Tuesday 29th April 2025 marks the one-year anniversary of the enforcement of the Product Security and Telecommunications Infrastructure (PSTI) Act. The Act introduced three significant obligations for manufacturers, importers, and distributors of consumer connectable products – to ensure passwords are secure, to report security issues, and to provide transparency on security support.
Iain Davidson, Senior Product Marketing Manager at Wireless Logic, reflects on what has worked – and what still needs to improve: “The PSTI Act has started to make a positive difference in the way we think about and approach IoT cybersecurity. By banning easy-to-guess passwords like ‘12345’ or ‘password’, it raised awareness of a basic but critical vulnerability that attackers have long exploited. However, despite these steps forward, it is not a silver bullet.
“Identity-related breaches and attacks are still on the rise, showing that cyber threats continue to evolve faster than policymakers can respond. No single regulation can fully shield organisations from today’s IoT threats. Attacks are becoming more sophisticated and our defences must keep up. True resilience demands a continuous, end-to-end approach – building security and availability into every device, at every stage of the lifecycle from design to deployment to day-to-day operation. It also means strengthening identity policies, proactively monitoring for anomalies, and enabling faster responses when threats are detected.
“The PSTI Act is an important foundation, but it’s now up to the industry to entrench it all their people, processes and technology”