User:Whisky and more/Product Security and Telecommunications Infrastructure regulation
This is not a Wikipedia article: It is an individual user's work-in-progress page, and may be incomplete and/or unreliable. For guidance on developing this draft, see Wikipedia:So you made a userspace draft. Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
The Product Security and Telecommunications Infrastructure regime is a United Kingdom regulatory regime that requires UK based manufacturers, importers, and distributors of most consumer smart devices to comply with certain obligations including minimum security standards.[1]
The Product Security and Telecommunications Infrastructure Act 2022
[edit]The Product Security and Telecommunications Infrastructure Act 2022 and the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 202 together created a new UK consumer protection regime to require all internet connectable (ie smart) products manufactured in the UK to meet minimum security standards. The regime commenced on 29 April 2024.
The first of its kind in the world, the law aims to protect UK consumers against common security risks such as hacking and cyber-attacks. The UK Office for Product Safety and Standards is responsible for enforcing the regime.[1]
The Product Security and Telecommunications Infrastructure Act 2022 also makes changes to the regulation of telecommunications infrastructure in the UK and the electronic communications code.
Regime
[edit]The regime imposes a range of duties on UK based manufacturers, importers, and distributors of most UK internet or network connected products.
Under the regime, manufacturers, importers and distributors must:
- Comply with relevant security standards including not providing easily guessable default passwords and disclosing to consumers the minimum time they can expect to receive important security updates
- Publish a statement of compliance accompanying the product stating the manufacturer has complied with applicable security requirements
- Take all reasonable steps to investigate any potential security compliance failures and maintain records of any investigations.
In addition, importers and distributors must also not supply products with compliance failures and take action in relation to compliance failures by a manufacturer, importer or distributor.[2]
The security standard and statement of compliance requirements are among the most well known aspects of the regime, having received media coverage.[3][4] For example, on commencement of the regime on 29 April 2024, Apple published its statement of compliance for its iPhone 15 Pro Max A3106 model which confirmed that it would receive security support for a minimum of five years from first supply date of the phone.[5]
References
[edit]- ^ a b "New laws to protect consumers from cyber criminals come into force in the UK". GOV.UK. Retrieved 11 June 2024.
- ^ "The UK Product Security and Telecommunications Infrastructure (Product Security) regime". GOV.UK. 2 May 2024. Retrieved 11 June 2024.
- ^ Phelan, David. "iPhone 15 Pro Max: Apple Confirms Update Guarantee And Samsung Beats It". Forbes. Retrieved 11 June 2024.
- ^ Rogerson, James (6 June 2024). "Apple has said how long the iPhone 15 line will be updated for, and it's less than Samsung promises". TechRadar. Retrieved 11 June 2024.
- ^ Apple (29 April 2024). "A3106 UK PSTI - Connectable Devices Statement of Compliance" (PDF). Apple Regulatory Info. Archived (PDF) from the original on 10 June 2024. Retrieved 11 June 2024.