EMC China Lab

What is the UK PSTI Regulation?

Views :
Update time : 2025-04-09

uk psti RegULation Overview

The Product Security and Telecommunications Infrastructure Act 2022 (PSTI Act), enacted in the UK, officially comes into force on April 29, 2024. The regulation mandates that manufacturers, importers, and distributors of IoT products must comply with specific cybersecurity requirements. Violations can result in fines up to £10 million or 4% of the company’s global turnover, and a daily penalty of £20,000 for continuous non-compliance.

 

Key Compliance Requirements

1. No Universal Default Passwords

- Each product must have a unique password, or allow the user to define one.

- The use of a common or hardcoded default password is strictly prohibited.

- Passwords must not include encryption keys, pairing PINs, or API keys.

 

Reference Standards:

ETSI EN 303 645 (Sections 5.1-1 and 5.1-2)

 

2. Vulnerability Disclosure Policy

- Manufacturers must provide at least one channel for users or external parties to report security vulnerabilities.

- The reporting mechanism must be accessible, clear, and free to use, without requiring personal information.

- Users must receive status updates on their reports until the issue is resolved.

 

Reference Standards:

ETSI EN 303 645 (Section 5.2-1), ISO/IEC 29147:2018 (Clause 6.2)

 

3. Transparency of Support Period for Security Updates

- Companies must publish the defined support period during which security updates will be provided.

- Once published, shortening this support period is not allowed.

- This information must be made available in a clear and transparent way.

 

Reference Standards:

ETSI EN 303 645 (Section 5.3-13)

 

Scope of Products CoveRED by PSTI

Included Products:

- Connected security-related devices: smoke detectors, fire alarms, smart locks

- Smart home and automation devices: smart doorbells, alarm systems, IoT hubs

- Consumer electronics: smartphones, smart assistants, wearables

- Connected appliances: smart fridges, washing machines, coffee makers

- Other devices: connected cameras (IP and CCTV), game controllers, and similar products

 

Exempted Products:

- Products sold in Northern Ireland

- Smart meters, EV charging points, medical devices

- Computers and tablets intended for use by individuals aged 14 and above

 

JJR Testing Laboratory Services

JJR Laboratory in China is fully equipped with comprehensive testing capabilities and offers UK PSTI certification and testing services.

Feel free to contact us for more information or to get started!


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
SOR/2018-186 Playpen Compliance SOR/2018-186 Playpen Compliance
09 .12.2025
SOR/2018-186 playpen compliance: includes coatings, textiles, seams, mesh size & flammability sa...
Amazon Mattress 16 CFR 1633 Compliance Amazon Mattress 16 CFR 1633 Compliance
09 .12.2025
Amazon Mattress 16 CFR 1633 compliance: Open flame & smoldering tests (HRR, THR). JJR Test Lab p...
What is Amazon TIC Direct Validation? What is Amazon TIC Direct Validation?
09 .12.2025
Amazon TIC Direct Validation requires products (e.g., toys, electronics, supplements) meet ISO/IEC s...
Amazon Baby Sleeping Bag CPC Certificate Complianc Amazon Baby Sleeping Bag CPC Certificate Complianc
09 .12.2025
Amazon baby sleeping bags must meet CPSIA with CPC: lead 100ppm, phthalates 0.1%, small parts &...
Infant Swings 16 CFR 1223 & ASTM F2088 Testing Infant Swings 16 CFR 1223 & ASTM F2088 Testing
09 .12.2025
Infant swings must meet 16 CFR 1223 & ASTM F2088 strict safety standards (design, performance, l...
Amazon TIC Direct Validation Operation Guide Amazon TIC Direct Validation Operation Guide
09 .12.2025
Amazon requires TIC Direct Validation for compliance: certified labs test per standards (safety, EMC...
Portable Power Outlet Australian SAA Certification Portable Power Outlet Australian SAA Certification
09 .12.2025
Portable EPODs for Australia require SAA per AS/NZS 3105, 3112 & 3100. Tests: insulation, overlo...
CE Certification for Exporting Game Consoles to th CE Certification for Exporting Game Consoles to th
09 .12.2025
CE certification is required for EU game consoles under LVD, EMC, RED, RoHS & REACH, covering sa...

Leave Your Message