The urgency for IoT security has never been greater. With the April 29th deadline rapidly approaching, UK manufacturers, distributors, and importers of internet-connected devices are on a tight schedule to comply with the Product Security and Telecommunications Infrastructure (PSTI) Act.
What Is the PSTI Act?
The Product Security and Telecommunications Infrastructure (PSTI) Act is UK legislation designed to enhance the security of internet-connected devices, commonly known as IoT devices.
This legislation aims to protect consumers from cyber threats by ensuring that devices capable of connecting to the internet meet established safety standards. It’s a critical step towards mitigating the risks associated with IoT devices.
Who Needs to Comply With the PSTI Act?
The PSTI Act mandates that all consumer-connectable products meet specified security requirements to combat the increasing threats in our digitally connected world.
The PSTI Act mandates that manufacturers, importers, and distributors of consumer connectable products (or IoT devices) adhere to specific security requirements to protect UK consumers from cyber threats. This includes a wide range of products, such as smart TVs, wearable devices, connected home appliances, and more.
Why Is the PSTI Act Important?
The PSTI Act aims to help tackle the rising concerns around security vulnerabilities of IoT devices, which we are increasingly integrating into our daily lives. These devices often collect and transmit personal data, yet they often lack adequate security measures. These vulnerabilities can lead to data breaches, unauthorised access, and other cyber threats, posing risks not only to individual privacy but to national security.
How to Comply with the PSTI Act
The PSTI Act sets several key mandates for securing internet-connected devices in the UK:
- Security Requirements – Devices must not have default passwords, must allow users to report vulnerabilities, and manufacturers must inform users about the duration of security updates.
- Compliance Documentation – Manufacturers need to provide a statement of compliance with each product that details the device’s security measures.
- Record Keeping and Notifications – Manufacturers must keep records of compliance and notify relevant parties of any compliance failures.
- Responsibilities of Importers and Distributors – Importers and distributors must ensure products have a compliance statement and meet PSTI requirements before distribution.
- Enforcement and Penalties – The Office for Product Safety and Standards enforces the act, with potential fines of up to £10 million or 4% of global turnover for non-compliance.
- Scope – Applies to all consumer connectable devices like smart appliances and wearables, excluding certain categories like medical devices.
You can view more details on the PSTI Act, and how to achieve compliance on the GOV.UK.
The IASME IoT Cyber Scheme certifies internet connected (IoT) devices against the new UK legislation at the Baseline level. The scheme also allows manufacturers to take the next step to certify against the leading global technical standard in IoT security.
The scheme is aligned with The PSTI Act and covers the top three requirements of the ETSI EN 303 645 standard.
If you are a manufacturer looking to ensure your products are not only compliant but also secure and trusted, get in touch with us today.
At 3B Data Security, our expert consultants are ready to guide you through the IASME IoT Cyber Scheme certification process. By ensuring compliance with The PSTI Act and meeting the top standards of the ETSI EN 303 645, we help secure your products’ place in a competitive market.
