Collection

Secure by design

The government is working to protect UK citizens and businesses from the threats posed by poorly secured consumer connectable products (also known as 'IoT' or 'smart' devices.)

Key announcements

The UK’s consumer connectable product security regime came into effect on 29 April 2024.

Read the press notice here.

Businesses involved in the supply chains of these products now need to be compliant with the new regime. The government has published the full details of the legislative framework here.

We all increasingly rely on consumer connectable products to socialise, work and live our lives. Consumers and businesses should be able to trust that those products – whether they be watches, speakers, doorbells or baby monitors – are designed and built securely.

The UK government deeply values the benefits technology and greater connectivity can bring to our economy and society. However, we recognise action needs to be taken to address the risks to individuals, businesses, and the wider economy which inadequately secure consumer connectable products (or consumer “IoT” products) can represent.

The UK has led the world in addressing these risks through the development of the Product Security and Telecommunications Infrastructure (PSTI) Act. From the 29 April 2024, UK law mandates that manufacturers of consumer connectable products comply with baseline security requirements based on the UK Code of Practice for Consumer IoT security, and the leading global standard for consumer IoT security, ETSI EN 303 645.

Consumers and businesses who purchase new connectable products now benefit from world-leading security protections from the threat of cyber crime.

Legislation

The government has published the full details of the UK consumer connectable product security legislation that will come into effect on 29 April 2024.

Resources for consumers

All you need to understand about the government’s guidelines on consumer connectable product security.

Consumer connectable product security guidance

All you need to understand about the government’s guidelines on consumer connectable product security.

Policy context, rationale, consultations and evidence

Read about the context underpinning the government’s consumer connectable product security policy.

Other external reports

Updates to this page

Published 28 February 2019
Last updated 5 December 2024 + show all updates
  1. New research reports added, including the manufacturer survey on IoT security, the consumer survey on IoT security, and a literature review on the risks associated with consumer IoT.

  2. The product security regime is now law. This page has been updated to reflect that, and to add links to the press notice and other relevant documents.

  3. Updated to incorporate the new Product Security & Telecommunications Infrastructure Act, which has now become law and sets new security requirements for consumer internet-connected devices.

  4. Added details of the government response to the call for views, which was published on 21 April 2021, as well as new research reports.

  5. Updated to include call for views on proposals for regulating consumer smart device cyber security and new research documents.

  6. Added Pledges from industry to implement IoT Security Code of Practice.

  7. Added link to Government and tech industry collaborate to improve cyber security of IoT devices to the For manufacturers and retailers section.

  8. Added details of the consultation on the Government’s regulatory proposals regarding consumer Internet of Things (IoT) security.

  9. First published.