• 2 min read

Consumer connected products – new legislation impacts supply chains

Document Management System (DMS) being setup by IT consultant wo

The UK Product Security and Telecommunications Act 2022 (the Act) and the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (the Regulations) came into force on 29 April 2024.  The intention of the changes is to impose greater responsibility on manufacturers, importers and distributors of consumer connected products to increase the safety and cybersecurity of those products.

The new rules apply to manufacturers, distributors and importers of products which:

  • can connect to the internet or send and/or receive data electronically over a network; and
  • are supplied to UK consumers.

Certain types of products are excluded as sector or product specific rules apply to them already (e.g. medical devices and electric vehicle charging points) but examples of in-scope products include: smartphones, smart TVs, cameras, smart speakers, alarm systems, games consoles and smart toys.

It is also important to understand that a connected product intended for business use rather than consumer use may still be caught by the new rules if identical products are available to UK consumers as well.

Manufacturers, distributors and importers have a duty to self-assess to understand if their activities fall within the scope of the rules but the obligations which apply to each role within the supply chain vary.

Depending on the role, the security requirements may include:

  • banning universally default and easily guessable passwords;
  • publishing details to the public of how they can report security issues;
  • publishing a minimum support period (including an end date) for how long security updates will be provided for the products;
  • investigating and taking action against both suspected and actual compliance failures / security vulnerabilities; and
  • providing statements of compliance.

Breaches could result in enforcement from the Office for Product Safety and Standards. Potential sanctions could include:

  • product recalls;
  • stop notices; and
  • fines of up to £10m or 4% worldwide annual turnover.

Answers are just a click away

Make an enquiry