Skip to main content

UK PTSI Act: Compliance vs Sanctions and £10m in Fines

UK joins a collective effort towards bolstering product security standards by applying the new product safety requirements for connected products, effective as of 29th April 2024. These regulatory changes align with the EU’s Cyber Resilience Act.

Tamara Ciochina

UK PTSI Act: Compliance vs Sanctions and £10m in Fines

UK joins a collective effort towards bolstering product security standards by applying the new product safety requirements for connected products, effective as of 29th April 2024. These regulatory changes align with the EU’s Cyber Resilience Act.

The Product Security and Telecommunications Infrastructure Act 2022 (PTSI) outlines the specific security measures applicable to "connectable products," consolidating previously voluntary cybersecurity practices under the Code of Practice for Consumer IoT Security.

All businesses involved in the supply chain of these connected products must ensure compliance with the legislation, whether they function as manufacturers, importers, or distributors.

Products within the scope of the PSTI Act encompass any product capable of connecting to the Internet via Internet protocols, including those connecting via Bluetooth or Internet protocols. Additionally, hubs or receivers fall under the purview of these regulations. However, certain exemptions are in place, such as charge points for electric vehicles, medical devices, smart meters, and computers.

The compliance requirements vary:

Manufacturers are tasked with ensuring compliance with security requirements, providing statements of compliance, investigating suspected compliance failures, and maintaining necessary records.

Importers and distributors have their own set of responsibilities, including preventing non-compliant products from entering the market.

As of now, only manufacturers are subject to specific security requirements, which can be met by adhering to relevant provisions within ETSI EN 303 645 and ISO/IEC29147.

What to expect?

The Regulations will be enforceable from 29th April 2024 by the Office for Product Safety and Standards (OPSS), with potential sanctions for non-compliance ranging from product recalls to fines of up to £10m or 4% of worldwide revenue.

Stay informed, stay compliant, and stay ahead in ensuring the safety and integrity of connected products in the UK market.

Source: https://www.legislation.gov.uk/ukpga/2022/46/contents/enacted