EMC China Lab

What is UK PSTI Certification?

Views :
Update time : 2024-07-17

UK PSTI Certification Introduce

With the increasing prevalence and popularity of consumer Internet of Things (IoT) devices globally, and the corresponding rise in cyberattacks on IoT device terminals, consumer awareness of network security and privacy protection is gradually increasing. Consequently, the importance of network security and data protection for brand owners has risen to a strategic level. The trend towards mandatory network security regulations is becoming evident, with various countries, including China, the European Union, the United Kingdom, Singapore, Brazil, Japan, and the United States, all putting them on their agendas to enhance the standardized management of IoT products in the market.

 

In the traditional field of electronic and electrical products, there are already mandatory regulations for electrical safety, electromagnetic compatibility, wireless, energy efficiency, and chemistry. In the next 1-2 years, IoT products will see an increase in requirements related to network security and data protection.

 

In December 2022, the UK government formally passed the "Product Security and Telecommunications Infrastructure Act 2022" (PSTI) and it will be enforced from April 29, 2024. It applies to England and Wales, Scotland, and Northern Ireland. Which products fall under the scope of PSTI?

 

What is UK PSTI Certification?(图1)


Reference Documents

PSTI documents released by the UK GOV:

Product Security and Telecommunications Infrastructure Act 2022, CHAPTER 1 - Security Requirements - Security requirements relating to products.

Download link:https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime

 

The above link provides detailed descriptions of the requirements for regulated products. Additionally, you can refer to the interpretation in the following link:https://www.gov.uk/guidance/the-product-security-and-telecommunications-infrastructure-psti-bill-product-security . in the "Products that will be included in the Bill" section.

 

What is UK PSTI Certification?(图2)


Controlled Product Scope Mainly Includes:

Most consumer IoT products, such as smartphones, smart home appliances, smart home assistants, routers, cameras, smart locks, alarm systems, smart home hubs and assistants, wearable fitness trackers, outdoor leisure products, connected children's toys, and baby monitors, among others.

 

Exempted Product Scope Mainly Includes:

Desktop and laptop computers (desktop and laptop computers designed for use by children aged 14 and under), vehicles, smart meters, electric vehicle charging points, and medical devices.

 

Obligated Parties: Manufacturers, importers, and distributors of relevant products.

 

Penalties for Non-compliance with PSTI Certification:

Non-compliant companies may face fines of up to £10 million or 4% of their global turnover, whichever is higher. Additionally, non-compliant products will be recalled, and information about the non-compliance will be made public.

 

Specific Requirements for UK PSTI Certification:

 

According to the UK GOV's publication on PSTI, such as the document "The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023," as shown in Schedule 2, PSTI currently assesses products for compliance with three control requirements at this stage. The regulatory document also specifies that the reference standards for these three control requirements are EN 303 645: 5.1-1, 5.1-2, 5.2.-1, and 5.3-13, respectively.

 

1. Prohibition of Common Default Passwords

   ETSI EN 303 645 provisions 5.1-1 and 5.1-2

2. Implementation of Vulnerability Disclosure Management

   ETSI EN 303 645 provision 5.2-1

3. Requirement to Maintain Transparency for the Shortest Security Update Time Period

   ETSI EN 303 645 provision 5.3-13

 

ETSI EN 303 645 establishes new global standards for the security of consumer devices connected to the Internet of Things (IoT), enabling products to withstand serious cybersecurity threats and comply with GDPR requirements, protecting personal data and consumer privacy.

 

The ETSI EN 303 645 standard for IoT product security and privacy includes the following 13 categories of requirements:

 

1. Common Default Password Security

2. Vulnerability Disclosure Management

3. Software Updates

4. Sensitive Security Parameter Storage

5. Communication Security

6. Minimization of Attack Surface

7. Protection of Personal Data

8. Software Integrity

9. System Resilience to Interruptions

10. Inspection of System Telemetry Data

11. Ease of Deletion of Personal Data by Users

12. Simplified Device Installation and Maintenance

13. Validation of Input Data

 

PSTI Act and ETSI EN 303 645 Standard Testing Process:

Sample Data Preparation

Three sets of samples including main units and accessories, unencrypted software, user manuals/specifications/relevant services, and login accounts.

Establishment of Test Environment: Establish a test environment based on the user manual.

Execution of Network Security Assessment: Document review and technical testing, check vendor questionnaires, and provide feedback.

Weakness Remediation: Provide consulting services to address weakness issues.

Issuance of PSTI Assessment Report or ETSI EN 303 645 Assessment Report

 

How to Prove Compliance with UK PSTI Certification Requirements?

The minimum requirement is to meet the three requirements of PSTI certification regarding passwords, software maintenance cycles, and vulnerability reporting, and provide technical documents such as assessment reports for these requirements, along with a declaration of compliance. It is recommended to use the ETSI EN 303 645 standard for PSTI certification assessment. This will also serve as a good preparation for meeting the network security requirements of the EU CE RED directive, which will be enforced starting August 1, 2025!

 

Before the enforcement date arrives, manufacturers should ensure that the designed products comply with the standard requirements before entering production and entering the market. GTG suggests that relevant manufacturers should understand relevant laws and regulations as early as possible during the product development process to better plan product design, production, and market entry, ensuring compliance with safety standards.

 

What is UK PSTI Certification?(图3)


Where Can You Obtain UK PSTI Certification?

The EMC&RF Division of China JJRLAB Laboratory has established a leading industry large-scale testing base, strictly implementing quality control in accordance with the laboratory accreditation system standard ISO/IEC 17025, and has many years of experience in certification testing services for products exported to the UK.


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
What Certifications Are Required for Exporting Hea What Certifications Are Required for Exporting Hea
01 .10.2025
To export heaters to Europe, products need CE, RoHS, and REACH certifications for safety and complia...
Amazon Compliance Certification for Electric Vehic Amazon Compliance Certification for Electric Vehic
01 .10.2025
JJR Laboratory: Personal electric devices (e.g., e-bikes, hoverboards, scooters) are Q4 hits. Meet s...
Amazon US Pacifier Certification Testing Requireme Amazon US Pacifier Certification Testing Requireme
01 .11.2025
JJR Laboratory helps ensure your pacifiers and clips meet U.S. safety standards, including CPSIA, AS...
Amazon US Station Infant Carrier Certification Tes Amazon US Station Infant Carrier Certification Tes
01 .10.2025
Amazon US Infant Carrier Certification Testing: JJR Lab highlights key safety standards and testing ...
Amazon Canada Children’s Mattress Certification Amazon Canada Children’s Mattress Certification
01 .11.2025
Children’s mattresses on Amazon Canada must meet safety standards, including SOR regulations. Provid...
Common CPC Certification Requirements on Amazon Common CPC Certification Requirements on Amazon
01 .11.2025
Amazon US requires a CPC for children‘s products like toys and baby items. JJR Lab offers affordable...
Compliance Certifications for Infant and Toddler P Compliance Certifications for Infant and Toddler P
01 .11.2025
JJR Laboratory summarizes compliance requirements for infant feeding products on Amazon platforms (U...
Bed Rail Testing: ASTM F3186-17 & 16 CFR 1270 Bed Rail Testing: ASTM F3186-17 & 16 CFR 1270
01 .11.2025
Adult bed rails must comply with ASTM F3186-17 or 16 CFR 1270 to ensure safety and prevent risks. Co...

Leave Your Message