Eseye has brought to light the significant implications of the recent Product Security and Telecommunications Infrastructure (PSTI) Act and Regulations, which came into force on 29 April 2024.
As the first IoT connectivity provider accredited as a certifying body under IASME’s IoT Cyber Assurance scheme, Eseye stresses the urgency for tech manufacturers to act swiftly. The Act introduces substantial compliance costs and potential market disruptions, requiring immediate action from the industry. Despite these initial hurdles, the new regulations promise to significantly boost IoT security and device connectivity, offering long-term advantages for businesses.
The PSTI Act mandates robust security measures for consumer-connectable devices to enhance the UK’s defence against sophisticated cyber-attacks and protect individual privacy. While this legislation necessitates integrating advanced security features early in the development process—potentially delaying product launches and increasing costs—it also provides an opportunity for tech manufacturers to improve their product security and gain a competitive edge.
The PSTI Act now encompasses a wide array of internet-connected “smart” devices, including consumer electronics like TVs, home security systems, and smart home appliances.
This legislation not only requires tech manufacturers to adhere to stringent security protocols but also offers significant benefits to both providers and end users. Enhanced data safety and user privacy, including the elimination of generic default passwords, are key improvements. Devices must have unique passwords or require users to set new, secure ones during setup, thereby ensuring higher levels of end-user security.
Manufacturers must also implement secure methods for software updates and clearly communicate the duration of security support for each device. This includes providing an accurate timeline for updates. Such commitments will bolster device security, build greater consumer trust in IoT technologies, and offer reliable protection against cybersecurity threats, allowing users to use their devices confidently without fear of data breaches or privacy invasions.
Adapting to the PSTI Act
The Act necessitates realignments in development processes to incorporate new security features, impacting product design and market release schedules. Customers can expect better communication from manufacturers about reporting product security issues. While these changes pose significant time and cost challenges, they ultimately lead to more secure and reliable consumer technology products, benefitting both manufacturers and end users.
“Eseye has consistently prioritised security in our IoT solutions, and the PSTI Act’s emphasis on ‘Security by Design’ aligns seamlessly with our ethos,” said Nick Earle, CEO of Eseye. “We are committed to aiding our customers through this transition, ensuring they meet the new rigorous standards effectively.”
IASME, a cyber security certification company, collaborates with over 900 cyber security experts to help organisations of all sizes improve and demonstrate their cyber security. The IASME IoT Cyber Scheme supports manufacturers in enhancing the security of their connected devices and certifying their achievements, demonstrating compliance with UK legislation and a commitment to best practice security.
“Eseye’s commitment to these standards not only demonstrates our leadership in IoT security but also reinforces our dedication to supporting our customers’ needs in this evolving digital landscape. Eseye is a trusted IASME partner, so our cybersecurity professionals can ensure your device is PSTI compliant and meets the ETSI standard. Coupled with our ISO 27001 compliance accreditation, we have a strong commitment to adhering to these robust cybersecurity standards,” concluded Kamran Jehangir, Technical and PSTI Lead Consultant at Eseye.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.