PSTI Act 2022 and Its 2023 Regulations

In the ever-evolving digital landscape, cybersecurity and telecommunications infrastructure have become paramount concerns for governments worldwide. The United Kingdom has taken a significant step forward in addressing these issues with the introduction of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022. This landmark legislation aims to bolster the security of connectable devices and ensure the resilience of telecommunications infrastructure across the UK.

The PSTI Act 2022 is a comprehensive framework designed to enhance the security standards of digital and connected technologies. It reflects the UK government’s commitment to safeguarding national security and protecting consumers from the growing threats in the digital domain. The Act encompasses a wide range of devices, from smartphones and smart TVs to connected appliances and wearable technologies, emphasizing the need for robust security measures in the manufacturing and distribution of these products.

A critical component of the PSTI Act is the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023. These regulations, which are an integral part of the Act, are set to come into force from 24th April 2024. They lay down specific security requirements that manufacturers, importers, and distributors must adhere to, ensuring that connectable products sold in the UK meet stringent security standards.

The Regulations introduce several key requirements designed to enhance product security:

  • Ban on universal default passwords: Products must not be supplied with universal default passwords that could be easily guessed or obtained by attackers. Each device must have a unique password or allow users to set their own during the initial setup.
  • Transparency on security updates: Manufacturers must clearly inform consumers about the minimum period during which a product will receive security updates. This information must be provided at the point of sale, helping consumers make informed decisions about the products they purchase.
  • Vulnerability disclosure policy: Manufacturers are required to implement and clearly communicate a policy for disclosing vulnerabilities. This ensures that security flaws can be reported responsibly and addressed promptly, reducing the risk of exploitation.
  • Compliance with security standards: The regulations mandate compliance with recognized security standards and practices, ensuring that products are designed with security in mind from the outset.

The PSTI Act 2022, along with the forthcoming regulations, represents a significant milestone in the UK’s efforts to enhance cybersecurity and protect the telecommunications infrastructure. By setting clear and enforceable security standards for connectable products, the UK government aims to mitigate the risks associated with the increasing prevalence of smart devices in our daily lives. This legislation not only safeguards consumers but also encourages manufacturers to prioritize security in their product design and development processes.

As the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 prepare to come into force, it is crucial for stakeholders in the technology sector to familiarize themselves with the new requirements and ensure compliance. The PSTI Act 2022 sets the stage for a safer digital environment, reinforcing the UK’s position as a leader in cybersecurity and the protection of telecommunications infrastructure.

We can help you reach your obligations as a manufacturer. Here at Authorised Rep Compliance we can guide you towards appointing ARC as your European Authorized Representative and our sister company Product Compliance Support we have a team of product compliance consultants ready to give you all the advice and expertise you need to ensure your products are compliant with European regulations and directives.