Skip to navigation Skip to main content Skip to footer

News reaction: UK Government enforces the Product Security and Telecommunications Infrastructure (PSTI) Act

29 April 2024

For a long time, NCC Group has been committed to researching the security of the IoT ecosystem, not just for devices used within homes, but also across our workplaces, to understand the risks we’re facing as an increasingly connected society.

Today signalled a watershed moment for IoT security, the UK Government enforced the PSTI Act, a law that makes cyber security a legislative requirement for digitally connected products sold to consumers.

The Act sets minimum security requirements for consumer connectable products such as phones, TVs, and smart doorbells, ensuring that UK consumers are not put at risk by insecure technology products, better protecting UK home devices from cyber criminals.

Here, SVP of UK Markets at NCC Group, Matt Thomas comments on the new regulation and minimum-security standards third party manufacturers now have to comply with: New laws now require all internet-connected smart devices to meet minimum-security standards. This move will significantly enhance protection for consumers and businesses against hackers and cybercriminals.
“The cybersecurity industry has long advocated for legal safeguards for connected devices, and this law represents a pivotal moment in securing our connected future.

Importance of removing default passwords

“Eliminating default passwords is a crucial step toward better security. Default and easily guessable passwords create a false sense of security, leaving consumers vulnerable.

Far reaching impact

“Given that nearly all UK adults own at least one smart device, the impact of this law will be far-reaching. It demonstrates the government’s commitment to bolstering the UK’s cyber resilience and sets a global precedent as the world’s first law protecting consumer privacy, data, and finances.

“While the law may not fully address highly complex attacks (such as supply chain or nation-state threats), it will significantly mitigate more widespread, less complex attacks—a positive step forward.

Upcoming regulations

“Looking ahead, the EU’s Cyber Resilience Act (CRA) is poised for adoption. The CRA will be more ambitious than the UK’s PSTI Act, introducing cybersecurity requirements for a substantial portion of hardware and software sold within the EU. This includes risk assessments, vulnerability handling processes, and incident reporting.

“Notably, the US and Australia are also taking similar strides, underscoring the international commitment to safeguarding consumers from modern cyber risks.”

Contact

NCC Group Press Office

All media enquires relating to NCC Group plc.

press@nccgroup.com

+44 7721577574