UK enacts IoT cybersecurity law

The United Kingdom’s Product Security and Telecommunications Infrastructure (PSTI) act came into force on April 29, 2024, requiring consumer-grade Internet of things (IoT) products sold in the UK to stop using generic default passwords, implement a vulnerability disclosure policy, and set minimum timeframe for security updates and patches. 

Many IoT companies have expressed concerns over the PSTI act and compliance requirements, particularly over the cost of implementing security measures and complexity of compliance for certain devices.  

Non-compliance may result in fines of up to 10 million euros or 4% qualified worldwide revenue of the company (whichever is higher). 

Firms providing investment and credit to IoT companies should be aware of this new law and factor compliance into their company engagement.

 
Let's explore details about the PSTI act and what firms need to do about it. 


What is the UK PSTI act? 

The default credentials of IoT devices represent a major security issue for its users, and most manufacturers leave the task of setting better passwords to the buyers of these products. However, most consumers don't bother changing the default password, and the PSTI act is designed to address this security issue. 


The PSTI act requires that each product must come with a unique password that is not based on incremental counters, derived from public information, or easily guessable. Also, users must be able to change it. The law also addresses vulnerability disclosures and transparency for labeling and updates, and disclosure of the minimum timeframe for which security updates and patches will be provided. 

 

Specific details of PSTI can be found here


What companies are impacted by PSTI?

The law covers all manufacturers of internet and network-connectable IoT devices, such as:

 


  • TVs, speakers, and streaming devices
  •  
    Smartphones, game consoles, and tablets

  • Base stations and hubs

  • Wearables such as fitness trackers, and smart watches
  •  
    Security devices such as security cameras, and doorbells 

  • Home appliances such as light bulbs, washing machines, and home assistants


While you’re here...

Professionals in private markets and asset management firms use Auquan’s Intelligence Engine to automate research and monitoring for deal sourcing, borrow screens and due diligence, risk monitoring, sustainability, and compliance workflows.

Using advanced AI techniques, Auquan generates material insights on any company or issuer worldwide — public or private — instantaneously, tailored for your workflow. 

Let’s explore how Auquan can help you and your team eliminate tedious and time-consuming manual data work and focus more on what you do best.

 

Image credit: mikemacmarketing, CC BY 2.0 [https://commons.wikimedia.org/wiki/File:Home_Automation22.jpg] [modified]

 

AUQUAN INTELLIGENCE NEWSLETTER

Get insights on AI for financial services — and under-the-radar company intelligence — in your email.

Close Icon