Main laws

United Kingdom Act

Product Security and Telecommunications Infrastructure Act 2022

The Product Security and Telecommunications Infrastructure Act 2022 creates powers and duties for consumer connectable product security.

In forceUnited KingdomPlain-English guide4 practical checks

Plain-English explainers, not legal advice. Use the linked official source for section-level detail, and get advice for your situation.

Get legal help

Start here

Quick read

  • This Act matters for businesses making, importing or selling connected products such as smart devices, wearables, cameras, routers and app-controlled goods.
  • Product security needs to be designed into the product and supply chain before launch.

Likely relevant if

  • Smart device manufacturers
  • Importers and distributors of connected products
  • Consumer electronics retailers

Check first

  • Check whether products are relevant connectable products
  • Allocate manufacturer, importer and distributor responsibilities
  • Keep security compliance and technical evidence on file

What this means in practice

This Act matters for businesses making, importing or selling connected products such as smart devices, wearables, cameras, routers and app-controlled goods. Product security needs to be designed into the product and supply chain before launch.

Key points

  • Cyber security is now part of product compliance for connected devices.
  • Importers should not rely on supplier assurances without evidence.
  • Product listings and instructions should not contradict security requirements.

When this law usually matters

Most businesses do not need to memorise the whole law. The useful starting point is to know when it is likely to affect a contract, customer journey, employee process, data flow or company decision.

Key points

  • Smart device manufacturers
  • Importers and distributors of connected products
  • Consumer electronics retailers
  • Businesses bundling hardware with apps or cloud services

What to check first

Sense check

  • Check whether products are relevant connectable products
  • Allocate manufacturer, importer and distributor responsibilities
  • Keep security compliance and technical evidence on file
  • Review vulnerability disclosure, password and update practices

Documents and workflows to review

Key points

  • Product specification
  • Supplier compliance pack
  • Security update policy
  • Vulnerability disclosure process
  • Importer and distributor agreements

Related topics

How Sprintlaw can help