How new IoT legislation affects the legal sector.

The internet of things (IoT) consists of everyday objects that are connected to the internet, for example, smart home devices such as washing machines and refrigerators, as well as wearable technology such as smart watches, wireless headphones, and even personal medical devices like pacemakers. IoT also includes smart buildings, and transportation with the emergence of autonomous vehicles – there is an IoT device for almost every aspect of modern life.

New legislation has been introduced to protect consumers of IoT and smart devices by enforcing security requirements on manufacturers and importers of such products. The Product Security and Telecommunications Infrastructure (PSTI) Act 2022 implies that Importers and Distributors of IoT devices are at fault if they supply non-compliant devices to consumers. The UK Product Security and Telecommunications Infrastructure (Product Security) regime - GOV.UK (www.gov.uk)

The PSTI act became law in April 2023, and similarly to the General Data Protection Regulation, there will be a 12-month grace period for manufacturers to ensure that their devices are compliant with the legislation. The effective deadline for compliance is 29th April 2024.  

The impact of the PSTI Act facing the legal sector.

Legal professionals will be required to familiarise themselves with the specific requirements of the PSTI Act to help guarantee compliance for their clients. This may include providing advice on how clients can meet security standards and maintain compliance, for example, achieving certification against the IoT Cyber Scheme. Internet of Things (IoT) Cyber Scheme | Secarma. The IoT Cyber Scheme is a standard against which manufacturers of IoT devices can have their devices certified - the scheme aligns with all 13 provisions of ETSI EN 303 645, which is the worldwide standard in IoT cyber security. It also aligns with current UK security legislation and guidance, including the PTSI Act.

One of the most efficient ways to ensure clients are compliant with the PSTI Act and avoid a fine of 4% of their global annual turnover or complete product recall within the UK is to certify against the IoT Cyber Scheme.

The IASME IoT Cyber Assurance standard certificate has been confirmed by the Department for Science, Innovation and Technology (DSIT) as a valid statement of compliance. Achieving the certification in advance of the deadline allows organisations to de-risk the process of investigation and enforcement by advanced confirmation by an independent certification body that the device is compliant with the PSTI act.

In summary, the PSTI Act 2022 introduces significant changes and potential legal challenges for the IoT and smart device industry. Legal professionals will play a crucial role in helping businesses navigate compliance, liability, and consumer protection issues in this rapidly evolving sector.

To gain further insight into the PTSI Act and IoT Cyber Scheme, and how you can support your clients, please feel free to contact us here at Secarma on 0161 513 0960 or email us at enquiries@secarma.com and speak to one of our experts who will be happy to support your security needs.