Known as the UK Product Security and Telecommunications Infrastructure (PSTI) regulations, the new regime will mandate security requirements for a range of smart tech devices including connected children’s toys, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected home appliances like washing machines, and smart home voice assistants like Alexa.
The new laws which will come into force on April 29 this year are broad in scope (applying to most connected products) and also require all in-scope products to be accompanied by a statement of compliance. This statement must be prepared by the manufacturer of the product and must state that the manufacturer complies with the applicable security requirements.
The connected devices covered by the law need to comply with security requirements including: meeting minimum password requirements; providing information on reporting security issues to a specified point of contact; and providing information on the minimum period during which security updates are provided as part of a product.
Those found flouting the law could face fines of up to £10 million, along with daily fines of up to £20,000 where a breach continues. The law also grants authorities the power to recall non-compliant products from the market and for information about compliance failures to be made publicly available.