UK PSTI Cybersecurity Regulations

IoT and connected products placed onto the UK market must meet the requirements of the UK PSTI. Ensure compliance with our UK-specific cybersecurity services.

Our Capabilities

Expert Services

Regulatory guidance, compliance management, and bespoke testing to help manufacturers understand and implement the necessary security measures.

Testing and certification

Testing services against relevant cybersecurity standards which can help demonstrate compliance with PSTI requirements.

Training

Training courses and workshops to help manufacturers, designers, and engineers understand the requirements of the PSTI Act and related standards.

Global Market Access

Assistance to manufacturers in navigating regulatory requirements not only for the UK market but also for other global markets with similar cybersecurity regulations.

Are you compliant with the UK PSTI?

Many businesses struggle to navigate the PSTI requirements and implement the necessary technical and process changes for compliance.

We provide comprehensive services to guide businesses through PSTI compliance, offering expert assessment, gap analysis, policy development, and technical recommendations to ensure your products meet the required security standards efficiently and effectively.

A simplified compliance journey for the UK PSTI

Your path to UK product security compliance

Meeting the UK PSTI Act requirements can seem complex. Our expert guidance and streamlined processes simplify every step, ensuring your products comply efficiently without unnecessary complexity or delay. We handle the intricacies so you can focus on your core business.

Clear, step-by-step compliance roadmap.
Expert support tailored to your product type.
Effective assessment and gap analysis.
Guidance on implementing technical requirements.
Support for preparing the Statement of Compliance.

Our services for PSTI compliance

We provide expert testing, certification, guidance, and training to help manufacturers navigate UK PSTI Act requirements and confidently achieve compliance for their connected products.

The UK PSTI Cybersecurity Regulations

The UK Product Security and Telecommunications Infrastructure (PSTI) Act, which came into effect on April 29, 2024, establishes a baseline of cybersecurity requirements for consumer connectable products sold in the UK. The primary goal is to enhance the security of these devices and reduce the risk of cyberattacks impacting individuals and the wider digital economy.

The Act places obligations on manufacturers, importers, and distributors of relevant connectable products. These obligations are primarily detailed in the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.

Key Requirements

Ban on Universal Default Passwords: Products must not have universal default passwords that are identical across all devices or easily guessable. Passwords should be unique per product or set by the user upon initial setup.
Vulnerability Disclosure Policy: Manufacturers must establish and publish a clear point of contact and a policy for receiving reports of security vulnerabilities from external parties. They must also provide updates on the progress of addressing reported vulnerabilities.
Information on Security Updates: Manufacturers must inform consumers about the minimum length of time the product will receive security updates. This information should be provided in a clear, transparent, and easily understandable manner.

Obligations for the Supply Chain

Manufacturers: Must ensure their products meet the specified security requirements before being placed on the UK market, issue a statement of compliance, investigate potential compliance failures, maintain records, and take action to remedy issues.
Importers: Must not make products available in the UK unless they are accompanied by a statement of compliance and the importer is satisfied the security requirements have been met. They must also investigate potential compliance failures and take action.
Distributors: Must not make products available in the UK if they know or believe the product does not comply with the security requirements and must ensure the product is accompanied by a statement of compliance. They also have duties to take action in the event of compliance failures.

Scope

The regulations apply to internet-connectable products and network-connectable products that are primarily used by consumers. This includes a wide range of devices such as smartphones, smart TVs, connected cameras, connected toys, smart home devices, and wearable connected fitness trackers. Certain products, such as medical devices, smart meters, and desktop/laptop computers, are currently exempted.

Enforcement

The Office for Product Safety and Standards (OPSS) is the enforcement authority for the PSTI Act. Non-compliance can result in significant penalties, including fines of up to £10 million or 4% of a company's qualifying worldwide revenue, whichever is greater, and daily fines for continued breaches. Enforcement notices, including compliance notices, stop notices, and recall notices, can also be issued.

Eurofins Electrical & Electronics can help manufacturers, importers, and distributors navigate UK PSTI compliance. We offer expert testing, assessment, and advisory services to ensure products meet mandatory security requirements, such as banning default passwords, implementing vulnerability disclosure policies, and providing security update transparency.

This support helps businesses achieve compliance efficiently, access the UK market, and mitigate potential penalties.

Why choose us?

Expert cybersecurity knowledge

Our team has expertise in UK PSTI Act and related standards, ensuring accurate and effective compliance guidance for your products.

Tailored product solutions

We provide customised compliance strategies specifically designed for your unique connected products, addressing their individual needs and complexities.

Streamlined compliance process

We offer an efficient and smooth compliance journey, from initial assessment through testing and documentation, saving you time and resources.

Dedicated support, building trust

Receive dedicated support throughout the process. Our partnership helps you demonstrate product security and build trust with UK consumers.

Ready to ensure PSTI compliance for your connected products?

Connect with our experts today. We offer comprehensive testing, certification and training, for the UK PSTI, simplifying compliance and accelerating your market entry.

Related Services

EU Cybersecurity

Learn More

Cybersecurity

Learn More

CTIA IoT Certification

Learn More

Radio/Wireless Testing

Learn More

Who we are

About Eurofins

What we stand for

Entrepreneurship model

Our story

Our leadership

Leadership philosophy

Group Operating Council

Board of Directors

Corporate sustainability

Our approach

Environmental

Social

Governance

Eurofins Foundation

About

Supported projects

Submit a project

Global locations

Food & Feed Testing

Agro Testing

Sensory, Market Research & Product Design

Environment Testing

BioPharma Services

BioPharma Product Testing

Medical Device Services

Contract Development & Manufacturing Organization (CDMO)

Professional Scientific Services

Clinical Trial Conduct & BioAnalysis

BioPharma Discovery Services & Products

BioPharma Central Laboratory

Agroscience Services

Genomic Services

Forensic Services

Clinical Diagnostic Services

In Vitro Diagnostics Solutions

Consumer Product Testing

Construction & Building

Cosmetics & Personal Care

Detergents, Hygiene, Paper & Pulp

Electrical & Electronics

Home & Garden

Packaging

Softlines & Hardlines

Assurance & Inspection Services

Materials & Engineering Sciences

Testing for Life

Scientific innovation

Investors

Shareholder information

Shares in issue

All reports and presentations

Eurofins' response to Muddy Waters, June-July 2024

Calendar

Debt & hybrid capital

Shareholder meetings

Executive dealings

Share buy-back programmes

Europe, Middle East & Africa

Austria

Belgium

Czech Republic

Danmark

Hungary

Italy

Portugal

Switzerland

Spain

United Kingdom

Americas

Canada

United States

Asia Pacific

Australia

India

Vietnam

Canada

United States

Europe, Middle East & Africa

Americas