Also online at: www.dijonline.co.uk • Tough enforcement: Expect compliance notices, stop notices and even product recalls • Massive fines: Non-compliant companies face fines of up to £10 million or 4% of their global annual revenue—whichever is greater • Stock seizure: Authorities can seize and destroy non-compliant products The Office for Product Safety and Standards (OPSS) is the designated enforcement body, ensuring these rules were followed from April 29, 2024, onwards. They have the power to hold businesses accountable on behalf of the Department for Science, Innovation and Technology. What needs to be done? If you manufacture or supply any IoT connected product, you must be aware of this law and the fact that the compliance deadline - April 29, 2024 - has already passed. There’s no room for excuses. You must have taken the necessary steps to ensure your products meet these critical security requirements. These standards are based on globally recognised best practices, including the UK’s Code of Practice for Consumer IoT security, ETSI EN 303 645 and guidance from the National Cyber Security Centre. And it’s not just manufacturers. Every business in the supply chain plays a critical role in keeping insecure products off the UK market. From distributors to retailers, everyone has a responsibility. SBD’s Secure Connected Device accreditation can help with compliance Secured by Design (SBD), developed in consultation with the Department for Science, Innovation and Technology (DSIT), helps companies achieve compliance through the Secure Connected Device accreditation scheme. This rigorous program goes beyond the government’s legislation, assessing products against all 13 provisions of the ETSI EN 303 645 standard. The SBD assessment identifies your product’s risk level and guides you through the certification process with approved bodies. Achieving SBD membership and accreditation earns your product the prestigious SBD Secure Connected Device badge—a clear signal to customers and the industry that your product meets the highest security standards. The Secure Connected Device annual appraisal also ensures compliance with evolving government requirements and cyberthreats. This accreditation isn’t just a mark of quality; it’s a powerful differentiator. It demonstrates leadership in IoT security, protecting your company, your products and, most importantly, your customers from cyber threats. The SBD Secure Connected Device accreditation is the only way to achieve UK police recognition for the security of your IoT products. Learn more about the SBD Secure Connected Device accreditation and see which companies have already achieved this prestigious recognition at www.securedbydesign.com/IoT. THE door industry journal spring 2025 Secured by Design I discussed the Product Security and Telecommunications Infrastructure Act (PSTI Act) in this column a few years back, focusing on its impact on businesses providing Internet of Things (IoT) products and services and how the SBD Secure Connected Device accreditation could aid compliance. Given that the Act is now law and mandatory compliance has been in effect for a year, it’s worth revisiting this topic. Many companies still seem unclear about the Act’s implications for their operations. Compliance with the PSTI Act is absolutely essential for door and window manufacturers for several key reasons. While you might not immediately think of doors and windows as ‘connected,’ the PSTI Act’s definition of ‘consumer connectable product’ is broad. It includes anything that can be connected to the internet, directly or indirectly. Modern doors and windows often incorporate smart technology. This can be in the form of smart locks (keyless entry, remote locking/unlocking, activity monitoring), sensors monitoring window/door status (open/closed) or integration with home security systems and smart heating control systems. The PSTI Act mandates that manufacturers of these connectable products meet specific security requirements, which you can read about in the article alongside. Failure to comply can mean fines that can reach up to £10 million or 4% of global revenue. The Office for Product Safety and Standards (OPSS), who already enforce the UK’s existing product safety regulations, are responsible for enforcing the PSTI Act. A security breach or non-compliance with the PSTI Act can severely damage your brand reputation, as consumers are increasingly aware of cybersecurity risks and will choose manufacturers they trust. The PSTI Act is just the beginning of increased regulation in the IoT space. By prioritising security now, you’ll be better prepared for future legislation and evolving customer expectations and will ensure your products remain competitive in an increasingly connected world. Jon Cole, Chief Operating Officer Secured by Design A regular column by Jon Cole, Chief Operating Officer, Secured by Design, the official police security initiative, which has been delivering a wide range of crime prevention activities across the UK for over 30 years and operates a product-based police accreditation scheme for security-rated products. Jon Cole
RkJQdWJsaXNoZXIy Mzg2Nzk=