Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: Parliament introduces cybersecurity bill to protect people's personal tech from hackers

The Department for Digital, Culture, Media & Sport ('DCMS') announced, on 24 November 2021, that the Parliament had introduced on the same day, the Product Security and Telecommunications Infrastructure ('PSTI') Bill which will require manufacturers, importers, and distributors of digital tech which connects to the internet or other products, to make sure they meet tough new cybersecurity standards with heavy fines for those who fail to comply. In particular, the bill will apply to 'connectable' products including smartphones, smart TVs, games consoles, security cameras, and smart toys, and to manufacturers and other businesses, including both physical shops and online retailers. The new security standards introduced include:

  • a ban on easy-to-guess default passports that come preloaded on devices - such as 'password' or 'admin', which are a target for hackers; all passwords that come with new devices will need to be unique and not resettable to any universal factory setting;
  • a requirement for connectable product manufacturers to tell customers at the point of sale, and keep them updated, about the minimum amount of time a product will receive vital security updates and patches; if a product does not come with security updates that must be disclosed, which will increase people's awareness about when the products they buy could become vulnerable so they can make better informed purchasing decisions; and
  • new rules that require manufacturers to provide a public point of contact to make it simpler for security researchers and others to report when they discover flaws and bugs in products.

Furthermore, the bill requires businesses to investigate compliance failures, produce statements of compliance, and maintain appropriate records. A regulator will be designated to oversee compliance of the bill once it comes into force, and will have the power to, among other things, issue fines of up to £10 million or four per cent of their global turnover, as well as up to £20,000 a day in the case of an ongoing contravention.

You can read the press release here, the bill here, the collection of factsheets here, the product security factsheet guidance here, and the telecoms infrastructure factsheet guidance here.