In the era of rapid digital development, cybersecurity has increasingly become a global focus. Particularly for internet-connected products that are indispensable in daily life, ensuring their security has become an urgent need. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI Act), passed by the UK government in December 2022, was born in this context, aiming to enhance the security of internet-connected products and their ability to resist cyber attacks.and will be enforced on April 29, 2024.Below is a detailed interpretation of the Act.

The core purpose of the PSTI Act is to improve the cybersecurity level of internet-connected products and protect consumer interests. The Act requires all consumer internet-connected products sold in the UK market to meet minimum cybersecurity standards to resist cyber attacks and protect user data. It applies not only to manufacturers but also to importers and distributors. Companies violating these requirements may face fines of up to ￡10 million or 4% of their global turnover.

The PSTI Act consists of two main parts: product security requirements and telecommunications infrastructure guidelines. For product security, there are three key points to note:

Internationally - recognized Safety StandardsPassword Requirements
The PSTI Act prohibits the use of universal default passwords. This means products must have unique default passwords or require users to set a password upon first use.

Security Management Issues
Manufacturers need to establish and disclose a vulnerability disclosure policy to ensure individuals who discover vulnerabilities can notify the manufacturer, and the manufacturer can promptly notify customers and provide fixes.

Security Update Cycle
Manufacturers must specify and disclose the minimum period for which they will provide security updates, so consumers know the security update support period for their products.

The PSTI Act covers a wide range of products, including but not limited to:

It is important to note that the PSTI Act does not apply to products already covered by existing legislation, such as healthcare monitoring products and smart meters, or complex products like autonomous vehicles. Additionally, certain products such as desktop computers, tablets, smart meters, electric vehicle charging stations, and medical devices are exempt.

Therefore, with the imminent enforcement of the PSTI Act, manufacturers, importers, and distributors of internet-connected products in the UK market must take immediate action to ensure their products comply with the new regulations.