- Draft legislation
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023
You are here:
- UK Draft Statutory Instruments
- ISBN 978-0-348-24976-7
- Whole Instrument without Schedules
What Version
More Resources
Draft Legislation:
This is a draft item of legislation. This draft has since been made as a UK Statutory Instrument: The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 No. 1007
Citation, commencement and extent
1.—(1) These Regulations may be cited as the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.
(2) These Regulations come into force on 29th April 2024 and extend to England and Wales, Scotland and Northern Ireland.
Interpretation
2.—(1) In these Regulations—
“defined support period” means the minimum length of time, expressed as a period of time with an end date, for which security updates will be provided;
“ETSI EN 303 645” means the European Standard on Cyber Security for Consumer Internet of Things: Baseline Requirements (ETSI EN 303 645 V2.1.1 (19th June 2020))(1);
“hardware” means a physical electronic information system, or parts thereof, capable of processing, storing or transmitting digital data;
“ISO/IEC 29147” means the ISO/IEC 29147:2018 Information technology - Security techniques - Vulnerability disclosure standard (2nd edition, 2018)(2);
“manufacturer’s intended purpose” means the use for which the product is intended according to the data provided by the manufacturer, including on the label, in the instructions for use, or in promotional or sales materials or statements;
“security update” means a software update that protects or enhances the security of a product, including a software update that addresses security issues which have been discovered by or reported to the manufacturer.
(2) References in these Regulations to sections, except where otherwise specified, are to sections of the Product Security and Telecommunications Infrastructure Act 2022.
Security requirements for manufacturers
3. Schedule 1 specifies security requirements that apply to manufacturers of relevant connectable products for the purposes of section 1 (power to specify security requirements).
Deemed compliance with security requirements
4. Schedule 2 specifies the conditions under which a manufacturer is to be treated as having complied with a security requirement for the purposes of section 3 (power to deem compliance with security requirements).
Multiple manufacturers
5. Where there is more than one manufacturer of a relevant connectable product, each manufacturer must meet any relevant security requirement specified in Schedule 1 or satisfy the conditions for deemed compliance in relation to that requirement in Schedule 2.
Excepted products
6. Schedule 3 specifies excepted products for the purposes of section 6 (excepted products).
Minimum information required for statement of compliance
7. Schedule 4 specifies the information that the statement of compliance must include for the purpose of section 9 (statements of compliance).
Manufacturer retention of statement of compliance
8. Where a statement of compliance is required under section 9(2) (statements of compliance) to make a relevant connectable product available in the United Kingdom, the manufacturer of the product must retain a copy of the statement of compliance relating to the product for whichever is the longer of—
(a)a period of 10 years beginning with the date on which the statement of compliance was issued, and
(b)the defined support period for the product set out in the statement of compliance.
Importer retention of statement of compliance
9. Where a statement of compliance is required under section 15(2) (statements of compliance) to make a product available in the United Kingdom, the importer of the product must retain a copy of the statement of compliance relating to the product for whichever is the longer of—
(a)a period of 10 years beginning with the date on which the statement of compliance was issued, and
(b)the defined support period for the product set out in the statement of compliance.
Review
10.—(1) The Secretary of State must from time to time—
(a)carry out a review of the regulatory provision contained in these Regulations; and
(b)publish a report setting out the conclusions of the review.
(2) The first report must be published before the end of the period of five years beginning with the date on which these Regulations come into force.
(3) Subsequent reports must be published at intervals not exceeding five years.
Name
Minister
Department for Science, Innovation and Technology
Options/Help
Print Options
PrintThe Whole Instrument
PrintThe Instrument without Schedules
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
Opening Options
Different options to open legislation in order to view more content on screen at once
Draft Explanatory Memorandum
Draft Explanatory Memorandum sets out a brief statement of the purpose of a Draft Statutory Instrument and provides information about its policy objective and policy implications. They aim to make the Draft Statutory Instrument accessible to readers who are not legally qualified and accompany any Statutory Instrument or Draft Statutory Instrument laid before Parliament from June 2004 onwards.
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as enacted version that was used for the print copy
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Impact Assessments
Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:
- Why the government is proposing to intervene;
- The main options the government is considering, and which one is preferred;
- How and to what extent new policies may impact on them; and,
- The estimated costs and benefits of proposed measures.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as made version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.