These Regulations matter at product-launch level. Businesses need to check default passwords, vulnerability reporting, security update information and compliance statements before connected products are supplied in the UK.
Main laws
United Kingdom Regulation
Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023
These Regulations set detailed UK security requirements for relevant consumer connectable products.
In forceUnited KingdomPlain-English guide4 practical checks
Plain-English explainers, not legal advice. Use the linked official source for section-level detail, and get advice for your situation.
Get legal helpStart here
Quick read
- These Regulations matter at product-launch level.
- Businesses need to check default passwords, vulnerability reporting, security update information and compliance statements before connected products are supplied in the UK.
Likely relevant if
- Connected product manufacturers
- Importers of smart devices
- Retailers and distributors of IoT products
Check first
- Check default password and security update requirements
- Provide required information about reporting security issues
- Prepare and keep statements of compliance where required
What this means in practice
Key points
- A connected product launch should include a security-compliance checklist.
- Security update periods should be clear before marketing goes live.
- Retailers should ask suppliers for evidence, not just a yes.
When this law usually matters
Most businesses do not need to memorise the whole law. The useful starting point is to know when it is likely to affect a contract, customer journey, employee process, data flow or company decision.
Key points
- Connected product manufacturers
- Importers of smart devices
- Retailers and distributors of IoT products
- Businesses selling app-enabled hardware
What to check first
Sense check
- Check default password and security update requirements
- Provide required information about reporting security issues
- Prepare and keep statements of compliance where required
- Make sure importer and distributor checks are documented
Documents and workflows to review
Key points
- Statement of compliance
- Product security checklist
- Consumer instructions
- Supplier declaration
- Security update and vulnerability policy