Today, the Product Security and Telecommunications Infrastructure (PSTI) law in the United Kingdom, established since 2022, will come into effect on its first day (April 29, 2024). This mandates that internet-connected products in the UK must have additional security measures in place, pertaining to:
Passwords: It is prohibited to use easily guessable passwords, including passwords derived from serial numbers, and each piece sold must have unique passwords.
Security Disclosure: The public must be made aware of any security vulnerabilities in products, along with notifications of fixes.
Patch Timeframes: The timeframe within which manufacturers are contractually obligated to release security vulnerability patches.
This law is enforced by the Office for Product Safety and Standards (OPSS), which has the authority to prohibit the sale or recall products that do not adhere to the requirements, as well as levy fines.
Source: Gov.UK
TLDR: The PSTI law in the UK mandates additional security measures for internet-connected products starting April 29, 2024, enforced by the OPSS with powers to recall non-compliant products and impose fines.
Leave a Comment