There are currently no known outstanding effects for The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023, Schedule 2.
Regulation 4
1.—(1) A manufacturer is to be treated as complying with the security requirement at paragraph 1 of Schedule 1 where the condition in sub-paragraph (2) is met.
(2) The condition is that the manufacturer complies with provision 5.1-1 of ETSI EN 303 645 and, where relevant, provision 5.1-2 of ETSI EN 303 645 as if those provisions apply to the categories of hardware and software specified in paragraph 1(1) of Schedule 1.
Commencement Information
I1Sch. 2 para. 1 in force at 29.4.2024, see reg. 1(2)
2.—(1) A manufacturer is to be treated as complying with the security requirement at paragraph 2 of Schedule 1 where the condition in sub-paragraph (2) is met.
(2) The condition is that the manufacturer complies with—
(a)provision 5.2-1 of ETSI EN 303 645; or
(b)subject to sub-paragraphs (3) and (4), the following paragraphs of ISO/IEC 29147—
(i)paragraph 6.2.2;
(ii)paragraph 6.2.5; and
(iii)paragraph 6.5
as if the provision of ETSI EN 303 645 or the paragraphs of ISO/IEC29147 apply to the categories of hardware and software specified in paragraph 2(1) of Schedule 1.
(3) A manufacturer is required to publish information as to—
(a)how a person may access the mechanism for the manufacturer to receive reports described in paragraph 6.2.2 of ISO/IEC 29147;
(b)when a person making a vulnerability report will receive an acknowledgement of receipt of a report described in paragraph 6.2.5 of ISO/IEC 29147; and
(c)when a person making a vulnerability report will receive ongoing communication as described in paragraph 6.5 of ISO/IEC 29147
(4) The information at sub-paragraph (3) must be accessible, clear and transparent, and must be made available to a person (“P”)—
(a)without prior request for such information being made;
(b)in English;
(c)free of charge; and
(d)without requesting the provision of P’s personal information.
Commencement Information
I2Sch. 2 para. 2 in force at 29.4.2024, see reg. 1(2)
3.—(1) A manufacturer is to be treated as complying with the security requirement at paragraph 3 of Schedule 1 where the condition in sub-paragraph (2) is met.
(2) The condition is that, subject to sub-paragraphs (3), (5) and (6) of paragraph 3 of Schedule 1 and to sub-paragraphs (3) and (4), the manufacturer complies with provision 5.3-13 of ETSI EN 303 645 as if that provision applies to the categories of hardware and software specified in paragraph 3(1) of Schedule 1.
(3) References at provision 5.3-13 of ETSI EN 303 645 to “defined support period” are to be construed in accordance with the definition in regulation 2.
(4) Reference at provision 5.3-13 of ETSI EN 303 645 to the information being published in an accessible way that is clear and transparent includes making the information available to a person (“P”)—
(a)without prior request for such information being made;
(b)in English;
(c)free of charge;
(d)without requesting the provision of P’s personal information; and
(e)in such a way that is understandable by a reader without prior technical knowledge.
Commencement Information
I3Sch. 2 para. 3 in force at 29.4.2024, see reg. 1(2)
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.
