Find out how to build cyber security resilience into your IoT products and comply with the PSTI Act and Regulations.
Research by Viakoo revealed that 55% of IoT cyber incidents could have been prevented with better security. In the past year, 50% of companies faced an IoT cyber incident, with 44% being serious and 22% threatening operations. The Product Security and Telecommunications Infrastructure (PSTI) Act addresses the growing need for IoT security. This whitepaper explores the PSTI Act, its importance, required IoT security regulations, and the necessity of designing devices with embedded security.
The Product Security and Telecommunications Infrastructure (PSTI) Act, passed by the UK Parliament in 2022, regulates security for connected consumer products. Effective from April 29, 2024, the UK’s regime is governed by the PSTI Act 2022 and the PSTI Regulations 2023. The Office for Product Safety and Standards (OPSS) enforces these regulations, ensuring consumer and business protection from product-related harm, and has the authority to take action against non-compliance.
Watch our IoT Uncovered video featuring Eseye’s Technical Consultant, Kamran Jehangir, to learn more:
A pivotal legislative framework designed to address the evolving landscape of digital security."
Three requirements that you must follow to make your IoT product compliant:
Connected devices and IoT products must adhere to three security requirements:
What additional security regulations apply to IoT products?
Smart consumer devices and products have, in the past, been compromised at scale by cyber criminals. The objective of the PSTI Act and new Regulations is to prevent such security breaches in smart devices.
Some of the issues that require attention that are covered as part of the ETSI EN 303 645 standard are:
The reason consumer products are more at risk is because previously there’s been a lack of security requirements in place. There has always been a best practise, but nothing has been enforced, unless as part of the industry the device belongs
to there were/are pre-existing security requirements, for example we see this with healthcare devices.
There has always been a best practise, but nothing has been enforced."
Do Telecoms operators need to take action?
There is no need for telecoms operators to act in response to the PSTI act in response to the PSTI legislation.
Part 1 of the Act indicates that obligations are imposed upon manufacturers, importers and distributors of these products, defined as follows:
Manufacturer – An entity or person who manufactures a product, or has it made and markets it under their own name or trademark, including those who market products made by others.
Importer – An entity or person who imports a product into the UK from outside the UK and is not the manufacturer.
Distributor – an entity or person who makes the product available in the UK and is not a manufacturer or importer of
the product.
Our cyber security professionals here at Eseye are certified and trained by the IASME Consortium.
Building cyber security resilience into your IoT products
As a trusted IASME partner, we can certify IoT devices under the IoT Cyber Scheme, ensuring compliance with UK law and the PSTI Act. We also offer testing to meet the ETSI standard and guide manufacturers and suppliers on security legislation requirements.
Compliant products earn a certification badge for display on packaging and marketing, helping purchasers verify device security.
Contact us to arrange a security consultation with one of our specialists today.
That obligations are imposed upon manufactors, importers and distributors of these products."
