UK PSTI Act: what you need to know
The UK Product Security and Telecommunications Infrastructure Act sets baseline security requirements for consumer connectable products.
What is the UK PSTI Act?
The UK PSTI Act has been in force since 29 April 2024. It establishes baseline security requirements for consumer connectable products sold in the UK, targeting the most common vulnerabilities in IoT devices.
Who does the PSTI Act apply to?
The PSTI Act applies to all economic operators in the supply chain for consumer connectable products in the UK.
- Manufacturers of consumer connectable products sold in the UK
- Importers bringing consumer connectable products into the UK market
- Distributors making consumer connectable products available to UK consumers
Key requirements
No universal default passwords
Every device must have a unique password per device. Universal factory default passwords are banned.
Vulnerability disclosure policy
Manufacturers must publish a clear vulnerability disclosure policy, including a point of contact for reporting security issues.
Security update transparency
Manufacturers must be transparent about the minimum period during which security updates will be provided for the product.
Non-compliance consequences
- Up to £10 million or 4% of global qualifying revenue, whichever is greater
PSTI compliance at the connectivity layer
SIMSY provides network-level controls that support PSTI Act requirements for connected device security.
Unique credentials
Edge API provisioning ensures every device receives unique credentials, no factory defaults.
LAN device credential checks
Automated security alerts identify devices on the LAN still using default or weak credentials.
Vulnerability management
Remote firmware updates across your estate enable rapid patching and vulnerability remediation.
Continuous monitoring
Real-time monitoring helps identify and respond to vulnerabilities throughout the product lifecycle.
Ensure PSTI compliance
Talk to us about how SIMSY can help you meet UK PSTI Act requirements.