The countdown to consumer IoT regulation is on. On the 29th of April 2024, the UK intends to bring into force consumer IoT product security regulation on three main security requirements:
1) No default passwords
2) Having a vulnerability disclosure policy
3) Transparency on minimum dates for software update support
For more information see: https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime
A breakdown of the draft regulation text is here: https://mobilephonesecurity.org/2023/04/the-teeth-of-the-uks-iot-security-legislation-understanding-the-draft-regulation-text/
UK's Secure by Design collection: https://www.gov.uk/government/collections/secure-by-design
Code of Practice for Consumer IoT Security: https://www.gov.uk/government/publications/code-of-practice-for-consumer-iot-security
Relevant Standards
- ETSI EN 303 645 (pdf): https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf
- ISO/IEC 29147:2018: https://www.iso.org/standard/72311.html
Legislative Text
- PSTI Act Part 1: https://www.legislation.gov.uk/ukpga/2022/46/part/1/enacted
- The UK's Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 [draft]: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1153566/The_Product_Security_and_Telecommunications_Infrastructure__Security_Requirements_for_Relevant_Connectable_Products__Regulations_2023.pdf
This page is maintained by Copper Horse Ltd. For all queries please contact us here.
