UK PSTI ETSI EN 303 645 Standard Testing Laboratory

In 2022, the UK introduced Part 1 of the Product Safety and Telecommunications Infrastructure (PSTI) Act. Subsequently, the UK enacted the Product Safety and Telecommunications Infrastructure Act 2023, declaring that starting from April 29, 2024, the UK will enforce network security requirements for consumer connected products across England, Scotland, Wales, and Northern Ireland. This legislation mandates manufacturers to obtain PSTI certification and comply with minimum security standards derived from the UK Consumer IoT Security Guidelines, the European Consumer IoT Network Security Standard ETSI EN 303 645, and recommendations from the UK National Cyber Security Centre. The aim of this act is to ensure businesses in the supply chain collectively prevent unsafe products from entering the UK market, safeguarding consumer and business interests.

Scope of PSTI Regulation

The PSTI Act covers various internet-connected products such as smart TVs, IP cameras, routers, and smart home products like smart locks, alarm systems, and home assistants. Additionally, internet-connected consumer electronics products like smartphones, wearable devices, and smart home appliances fall under its regulatory scope. Not limited to specific types of products, any product with connectivity features is regulated by the PSTI Act, aimed at enhancing the cybersecurity of these products.

Certain categories such as electric vehicle charging points under specified conditions, medical devices, smart meters, computers (desktops, laptops, and non-cellular-capable tablets), are exempt from PSTI Act regulation.

PSTI Act Requirements for Network Security

The PSTI Act's network security requirements primarily focus on:

1) Default Password Security

2) Vulnerability Reporting and Management

3) Software Updates

These requirements can be directly assessed under the PSTI Act or verified against the ETSI EN 303 645 network security standard for consumer IoT products. Compliance with relevant sections and requirements of ETSI EN 303 645 ensures adherence to the UK PSTI Act regulations.

ETSI EN 303 645 Standard Testing

To ensure product network security and privacy protection, manufacturers need to ensure all products meet the PSTI Act's requirements for passwords, vulnerability reporting, and software maintenance cycles before entering the UK market, supported by relevant assessment reports and technical documentation.

Manufacturers must ensure products pass testing according to the ETSI EN 303 645 standard and issue a conformity self-declaration.