PSTICompliance Hub

UK PSTI Act Scope, Security, and Supply Chain Duties

This hub is built around the live UK PSTI regime for consumer connectable products. It covers relevant connectable product scope, the three mandatory security requirements, manufacturer importer distributor duties, statement of compliance design, current deemed-compliance routes, supply-chain coordination, and OPSS enforcement exposure.

Use the root timeline and guide first. Then use the subpages to implement the real legal sequence: the Act received Royal Assent on 6 December 2022, the security requirements regulations were made on 14 September 2023, Part 1 plus the regulations came into force on 29 April 2024, the Schedule 3 and support-period amendment came into force on 25 February 2025, and the expanded deemed-compliance routes came into force on 4 December 2025.

Start with the UK PSTI Act applicability test
Publication details
Editorial metadata for this artifact
Author
Sorena AI
Published
Feb 22, 2026
Updated
Feb 22, 2026
What you can decide faster
Product scope
Determine whether a product is a relevant connectable product and whether any exclusion or boundary issue changes the duty set.
Role and evidence
Separate manufacturer, importer, and distributor duties, then decide what statement, summary, label-based deemed-compliance, retention, and investigation records are required.
Security implementation
Translate password, vulnerability disclosure, and minimum security update period duties into release gates and support operations.
By Sorena AIGrounded in PSTI legislation, OPSS, and ETSI materialsUpdated March 2026
Implementation focus
UK PSTI
Scope and categories
Start with section 4 relevant connectable product logic, section 6 excepted products, and role allocation.
Mandatory controls
Implement the three mandatory requirements: no universal default passwords, vulnerability disclosure information, and minimum security update period information.
Statements and enforcement
Prepare statement-of-compliance materials where required, validate any Schedule 2A route, maintain retention and compliance-failure records, and keep OPSS response capability ready.
Use the timeline and guides to move into the role, statement, and control pages for execution.
6 Dec 2022
Royal Assent
29 Apr 2024
In force
3 duties
Mandatory controls
10 years+
Statement retention if used
Scope first
3 UK PSTI requirements
Statement evidence
PSTI Timeline

Key dates for UK product security implementation

Track PSTI milestones and commencement timing so product, legal, and compliance teams can stage controls and documentation with clear ownership.

Loading timeline...

Topic guides

Deep dive pages for implementation planning, controls, reporting, and evidence.

1
UK PSTI Act relevant connectable products: full scope and category definitions
UK PSTI Product Security guidance for Relevant Connectable Products Scope, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
2
UK PSTI Act statement of compliance: evidence requirements and audit documentation
UK PSTI Product Security guidance for Statement Of Compliance And Evidence, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
3
UK PSTI Act statement of compliance: what must the SoC contain?
UK PSTI Product Security guidance for Statement Of Compliance, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
4
UK PSTI Act: is your product a relevant connectable product? scope test
UK PSTI Product Security guidance for Relevant Connectable Product Scope, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
5
UK PSTI Act: step-by-step statement of compliance preparation workflow
UK PSTI Product Security guidance for Statement Of Compliance Workflow, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
6
UK PSTI Act: step-by-step vulnerability disclosure process workflow
UK PSTI Product Security guidance for Vulnerability Disclosure Workflow, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
7
UK PSTI Act: vulnerability disclosure policy requirements and template
UK PSTI Product Security guidance for Vulnerability Disclosure Policy, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
8
UK PSTI Default Password Requirements
A source-linked guide to the UK PSTI default password rule for consumer connectable products: unique passwords, user-defined setup, prohibited patterns, and evidence to keep.
Read Guide
9
UK PSTI Product Security Applicability Test Guide
Practical guidance for the UK PSTI Product Security applicability test, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
10
UK PSTI Product Security Checklist
Practical guidance for the UK PSTI Product Security checklist, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
11
UK PSTI Product Security Compliance Guide
Practical guidance for the UK PSTI Product Security compliance, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
12
UK PSTI Product Security Deadlines and Compliance Calendar Guide
UK PSTI Product Security guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
13
UK PSTI Product Security ETSI Evidence Mapping Guide
UK PSTI Product Security guidance for ETSI Evidence Mapping, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
14
UK PSTI Product Security FAQ
Practical guidance for the UK PSTI Product Security FAQ, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
15
UK PSTI Product Security Importer And Distributor Duties Guide
UK PSTI Product Security guidance for Importer And Distributor Duties, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
16
UK PSTI Product Security Minimum Support Period And Update Transparency Guide
UK PSTI Product Security guidance for Minimum Support Period And Update Transparency, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
17
UK PSTI Product Security OPSS Enforcement and Penalties Guide
UK PSTI Product Security guidance for OPSS enforcement and penalties, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
18
UK PSTI Product Security OPSS Notices Guide
UK PSTI Product Security guidance for OPSS Notices, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
19
UK PSTI Product Security penalties and fines Guide
UK PSTI Product Security guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
20
UK PSTI Product Security PSTI Password And Update Policy Requirements Guide
UK PSTI Product Security guidance for PSTI Password And Update Policy Requirements, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
21
UK PSTI Product Security PSTI Scope Classifier Workflow Guide
UK PSTI Product Security guidance for PSTI Scope Classifier Workflow, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
22
UK PSTI Product Security PSTI Statement Of Compliance Template Guide
UK PSTI Product Security guidance for PSTI Statement Of Compliance Template, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
23
UK PSTI Product Security PSTI vs CRA Guide
UK PSTI Product Security guidance for PSTI vs CRA, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
24
UK PSTI Product Security PSTI vs ETSI EN 303 645 Guide
UK PSTI Product Security guidance for PSTI vs ETSI EN 303 645, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
25
UK PSTI Product Security PSTI vs EU Cyber Resilience Act Guide
UK PSTI Product Security guidance for PSTI vs EU Cyber Resilience Act, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
26
UK PSTI Product Security Requirements Guide
Practical guidance for the UK PSTI Product Security requirements, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
27
UK PSTI Product Security Requirements In Practice Guide
UK PSTI Product Security guidance for Security Requirements In Practice, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
28
UK PSTI Product Security Supply Chain Roles Manufacturer Importer Distributor Guide
UK PSTI Product Security guidance for Supply Chain Roles Manufacturer Importer Distributor, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
29
UK PSTI Product Security Support Period Evidence Workflow Guide
UK PSTI Product Security guidance for Support Period Evidence Workflow, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
30
UK PSTI vs Australia Cyber Security Act Guide
UK PSTI Product Security guidance for PSTI vs Australia Cyber Security Act, with practical decisions, evidence, edge cases, and external source citations.
Read Guide
Next step

Turn UK PSTI Act Scope, Security, and Supply Chain Duties into an operational assessment workflow

UK PSTI Act Scope, Security, and Supply Chain Duties should be the shared entry point for your team. Route execution into Assessment Autopilot for live work and into Research Copilot when the artifact needs deeper research, evidence governance, or supporting analysis.

What this unlocks
  • Start from UK PSTI Act Scope, Security, and Supply Chain Duties and route the work by entity, product, team, or control owner.
  • Use Assessment Autopilot to turn the guidance into owned tasks, evidence requests, and review checkpoints.
  • Use Research Copilot to answer scope, timing, and interpretation questions with cited outputs.
  • Move from artifact reading to accountable execution without rebuilding the guidance in separate files.
Recommended route
Open Assessment Autopilot
Turn the guidance into owned tasks, evidence requests, and review checkpoints for UK PSTI Act Scope, Security, and Supply Chain Duties.
Supporting route
Open Research Copilot
Answer scope, timing, and interpretation questions with cited outputs from the same artifact.
Talk to Sorena
Talk through UK PSTI Act Scope, Security, and Supply Chain Duties
Review your current process, evidence model, and next implementation steps.
Discuss your setup
UK PSTI Act compliance hub preview
Share it internally
Download the timeline export to align legal, product, engineering, and commercial teams on milestones and deadlines.