Use this FAQ to answer recurring UK PSTI Product Security implementation questions with source-linked operational guidance, clear owners, and reusable evidence.
Use this guide to turn official requirements into scope, evidence, owner, and review decisions. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation.
Structured answer sets in this page tree.
Cited legal and guidance references.
Use this FAQ hub to answer recurring questions in a UK PSTI Product Security workstream. It turns the source material into decisions, evidence fields, and review steps that a product, legal, privacy, security, or compliance team can apply.
These focused FAQ modules break this artifact into narrower answer sets so teams can move straight to the right source-backed guidance.
UK PSTI Product Security guidance for Default Passwords, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security guidance for ETSI Evidence, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security guidance for Excepted Products, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security guidance for Importer And Distributor Duties, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security guidance for OPSS Notices, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security guidance for Relevant Connectable Products, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security guidance for Statement Of Compliance, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security guidance for Support Periods, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security guidance for Update Transparency, with practical decisions, evidence, edge cases, and external source citations.
UK PSTI Product Security guidance for Vulnerability Disclosure, with practical decisions, evidence, edge cases, and external source citations.
Start by deciding whether the product is a relevant connectable product and which manufacturer, importer, distributor, statement-of-compliance, vulnerability-disclosure, password, support-period, or OPSS enforcement duty is triggered. The useful answer should name the exact trigger, affected product or process, required action, owner, evidence, and escalation point.
Keep the legal source, product-scope decision, manufacturer/importer/distributor role, statement of compliance, and technical evidence together so OPSS-facing records are reviewable.
Ownership should sit with the team that controls product design, supply-chain placement, importer/distributor checks, or customer security information, with legal and product-security review.
Evidence should show relevant-connectable-product scope, default-password controls, vulnerability disclosure channel, minimum support period, statement of compliance, supply-chain role checks, and OPSS notice response readiness.
Most PSTI mistakes happen at the boundary between manufacturer, importer and distributor duties, excepted products, bundled products, support-period statements, and evidence that does not match the shipped product.
Use this section before UK market placement, importer onboarding, distributor acceptance, or support-period publication so the evidence matches the actual product and supply-chain role.
Use a compact PSTI workflow that captures product scope, role, password control, vulnerability disclosure route, support-period information, statement-of-compliance approval, and OPSS escalation path.
The output should be a product-scope note, statement-of-compliance pack, supplier attestation, customer-facing support-period notice, or OPSS response record.
Use this UK PSTI Product Security guide to turn FAQ into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.
Turn FAQ into scoped questions, evidence fields, and review tasks.
Use Research Copilot to answer follow-up questions with cited source material.
Review scope, evidence, owners, and the next compliance actions with Sorena.
"This document provides guidance on regulatory activities, enforcement, and related resources for the Product Security and Telecommunications Infrastructure"
"non-compliance under the PSTI Act"
"The government has been working with the tech industry to better secure consumer connectable products for several years"
"security requirements for relevant connectable products"
"This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"