UK Product Security and Telecommunications Infrastructure Act (PSTI)
The UK Product Security and Telecommunications Infrastructure Act 2022 (PSTI), with regulations effective April 29, 2024, establishes minimum security requirements for consumer connectable products sold in the UK. It is the first national legislation implementing the ETSI EN 303 645 baseline requirements. Applies to manufacturers, importers, and distributors of internet-connected consumer products.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
Default Passwords
| Code | Title |
|---|---|
| UKPSTIACT-1 | Default Password Prohibition |
Distribution and Enforcement
| Code | Title |
|---|---|
| UKPSTIACT-4 | Distributor, Importer, Retailer Duties + Enforcement |
Support Period
| Code | Title |
|---|---|
| UKPSTIACT-3 | Defined Support Period and Statement of Compliance |
VDP
| Code | Title |
|---|---|
| UKPSTIACT-2 | Vulnerability Disclosure Policy and Reporting |
Frequently Asked Questions
What is UK Product Security and Telecommunications Infrastructure Act (PSTI)?
UK Product Security and Telecommunications Infrastructure Act (PSTI) is a compliance framework from United Kingdom with 4 domains and 4 controls. The UK Product Security and Telecommunications Infrastructure Act 2022 (PSTI), with regulations effective April 29, 2024, establishes minimum security requirements for consumer connectable products sold in the UK. It is the first national legislation implementing the ETSI EN 303 645 baseline requirements. Applies to manufacturers, importers, and distributors of internet-connected consumer products. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does UK Product Security and Telecommunications Infrastructure Act (PSTI) have?
UK Product Security and Telecommunications Infrastructure Act (PSTI) has 4 controls organised across 4 domains. The largest domains are Default Passwords (1 controls), Distribution and Enforcement (1 controls), Support Period (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does UK Product Security and Telecommunications Infrastructure Act (PSTI) map to?
UK Product Security and Telecommunications Infrastructure Act (PSTI) does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with UK Product Security and Telecommunications Infrastructure Act (PSTI) compliance?
Start your UK Product Security and Telecommunications Infrastructure Act (PSTI) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about UK Product Security and Telecommunications Infrastructure Act (PSTI) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 4 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required