What is the UK PSTI Certificate?

UK (PSTI) Act

The UK’s Product Security and Telecommunications Infrastructure Act 2022(PSTI Act) came into mandatory effect on April 29, 2024. This law requires IoT manufacturers, importers, and distributors to comply with specific mandatory cybersecurity regULations. Authorities have the power to impose fines of up to £10 million or 4% of a company’s global turnover for violations. Companies continuing to bREACH the regulations may face additional daily fines of £20,000.

UK (PSTI) Compliance Requirements

The minimum requirements under the PSTI Act include:

1. Ban on Universal Default Passwords

①　Passwords must be unique for each product.

②　Passwords must be user-defined by the product owner.

③　Passwords must not include encryption keys, personal identification numbers used for pairing, or API keys.

 Reference standard:ETSI EN 303 645 provisions 5.1-1 and 5.1-2.

2. Requirement to Implement Vulnerability Reporting Management

①　At least one accessible channel must be available for users or third parties to report any security issues related to the manufacturer’s connected products.

②　Users or third parties must receive confirmation of report receipt and status updates until the issue is resolved.

③　Reporting channels must be accessible, clear, transparent, and available.

④　Reports must be provided without prior request, in English, free of charge, and without requiring personal information.

 Reference standards:ETSI EN 303 645 provisions 5.2-1; ISO/IEC 29147 (2018) clause 6.2.

3. Requirement for Transparency on Minimum Security Update Period

①　The defined support period must be publicly disclosed.

②　REDucing the defined support period after publication is non-compliant.

③　Information must be published in an accessible, clear, transparent, and available manner, including for individual users.

 Reference standard:ETSI EN 303 645 provision 5.3-13.

UK (PSTI) Product Scope

Covered Products:

1. Connected security-related products such as smoke detectors, fire detectors, and door locks.

2. Connected home automation devices, smart doorbells, and alarm systems.

3. IoT base stations and hubs that connect multiple devices.

4. Smart home assistants, smartphones, connected cameras (IP and CCTV), wearable devices.

5. Connected refrigerators, washing machines, freezers, coffee machines, gaming controllers, and other similar products.

Exempt Products:

Products sold in Northern Ireland.

1. Smart meters, electric vehicle charging points, and medical devices.

2. Computers and tablets intended for use by persons aged 14 years and older.

China JJR LAB possesses comprehensive testing capabilities and offers uk psti testing and certification services. Feel free to contact us for further inquiries!