Secure by design
The government is working to protect UK citizens and businesses from the threats posed by poorly secured consumer connectable products (also known as 'IoT' or 'smart' devices.)
Key announcements
The UK’s consumer connectable product security regime came into effect on 29 April 2024.
Businesses involved in the supply chains of these products now need to be compliant with the new regime. The government has published the full details of the legislative framework here.
We all increasingly rely on consumer connectable products to socialise, work and live our lives. Consumers and businesses should be able to trust that those products – whether they be watches, speakers, doorbells or baby monitors – are designed and built securely.
The UK government deeply values the benefits technology and greater connectivity can bring to our economy and society. However, we recognise action needs to be taken to address the risks to individuals, businesses, and the wider economy which inadequately secure consumer connectable products (or consumer “IoT” products) can represent.
The UK has led the world in addressing these risks through the development of the Product Security and Telecommunications Infrastructure (PSTI) Act. From the 29 April 2024, UK law mandates that manufacturers of consumer connectable products comply with baseline security requirements based on the UK Code of Practice for Consumer IoT security, and the leading global standard for consumer IoT security, ETSI EN 303 645.
Consumers and businesses who purchase new connectable products now benefit from world-leading security protections from the threat of cyber crime.
Legislation
The government has published the full details of the UK consumer connectable product security legislation that will come into effect on 29 April 2024.
Resources for consumers
All you need to understand about the government’s guidelines on consumer connectable product security.
Consumer connectable product security guidance
All you need to understand about the government’s guidelines on consumer connectable product security.
Policy context, rationale, consultations and evidence
Read about the context underpinning the government’s consumer connectable product security policy.
Other external reports
Further research and evidence underpinning the government’s consumer connectable product security policy.
21 April 2021 Research
Consumer Attitudes Towards IoT Security - Ipsos MORI
21 April 2021 Research
16 July 2020 Research
16 July 2020 Research
16 July 2020 Research
Updates to this page
Published 28 February 2019Last updated 5 December 2024 + show all updates
-
New research reports added, including the manufacturer survey on IoT security, the consumer survey on IoT security, and a literature review on the risks associated with consumer IoT.
-
The product security regime is now law. This page has been updated to reflect that, and to add links to the press notice and other relevant documents.
-
Updated to incorporate the new Product Security & Telecommunications Infrastructure Act, which has now become law and sets new security requirements for consumer internet-connected devices.
-
Added details of the government response to the call for views, which was published on 21 April 2021, as well as new research reports.
-
Updated to include call for views on proposals for regulating consumer smart device cyber security and new research documents.
-
Added Pledges from industry to implement IoT Security Code of Practice.
-
Added link to Government and tech industry collaborate to improve cyber security of IoT devices to the For manufacturers and retailers section.
-
Added details of the consultation on the Government’s regulatory proposals regarding consumer Internet of Things (IoT) security.
-
First published.