Also online at: www.dijonline.co.uk 28 THE door industry journal spring 2025 Industry News Understanding the PSTI Act: One Year On - Doors, Windows, Compliance, Penalties and the Path to Secure Devices It’s been nearly a year since the government mandated compliance with the Product Security and Telecommunications Infrastructure Act (PSTI Act), which means that manufacturers importers and distributors of doorsets and windows need to take note, or they could be breaking the law. The PSTI Act, holds manufacturers, importers and distributors accountable for the security of all consumer connectable products sold in the UK. It establishes a strong regulatory framework for non-compliance. Crucially, this isn’t just about obscure gadgets. It impacts a vast range of everyday items, including: • Home security: Connected door locks, window locks, home automation and alarm systems and even smoke detectors fall under this law • Smart devices: Smartphones, smart home assistants and IoT hubs are all included • Appliances: Even connected fridges, washers, freezers and coffee machines must meet these security standards Essentially, if it connects to the internet, this law likely applies. Why was this introduced? The UK government introduced the PSTI Act and its supporting Code of Practice (CoP) for Internet of Things (IoT) security to combat the growing threat of cyberattacks targeting connected devices. This legislation and guidance responded to the increasing number of vulnerable IoT products entering the market, which criminals are exploiting to compromise user privacy and security. Simply put, as our homes and lives become more connected, we become more vulnerable. The PSTI Act aims to secure these connected products by setting mandatory security requirements for manufacturers, importers and distributors, and by creating an enforcement system to remove insecure products from the UK market. What does the legislation require? This groundbreaking legislation focuses on three critical security features for all consumer IoT devices: • No more easy hacking: Forget factory-set default passwords. Devices must now require unique, user-defined passwords, slamming the door on easy access for cybercriminals • Vulnerability reporting: Manufacturers are now required to have a clear vulnerability disclosure policy. This means they must have a plan to address security weaknesses, ensuring problems are fixed promptly and effectively • Guaranteed software updates: Manufacturers must clearly state how long they will provide essential security updates. This ensures devices remain protected throughout their lifespan, giving consumers peace of mind What are the penalties for not complying with the legislation? This law isn’t just a suggestion—it has a robust regulatory framework backing it up. This framework empowers the government to take serious action against companies that fail to comply. The penalties are significant:
RkJQdWJsaXNoZXIy Mzg2Nzk=