Brand Name: | LCS |
Model Number: | Optional |
MOQ: | 1 pcs |
Price: | 2000 USD |
Packaging Details: | Electronic version |
Payment Terms: | L/C, D/A, T/T, Western Union, MoneyGram |
Certification Introduction:
According to the Product Safety and Telecommunications Infrastructure Act 2023 promulgated by the UK on April 29, 2023, the UK will begin to enforce network security requirements for connected consumer devices on April 29, 2024, applicable to England, Scotland, and Wales. , Northern Ireland. As of now, there are only just over 3 months left. Major manufacturers exporting to the British market need to complete PSTI certification as soon as possible to ensure smooth entry into the British market.
The details of the PSTI Act are as follows
The UK Consumer Connected Product Safety Regime will come into force and be enforced on 29 April 2024. From this date, manufacturers of consumer connectable products in the UK will be required by law to comply with minimum security requirements. These minimum security requirements are based on the UK Consumer IoT Security Code of Practice, the world's leading consumer IoT security standard ETSI EN 303 645, and recommendations from the National Cyber Security Center, the UK's technical authority on cyber threats. The regime will also ensure that other businesses in the supply chain for these products play a role in preventing unsafe consumer products from being sold to UK consumers and businesses.
The system consists of two pieces of legislation
Product Safety and Telecommunications Infrastructure (PSTI) Bill 2022 Part 1
Product Safety and Telecommunications Infrastructure (Security Requirements for Relevant Connected Products) Bill 2023
PSTI bill release and enforcement timeline
The PSTI bill was approved in December 2022. The government published a full draft of the PSTI (Safety Requirements for Relevant Connected Products) Bills in April 2023, and the bills were signed into law on September 14, 2023. The Consumer Connected Product Safety Regime will come into effect on April 29, 2024.
PSTI Act Documents
1. UK Product Security and Telecommunications Infrastructure (Product Security) PSTI Act The UK Product Security and Telecommunications Infrastructure (Product Security) regime.
Website: https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime
2. Product Safety and Telecommunications Infrastructure Bill 2022
Product Security and Telecommunications Infrastructure Act 2022
Website: https://www.legislation.gov.uk/ukpga/2022/46/part/1/enacted
3. Product Safety and Telecommunications Infrastructure (Security Requirements for Relevant Connected Products) Bill 2023
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023
Website: https://www.legislation.gov.uk/uksi/2023/1007/contents/made
Specific requirements of the UK PSTI Act
The network security requirements of the PSTI Act are mainly divided into three aspects:
Universal default password security
Vulnerability report management and execution
Software update
These requirements can be assessed directly against the PSTI Act, or they can be assessed against ETSI EN 303 645, the cybersecurity standard for consumer IoT products, to demonstrate compliance with the PSTI Act. In other words, meeting the requirements of the three chapters and projects of the ETSI EN 303 645 standard is equivalent to meeting the requirements of the British PSTI Act.
ETSI EN 303 645 is a standard for security and privacy of IoT products, including the following 13 categories of requirements:
Universal default password security
Vulnerability report management and execution
Software update
Smart security parameter storage
Communication security
Reduce exposed attack surface
Protect personal data
software integrity
System resistance to interruptions
Check system telemetry data
Facilitate users to delete personal data
Simplify equipment installation and maintenance
Validate input data
How to demonstrate compliance with UK PTSI Act requirements
The minimum requirement is to meet the three requirements of the PSTI Act regarding passwords, software maintenance cycles and vulnerability reports, and to provide technical documents such as assessment reports for these requirements, and to make a self-declaration of compliance. We recommend using ETSI EN 303 645 for UK PSTI Act assessments. This is also the best way to pave the way for the cybersecurity requirements of the EU CE RED directive to be enforced starting on August 1, 2025!
Brand Name: | LCS |
Model Number: | Optional |
MOQ: | 1 pcs |
Price: | 2000 USD |
Packaging Details: | Electronic version |
Payment Terms: | L/C, D/A, T/T, Western Union, MoneyGram |
Certification Introduction:
According to the Product Safety and Telecommunications Infrastructure Act 2023 promulgated by the UK on April 29, 2023, the UK will begin to enforce network security requirements for connected consumer devices on April 29, 2024, applicable to England, Scotland, and Wales. , Northern Ireland. As of now, there are only just over 3 months left. Major manufacturers exporting to the British market need to complete PSTI certification as soon as possible to ensure smooth entry into the British market.
The details of the PSTI Act are as follows
The UK Consumer Connected Product Safety Regime will come into force and be enforced on 29 April 2024. From this date, manufacturers of consumer connectable products in the UK will be required by law to comply with minimum security requirements. These minimum security requirements are based on the UK Consumer IoT Security Code of Practice, the world's leading consumer IoT security standard ETSI EN 303 645, and recommendations from the National Cyber Security Center, the UK's technical authority on cyber threats. The regime will also ensure that other businesses in the supply chain for these products play a role in preventing unsafe consumer products from being sold to UK consumers and businesses.
The system consists of two pieces of legislation
Product Safety and Telecommunications Infrastructure (PSTI) Bill 2022 Part 1
Product Safety and Telecommunications Infrastructure (Security Requirements for Relevant Connected Products) Bill 2023
PSTI bill release and enforcement timeline
The PSTI bill was approved in December 2022. The government published a full draft of the PSTI (Safety Requirements for Relevant Connected Products) Bills in April 2023, and the bills were signed into law on September 14, 2023. The Consumer Connected Product Safety Regime will come into effect on April 29, 2024.
PSTI Act Documents
1. UK Product Security and Telecommunications Infrastructure (Product Security) PSTI Act The UK Product Security and Telecommunications Infrastructure (Product Security) regime.
Website: https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime
2. Product Safety and Telecommunications Infrastructure Bill 2022
Product Security and Telecommunications Infrastructure Act 2022
Website: https://www.legislation.gov.uk/ukpga/2022/46/part/1/enacted
3. Product Safety and Telecommunications Infrastructure (Security Requirements for Relevant Connected Products) Bill 2023
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023
Website: https://www.legislation.gov.uk/uksi/2023/1007/contents/made
Specific requirements of the UK PSTI Act
The network security requirements of the PSTI Act are mainly divided into three aspects:
Universal default password security
Vulnerability report management and execution
Software update
These requirements can be assessed directly against the PSTI Act, or they can be assessed against ETSI EN 303 645, the cybersecurity standard for consumer IoT products, to demonstrate compliance with the PSTI Act. In other words, meeting the requirements of the three chapters and projects of the ETSI EN 303 645 standard is equivalent to meeting the requirements of the British PSTI Act.
ETSI EN 303 645 is a standard for security and privacy of IoT products, including the following 13 categories of requirements:
Universal default password security
Vulnerability report management and execution
Software update
Smart security parameter storage
Communication security
Reduce exposed attack surface
Protect personal data
software integrity
System resistance to interruptions
Check system telemetry data
Facilitate users to delete personal data
Simplify equipment installation and maintenance
Validate input data
How to demonstrate compliance with UK PTSI Act requirements
The minimum requirement is to meet the three requirements of the PSTI Act regarding passwords, software maintenance cycles and vulnerability reports, and to provide technical documents such as assessment reports for these requirements, and to make a self-declaration of compliance. We recommend using ETSI EN 303 645 for UK PSTI Act assessments. This is also the best way to pave the way for the cybersecurity requirements of the EU CE RED directive to be enforced starting on August 1, 2025!