The UK’s Product Security and Telecommunications Infrastructure (PSTI) regime is here

Effective from 29th April 2024, the new UK law aims to make consumer connectable products, including but not limited to smart home devices, internet-connectable cameras, and speakers, against cyber attacks, protecting individual privacy and security. This means manufacturers, importers, and distributors now have less than 100 days to be compliant.

This new regime introduces the following security requirements to address the most common security threats and exploits to consumer connectable products:

No universal or easily guessable default passwords
Manufacturers must provide information on how to report security issues about their product
Information on minimum security update periods must be published and available to consumers

PSTI regime is based on the UK’s Code of Practice for Consumer IoT security, the leading global standard for consumer IoT cybersecurity ETSI EN 303 645, and on advice from the UK’s technical authority for cyber threats, the National Cyber Security Centre.

Find out more about the PSTI regime here

Why is compliance with the PSTI important for an organization?

Manufacturers, importers, and distributors all have responsibilities under the PSTI. Essentially, these relevant organizations have a responsibility to supply compliant consumer-connectable products only after 29th April 2024.

Supplying non-compliant products in the UK can have significant consequences, such as hefty financial penalties, reputational damage, legal action, and restrictions on market access.

Organizations must prioritize PSTI compliance for their consumer-connectable products to avoid these penalties, legally supply them, and maintain a positive market standing.

How can BSI help?

BSI, as your Digital Trust testing and certification partner, is well-placed to support consumer IoT product manufacturers and stakeholders in their journey to becoming ready for the new PSTI regime.

We provide independent, third-party testing against the security provisions of the law in our UKAS-accredited laboratory. With over 6 years of experience testing products to the standards on which the PSTI technical requirements are based, we are proud to be the first laboratory to achieve accreditation for this from UKAS, the United Kingdom Accreditation Service.

Testing and certification from BSI will give you confidence that consumer-connectable products comply with the technical requirements of the PSTI and can be legally supplied in the UK under the new regime.

Choose BSI for a seamless PSTI compliance process backed by a commitment to excellence in product cybersecurity.

Get started here

Personal Information

First Name Enter your first name

Last Name Enter your last name

Company Enter your company name

Job Title Enter your job title

Email Enter your email address

Phone Enter your phone number

Industry Select your industry

Other Information

Country Select your country

Postcode Enter your postcode

Employees Size of your company

Comments Let us know if there any other products or services you are interested in, if you have any other questions, or if there’s any additional information you’d like us to know before we contact you.

Marketing Preferences

BSI takes your privacy seriously. From time to time we would like to contact you with details of products and/or services we offer.

If you wish for BSI to contact you for marketing purposes please select which methods of contact you would like us to contact you on? (Select all that apply)

Email NoYes

Phone NoYes

SMS NoYes

Direct Mail NoYes

I have read the BSI Privacy Notice and consent to the processing of my personal data*

Please read the BSI Privacy Notice for further information regarding your rights.

Comments

UK PSTI compliance services

The UK’s Product Security and Telecommunications Infrastructure (PSTI) regime is here

Why is compliance with the PSTI important for an organization?

How can BSI help?