Deadlines and Compliance Calendar decisions under UK PSTI Product Security should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed.
Use this guide to turn official requirements into scope, evidence, owner, and review decisions. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation.
Structured answer sets in this page tree.
Cited legal and guidance references.
This page helps you determine which UK PSTI Product Security duties apply, who owns each action, required evidence, and the review path for escalation decisions.
Track the dates that are fixed in the official sources: the regime came into effect on 29 April 2024, OPSS began enforcing it from 29 April 2024, the 2025 vehicle exemptions took effect on 25 February 2025, and the GOV.UK guidance page was last updated on 17 March 2025.
For internal workflow, add the time limits that apply after enforcement steps: 10 days for written representations to a proposed Compliance Notice, Stop Notice, or Recall Notice, 28 days to appeal a notice or monetary penalty to the First-tier Tribunal, and 45 days for OPSS to give written notice of a compensation decision.
Ownership should sit with the team that controls product design, supply-chain placement, importer/distributor checks, or customer security information, with legal and product-security review.
Evidence should show relevant-connectable-product scope, default-password controls, vulnerability disclosure channel, minimum support period, statement of compliance, supply-chain role checks, and OPSS notice response readiness.
Most PSTI mistakes happen at the boundary between manufacturer, importer and distributor duties, excepted products, bundled products, support-period statements, and evidence that does not match the shipped product.
Use this section before UK market placement, importer onboarding, distributor acceptance, or support-period publication so the evidence matches the actual product and supply-chain role.
Use a compact PSTI workflow that captures product scope, role, password control, vulnerability disclosure route, support-period information, statement-of-compliance approval, and OPSS escalation path.
The output should be a product-scope note, statement-of-compliance pack, supplier attestation, customer-facing support-period notice, or OPSS response record.
Use this UK PSTI Product Security guide to turn Deadlines and Compliance Calendar into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.
Turn Deadlines and Compliance Calendar into scoped questions, evidence fields, and review tasks.
Use Research Copilot to answer follow-up questions with cited source material.
Review scope, evidence, owners, and the next compliance actions with Sorena.
"The UK's consumer connectable product security regime came into effect on 29 April 2024."
"The government has been working with the tech industry to better secure consumer connectable products for several years"
"This document provides guidance on regulatory activities, enforcement, and related resources for the Product Security and Telecommunications Infrastructure"
"security requirements for relevant connectable products"
"This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"