...
CPSIA Compliance for Children's Products CPSIA Compliance for Children's Products
04 .28.2025
JJR Testing Laboratory offers CPSIA compliance testing for children‘s products, ensuring they meet C...
Food Contact Items Testing Food Contact Items Testing
04 .28.2025
JJR Testing Laboratory offers food contact materials testing, ensuring compliance with FDA, EU 10/20...

Leave Your Message