- Building inspection
- Fire alarms system testing
- Household appliances
- Installation materials
- Industrial machinery
- IT & audio video
- Laboratory, test & measurement
- Lighting equipment
- Maritime, oil & gas
- Medical & healthcare equipment
- Military & aerospace product testing
- Wireless & telecom
May 9, 2023
New UK Regulations to Protect Consumers & Businesses from Cyberattacks
Written by: Vina Kerai
The United Kingdom's Department for Science, Innovation, and Technology (DSIT) has drafted the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (G/TBT/N/GBR/62, 2023). These regulations aim to protect consumers and businesses in the UK by setting minimum security requirements for manufacturers of consumer-connectable products. The in-scope products include smartphones, connectable cameras, TVs, speakers, children's toys, baby monitors, safety-relevant products, Internet of Things base stations, wearable fitness trackers, outdoor leisure products, home automation systems, and connectable appliances.
These measures are necessary due to the increasing prevalence of consumer connectable products in homes worldwide, partly driven by the COVID-19 pandemic (G/TBT/N/GBR/62, 2023). Many products on the market today have basic flaws, such as universal default passwords, making them vulnerable to cyberattacks, including DDoS attacks (G/TBT/N/GBR/62, 2023). Cybercriminals are increasingly targeting these products, which can pose significant risks to both consumers and infrastructure.
The UK government has been working alongside international organizations like the European Telecommunications Standards Institute (ETSI) since 2018 to develop relevant technical specifications and standards (G/TBT/N/GBR/62, 2023). The drafted regulations are based on the European Standard (EN) 303 645 v2.1.1 and will mandate requirements from various paragraphs within the standard (G/TBT/N/GBR/62, 2023). This effort represents widely recognized good practice and received strong support during a 2019 consultation on regulatory options (G/TBT/N/GBR/62, 2023).
The anticipated adoption of the drafted regulations is in 2023, with an entry into force on April 29, 2024 (G/TBT/N/GBR/62, 2023). A 60-day comment period is open from the date of notification for feedback on the draft (G/TBT/N/GBR/62, 2023). Relevant documents, including the full draft, can be accessed through the UK TBT Enquiry Point, the Trade Policy Group, or the Department for International Trade (G/TBT/N/GBR/62, 2023).
In summary, the UK government is taking steps to protect consumers and businesses by introducing the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (G/TBT/N/GBR/62, 2023). These regulations will establish minimum security requirements for manufacturers of various consumer connectable products, aiming to minimize vulnerabilities and cyberattacks. Adoption is expected in 2023, with enforcement beginning in 2024 (G/TBT/N/GBR/62, 2023).
Vina is located in Nemko’s US office and she is responsible for Nemko’s Telecommunications Certification Body programs. Vina has a proven track record of successfully implementing and managing certification programs with over 18 years of experience from R&D/engineering, compliance testing and certification to...