Product Security and Telecommunications Infrastructure (PSTI) Bill: Factsheets
Factsheets accompanying the Product Security and Telecommunications Infrastructure Bill, outlining the problems the Bill will address and how.
The Product Security and Telecommunications Infrastructure (PSTI) Bill supports the rollout of future-proof, gigabit-capable broadband and 5G networks, and better protects citizens, networks and infrastructure against the harms enabled through insecure consumer connectable products.
Overview
The Product Security measures (Part 1 of the Bill) will:
- ensure that consumer connectable products, such as smart TVs, internet-connectable cameras and speakers, are more secure against cyber attacks, protecting individual privacy and security;
- require manufacturers, importers and distributors to comply with new security requirements relating to consumer connectable products; and
- create an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market.
The product security measures follow extensive engagement with the National Cyber Security Centre, tech and retail industry stakeholders, consumer groups and academia, many of whom also contributed to our 2019 consultation and 2020 call for views.
The Telecommunications Infrastructure measures (Part 2 of the Bill) will:
- amend the Electronic Communications Code to support the quick and efficient rollout of gigabit-capable broadband and 5G networks in a way that balances the interests of landowners, telecoms operators, and the public;
- align the process and framework for renewal agreements with those for new agreements and encourage more collaborative negotiations; and
- introduce measures that will help optimise the use of existing infrastructure.
The changes come following extensive consultation with the telecoms industry, landowners and their representatives, professional bodies and members of the public.
Product Security measures
Problems the bill addresses
Consumer connectable products, such as smart baby monitors and smart speakers, offer huge benefits for citizens and businesses to live better connected lives with a lower carbon footprint. It is a rapidly growing area of emerging technology: forecasts suggest that there could be up to 50 billion connectable products worldwide by 2030, and on average there are nine in each UK household.
However, the adoption of cyber security requirements within these products is poor, and while only 1 in 5 manufacturers embed basic security requirements in consumer connectable products, consumers overwhelmingly assume these products are secure. Information regarding the threats posed by insecure consumer connectable products and challenges within the existing market can be found in Product Security factsheet.
How the Bill addresses these problems
The Product Security measures (Part 1 of the Bill) will:
- provide ministers with powers to specify and amend minimum security requirements in relation to consumer connectable products;
- place duties on the manufacturers, importers and distributors that must be complied with in relation to these products; and
- provide powers to allow breaches of these duties to be enforced against.
Who the legislation will apply to
The Product Security measures (Part 1 of the Bill) will apply to manufacturers, importers, and distributors in the supply chain for consumer connectable products.
Telecommunications Infrastructure measures
Problems the bill addresses
Many telecoms operators and landowners report experiencing difficulties when negotiating requests for rights to install, use and upgrade telecoms infrastructure. These difficulties mean it takes longer for agreements to be concluded, which in turn slows down the roll out of better mobile and broadband connections for homes and businesses.
Additionally, there are occasions where landowners fail to respond at all to requests from telecoms operators. Again, this delays deployment and can also lead to operators altering their rollout plans, meaning some areas are left behind.
Separately, there is a lack of clarity and consistency in the procedures and frameworks applicable to renewal agreements. There is uncertainty as to how some agreements should be renewed, and in some situations, operators are prevented from obtaining a new agreement altogether, even though they may already have apparatus in place. Taken together, these issues have led to extensive delays in renewal agreements being completed, which has potential impacts on the pace at which existing apparatus can be upgraded and shared.
How the Bill addresses these problems
The Telecommunications Infrastructure measures (Part 2 of the Bill) will:
- make changes to the Electronic Communications Code, providing the necessary legal reforms to support the government’s ambitious plans to achieve the nationwide rollout of future-proof gigabit-capable broadband and 5G networks as soon as possible;
- encourage collaborative negotiations for agreeing new - and renewing expired - agreements by introducing a requirement for telecoms operators to consider the use of Alternative Dispute Resolution (‘ADR’) rather than legal proceedings in cases where there are difficulties in agreeing terms. Operators will also be required to explain the availability of ADR as an option in their notices to landowners;
- introduce limited rights for operators to upgrade and share apparatus installed prior to the 2017 Code reforms in specific circumstances where there will be no impact on private land;
- introduce provisions ensuring expired agreements are renewed consistently, and on similar terms to those for new agreements, throughout the whole UK, and allowing operators who already have apparatus installed under an expired agreement to either renew that agreement, or request a new one; and
- introduce new provisions to enable operators to obtain Code rights over certain types of land quickly in circumstances where a landowner does not respond to repeated requests for Code rights.
Who the legislation will apply to
The Telecommunications Infrastructure measures (Part 2 of the Bill) will apply to all parties involved in requests and agreements relating to rights regulated by the Electronic Communications Code. This will include telecommunications operators, infrastructure providers, landowners and occupiers, as well as professionals such as land agents and legal representatives.