top of page

【UK】Consumer connectable product security regime will be enforced

PSTI consumer connectable product security regime

Beginning on April 29, 2024, the United Kingdom's consumer connectable product security regime will be enforced.

Under this new law, manufacturers of UK consumer connectable products, commonly referred to as 'smart' products, will be obligated to adhere to the relevant provisions outlined in the legislation. This includes ensuring compliance with minimum security requirements for both themselves and their products.The relevant minimum security requirements are based on the UK government's Code of Practice for Consumer IoT Security issued in October 2018, the ETSI EN 303 645 standard for IoT product cybersecurity, and recommendations from the National Cyber Security Centre.

Comprising two pieces of legislation, the regime consists of

  • Part 1 of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022, as well as The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.

  • The PSTI Act received Royal Assent in December 2022, while the latter regulations were published as a full draft in April 2023 and officially enacted into law on September 14, 2023.

This legislation imposes cybersecurity obligations specifically targeting Internet of Things (IoT) devices utilized to connect to Internet service provider networks. Examples of such devices include:

  • IP cameras,

  • routers,

  • Bluetooth speakers,

  • cellular tablets,

  • smart home appliances,

  • baby monitors, etc.

For further details and guidance on compliance with the regime, businesses are encouraged to refer to the official documentation provided by the government at the following link:


Glodacert can provide you with professional, accurate, and prompt service, so please feel free to contact us with any queries or concerns you may have!


bottom of page