It is not possible to comply with the PSTI in 1 click. However, you can start your journey by answering the following questions:
A product that can connect to the Internet or to other products is in scope of the PSTI. This connectivity could be in Wi-Fi, Bluetooth, Ethernet or any other technology.
When passwords are used in the device, they must be unique per device. Note that pairing codes (for Bluetooth or Matter) are not considered passwords.
A Single Point of Contact must be publicly identified to receive reports of product security issues. Moreover, you should publish your commitments to handle these reports.
Customers must know the duration of this support period before buying the product.
This document explains how you comply with the requirements of the PSTI. It is mandatory for market access and it must accompany the product, either physically or as a digital format.
Since the 29th of April 2024, all consumer IoT devices sold in the UK must comply with 3 requirements.
Devices must not use default passwords that can be easily discovered. This is to avoid mass-compromise.
A single point of contact and associated processes must be in place to receive and manage security reports.
The product must receive security updates until a given date. This date must appear on the product or on a website.
Manufacturers must comply with the PSTI or face heavy penalties.
when non-compliant products are sold in the UK
for breaching the regulation
when not taking action to secure products sold in the UK
The PSTI mandates cyber security requirements for all consumer IoT products. Our 1-click compliance tool is only a start! Go further with our services.
Evaluate your compliance with the PSTI to keep selling your products in the UK.
Learn about security issues in your products.
Protect your customers after product release.