Main laws

United Kingdom Regulation

Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023

These Regulations set detailed UK security requirements for relevant consumer connectable products.

In forceUnited KingdomPlain-English guide4 practical checks

Plain-English explainers, not legal advice. Use the linked official source for section-level detail, and get advice for your situation.

Get legal help

Start here

Quick read

  • These Regulations matter at product-launch level.
  • Businesses need to check default passwords, vulnerability reporting, security update information and compliance statements before connected products are supplied in the UK.

Likely relevant if

  • Connected product manufacturers
  • Importers of smart devices
  • Retailers and distributors of IoT products

Check first

  • Check default password and security update requirements
  • Provide required information about reporting security issues
  • Prepare and keep statements of compliance where required

What this means in practice

These Regulations matter at product-launch level. Businesses need to check default passwords, vulnerability reporting, security update information and compliance statements before connected products are supplied in the UK.

Key points

  • A connected product launch should include a security-compliance checklist.
  • Security update periods should be clear before marketing goes live.
  • Retailers should ask suppliers for evidence, not just a yes.

When this law usually matters

Most businesses do not need to memorise the whole law. The useful starting point is to know when it is likely to affect a contract, customer journey, employee process, data flow or company decision.

Key points

  • Connected product manufacturers
  • Importers of smart devices
  • Retailers and distributors of IoT products
  • Businesses selling app-enabled hardware

What to check first

Sense check

  • Check default password and security update requirements
  • Provide required information about reporting security issues
  • Prepare and keep statements of compliance where required
  • Make sure importer and distributor checks are documented

Documents and workflows to review

Key points

  • Statement of compliance
  • Product security checklist
  • Consumer instructions
  • Supplier declaration
  • Security update and vulnerability policy

Related topics

How Sprintlaw can help