What is PSTI?

PSTI stands for The Product Security and Telecommunications Infrastructure Act 2022 (PSTI).

Whom does it apply?

PSTI Regulations 2023 mandate that manufacturers of consumer connectable products who sell to UK consumers comply with baseline security requirements. UK law mandates that manufacturers of consumer connectable products comply with baseline security requirements based on the UK Code of Practice for Consumer IoT security, and the leading global standard for consumer IoT security, ETSI EN 303 645.

IoT examples include:

• Connected children’s toys and baby monitors,

• Connected safety-relevant products such as smoke detectors and door locks,

• Smart cameras, TVs and speakers,

• Wearable health trackers,

• Connected home automation and alarm systems,

• Connected appliances (e.g. washing machines, fridges),

• Smart home assistants.

Security code of practise includes to be followed by manufacturer:

• No default passwords,
• Implement a vulnerability disclosure policy
• Keep software updated,
• Securely store credentials and security-sensitive data
• Communicate securely,
• Minimise exposed attack surfaces,
• Ensure software integrity
• Ensure that personal data is protected,
• Make systems resilient to outages
• Monitor system telemetry data
• Make it easy for consumers to delete personal data
• Make installation and maintenance of devices eas
• Validate input data

As a consumer when you are buying an IoT device ensure that the product is PSTI complaint means it ensures that the product has followed the security code of practise.