UK enacts IoT cybersecurity law
HelpNet Security, Monday, April 29th, 2024
The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy.
'Most smart devices are manufactured outside the UK, but the PSTI act also applies to all organisations importing or retailing products for the UK market. Failure to comply with the act is a criminal offence, with fines up to 10 million UK pounds or 4% of qualifying worldwide revenue (whichever is higher),' Carla V, National Cyber Security Centre's Citizen Resilience Officer, pointed out.