Countdown to UK PSTI Regulation Enforcement on cybersecurity for Consumer Devices


    While the UK’s New Cybersecurity Regulation for Connected Consumer Devices relies on vendor self-compliance, obtaining a third-party certificate remains a prudent choice. Applus+ Laboratories provides various options for vendors seeking independent proof of compliance.

    As April 29, 2024, approaches manufacturers and vendors selling connected consumer products in the UK are preparing for a significant milestone. The Product Security and Telecommunications Infrastructure (PSTI) regime is about to come into force, introducing a fresh chapter in cybersecurity standards for daily-used consumer electronics. Let’s delve into the details:

    UK PSTI: A Step Toward Wider Security Accountability

    The PSTI regime isn’t about draconian measures; it’s about practical security and essential best practices that will now become mandatory. Its requirements—password standards, vulnerability reporting, and update commitments—are the basics that consumers expect. The UK stands among the first countries to enforce such comprehensive security regulations for consumer devices, but it won’t be alone. In 2025, the EU will enforce its own requirements, that are more stringent than those in the UK. As a result, vendors selling their products in the global market must be well-informed on how to comply with these evolving regulations.

    The UK PSTI regime casts a wide net, covering an extensive array of products. From smart thermostats to fitness trackers, everyday devices are now integral to the security conversation. For some IT companies, this level of cybersecurity is old hat—they’ve long surpassed it. But for others, it’s uncharted territory, necessitating a thorough assessment of their current practices and identifying necessary changes to ensure compliance. 

    Self-compliance and third-party certification

    Under this new regulation, there are no mandatory certification bodies actively verifying compliance. The responsibility now squarely rests on the vendors’ shoulders. However, obtaining a proof of compliance issued by a third-party remains a prudent choice. Independent validation by third-party experts adds credibility. 

    For manufacturers without in-house cybersecurity teams, third-party certification simplifies the process. Smaller companies can navigate complexity more effectively. 

    Moreover, displaying a certificate signals commitment to security, instilling consumer confidence. When consumers see that independent assessments have validated a product, trust is bolstered. 

    As other countries follow suit with similar regulations, this proactive approach becomes essential for vendors selling products in the global market. 

    Applus+ Laboratories solutions for UK’s PSTI compliance:

    PSTI-Focused Certificate: Manufacturers can opt for a certificate of compliance that specifically covers PSTI requirements. It’s easiest and cheapest option, but only valid for the UK. 

    Full ETSI EN 303 645 Evaluation: For those aiming higher, an accredited test report evaluating against the entire ETSI EN 303 645 standard is an option. You will get a Certificate of Conformity that transcends borders; it’s a global passport to security for consumer devices, and base-line for future regulations. 

    PSA Certified Level 1 Scheme: PSA Certified is an industry-led certification scheme for IoT cybersecurity. It Level 1 mark aligns with major global guidelines for connected consumer devices security, mapping requirements from various standards, including ETSI EN 303 645, NIST 8259A, Californian State Law SB-327, Matter and ioXt. 

    Contact us and get ready for April 29 deadline

    Navigating the evolving landscape of cybersecurity regulations can be complex. Whether you’re a seasoned manufacturer or a newcomer, ensuring compliance with the UK PSTI regime is a must. 

    Our team of experts is here to guide you. Let’s discuss your unique situation, explore the best options for your products, and ensure you’re ready for the April 29 deadline. If you are also seeking certification for your products to meet the upcoming cybersecurity requirements of the RED directive, which will be enforced starting August 1, 2025, our team is ready to assist you.

    Contact us today to safeguard your consumer devices and build trust in the connected world

    Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.

    Cookie settings panel