--- title: "UK PSTI Product Security Importer And Distributor Duties Guide" canonical_url: "https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/importer-and-distributor-duties" source_url: "https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/importer-and-distributor-duties" author: "Sorena AI" description: "UK PSTI Product Security guidance for Importer And Distributor Duties, with practical decisions, evidence, edge cases, and external source citations." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "UK PSTI Product Security" - "Importer And Distributor Duties" - "UK PSTI Product Security Importer And Distributor Duties" - "compliance checklist" - "practical guidance" - "Compliance" - "Regulatory guidance" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # UK PSTI Product Security Importer And Distributor Duties Guide UK PSTI Product Security guidance for Importer And Distributor Duties, with practical decisions, evidence, edge cases, and external source citations. *Artifact Guide* *UK* *Importer And Distributor Duties* ## UK PSTI Product Security Importer And Distributor Duties Importer And Distributor Duties decisions under UK PSTI Product Security should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed. Use this guide to turn official requirements into scope, evidence, owner, and review decisions. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation. This page explains the basic split between importer and distributor duties under UK PSTI Product Security. Importers bring relevant connectable products into the UK from outside the UK, while distributors make the product available in the UK but are not the manufacturer or importer. Use this page to see which duties apply, who owns each action, what evidence is needed, and when to escalate decisions. ## What should teams decide about Importer And Distributor Duties under UK PSTI Product Security? Start by deciding whether the product is a relevant connectable product and which manufacturer, importer, or distributor duty is triggered. Importers are the businesses that bring the product from outside the UK into the UK and are not the manufacturer; distributors are the businesses that make the product available in the UK and are not the manufacturer or importer. The useful answer should name the exact trigger, affected product or process, required action, owner, evidence, and escalation point. Keep the legal source, product-scope decision, manufacturer/importer/distributor role, statement of compliance, and technical evidence together so OPSS-facing records are reviewable. - Define the exact Importer And Distributor Duties trigger and the business process it affects. - Record which role, product, system, customer group, or data flow is in scope. - Attach the source-linked rule, the owner, and the evidence field before approving the control. - Escalate uncertainty when the facts depend on thresholds, exemptions, cross-border activity, vulnerable users, or enforcement-sensitive wording. Sources for this answer: - [Consumer connectable product security regulations](https://www.gov.uk/government/publications/OPSS-enforcement-enforcement-actions/consumer-connectable-product-security-regulations?ref=sorena.io) - OPSS enforcement guidance explains the compliance-failure duties that apply to manufacturers, importers, authorised representatives, and distributors. - [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - Government regime guidance identifies manufacturers, importers, and distributors as relevant persons and explains statement-of-compliance duties. - [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - Primary source support for the Importer And Distributor Duties decision. ## Who should own Importer And Distributor Duties, and what evidence should prove the decision? Ownership should sit with the team that controls product design, supply-chain placement, importer/distributor checks, or customer security information, with legal and product-security review. Evidence should show relevant-connectable-product scope, default-password controls, vulnerability disclosure channel, minimum support period, statement of compliance, supply-chain role checks, and OPSS notice response readiness. - Name one accountable owner and one reviewer for the Importer And Distributor Duties workflow. - Keep source screenshots or source links, decision notes, implementation tickets, and approval records together. - Use dated evidence for deadlines, notices, risk assessments, contracts, user journeys, and regulator-facing records. - Review the evidence after product changes, new markets, new vendors, enforcement updates, or material changes in the source text. Sources for this answer: - [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - Evidence and ownership support for UK PSTI Product Security. - [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - Evidence and ownership support for UK PSTI Product Security. - [The Product Security and Telecommunications Infrastructure Act 2022 (Commencement No. 2) Regulations 2023](https://www.legislation.gov.uk/uksi/2023/469/made?utm_source=sorena.io/uksi/2023/469/contents/made&ref=sorena.io) - Evidence and ownership support for UK PSTI Product Security. ## Which edge cases should teams check before relying on a Importer And Distributor Duties decision? Most PSTI mistakes happen at the boundary between manufacturer, Importer And Distributor Duties, excepted products, bundled products, support-period statements, and evidence that does not match the shipped product. Use this section before UK market placement, importer onboarding, distributor acceptance, or support-period publication so the evidence matches the actual product and supply-chain role. - Check whether the product is internet-connectable or network-connectable, whether a Schedule 3 exception applies, and whether the importer or distributor has statement-of-compliance and compliance-failure action duties. - Separate binding law, regulator guidance, consultation material, standards, and enforcement commentary in the evidence record. - Do not rely on a previous answer if the data categories, user interface, vendor role, or contractual flow changed. - Track unresolved assumptions in an open-questions section and route legal interpretation points for review. Sources for this answer: - [Consumer connectable product security regulations](https://www.gov.uk/government/publications/OPSS-enforcement-enforcement-actions/consumer-connectable-product-security-regulations?ref=sorena.io) - Boundary and edge-case support for this artifact page. - [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - Boundary and edge-case support for this artifact page. - [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - Boundary and edge-case support for this artifact page. - [The Product Security and Telecommunications Infrastructure Act 2022 (Commencement No. 2) Regulations 2023](https://www.legislation.gov.uk/uksi/2023/469/made?utm_source=sorena.io/uksi/2023/469/contents/made&ref=sorena.io) - Boundary and edge-case support for this artifact page. ## How should teams operationalize Importer And Distributor Duties with proportionate controls? Use a compact PSTI workflow that captures product scope, role, password control, vulnerability disclosure route, support-period information, statement-of-compliance approval, and OPSS escalation path. The output should be a product-scope note, statement-of-compliance pack, supplier attestation, customer-facing support-period notice, or OPSS response record. - Create a short intake question that identifies the Importer And Distributor Duties scenario. - Map the answer to a required action, evidence field, owner, reviewer, and review date. - Link related artifact pages with descriptive anchors so users can move from scope to deadlines, controls, penalties, and templates. - Update the workflow when official source material changes or when internal evidence shows recurring exceptions. Sources for this answer: - [Consumer connectable product security regulations](https://www.gov.uk/government/publications/OPSS-enforcement-enforcement-actions/consumer-connectable-product-security-regulations?ref=sorena.io) - Operational implementation support for Importer And Distributor Duties. - [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - Operational implementation support for Importer And Distributor Duties. - [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - Operational implementation support for Importer And Distributor Duties. *Recommended next step* *Placement: after the practical guidance* ## Turn UK PSTI Product Security Importer And Distributor Duties into assigned work Use this UK PSTI Product Security guide to turn Importer And Distributor Duties into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena. - [Open Assessment Autopilot for UK PSTI Product Security](/solutions/assessment.md): Turn Importer And Distributor Duties into scoped questions, evidence fields, and review tasks. - [Review UK PSTI Product Security source evidence](/solutions/research-copilot.md): Use Research Copilot to answer follow-up questions with cited source material. - [Talk through implementation](/contact.md): Review scope, evidence, owners, and the next compliance actions with Sorena. ## Primary sources - [Consumer connectable product security regulations](https://www.gov.uk/government/publications/OPSS-enforcement-enforcement-actions/consumer-connectable-product-security-regulations?ref=sorena.io) - OPSS enforcement guidance supports importer and distributor escalation steps after a relevant connectable product compliance failure. - Quote: "Authorised representatives and distributors of relevant connectable products are also under a duty to take action" - [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - Government regime guidance supports the importer and distributor statement-of-compliance checks before UK market availability. - Quote: "importers and distributors respectively also have duties placed upon them to not make available a product" - [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - Supports Importer And Distributor Duties under UK PSTI Product Security. - Quote: "This document provides guidance on regulatory activities, enforcement, and related resources for the Product Security and Telecommunications Infrastructure" - [The Product Security and Telecommunications Infrastructure Act 2022 (Commencement No. 2) Regulations 2023](https://www.legislation.gov.uk/uksi/2023/469/made?utm_source=sorena.io/uksi/2023/469/contents/made&ref=sorena.io) - Supports Importer And Distributor Duties under UK PSTI Product Security. - Quote: "Product Security and Telecommunications Infrastructure Act 2022" - [Regulation of consumer connectable product cyber security](https://www.legislation.gov.uk/ukia/2023/123/pdfs/ukia_20230123_en.pdf?ref=sorena.io) - Supports Importer And Distributor Duties under UK PSTI Product Security. - Quote: "The government has been working with the tech industry to better secure consumer connectable products for several years" ## Related Topic Guides - [UK PSTI Act relevant connectable products: full scope and category definitions](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/relevant-connectable-products-scope.md): UK PSTI Product Security guidance for Relevant Connectable Products Scope, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Act statement of compliance: evidence requirements and audit documentation](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/statement-of-compliance-and-evidence.md): UK PSTI Product Security guidance for Statement Of Compliance And Evidence, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Act statement of compliance: what must the SoC contain?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/statement-of-compliance.md): UK PSTI Product Security guidance for Statement Of Compliance, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Act: is your product a relevant connectable product? scope test](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/relevant-connectable-product-scope.md): UK PSTI Product Security guidance for Relevant Connectable Product Scope, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Act: step-by-step statement of compliance preparation workflow](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/statement-of-compliance-workflow.md): UK PSTI Product Security guidance for Statement Of Compliance Workflow, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Act: step-by-step vulnerability disclosure process workflow](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/vulnerability-disclosure-workflow.md): UK PSTI Product Security guidance for Vulnerability Disclosure Workflow, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Act: vulnerability disclosure policy requirements and template](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/vulnerability-disclosure-policy.md): UK PSTI Product Security guidance for Vulnerability Disclosure Policy, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Default Password Requirements](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/default-password-requirements.md): A source-linked guide to the UK PSTI default password rule for consumer connectable products: unique passwords, user-defined setup, prohibited patterns, and evidence to keep. - [UK PSTI Product Security Applicability Test Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/applicability-test.md): Practical guidance for the UK PSTI Product Security applicability test, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security Checklist](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/checklist.md): Practical guidance for the UK PSTI Product Security checklist, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security Compliance Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/compliance.md): Practical guidance for the UK PSTI Product Security compliance, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security Deadlines and Compliance Calendar Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/deadlines-and-compliance-calendar.md): UK PSTI Product Security guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security ETSI Evidence Mapping Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/etsi-evidence-mapping.md): UK PSTI Product Security guidance for ETSI Evidence Mapping, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security FAQ](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq.md): Practical guidance for the UK PSTI Product Security FAQ, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security Minimum Support Period And Update Transparency Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/minimum-support-period-and-update-transparency.md): UK PSTI Product Security guidance for Minimum Support Period And Update Transparency, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security OPSS Enforcement and Penalties Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/opss-enforcement-and-penalties.md): UK PSTI Product Security guidance for OPSS enforcement and penalties, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security OPSS Notices Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/opss-notices.md): UK PSTI Product Security guidance for OPSS Notices, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security penalties and fines Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/penalties-and-fines.md): UK PSTI Product Security guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security PSTI Password And Update Policy Requirements Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-password-and-update-policy-requirements.md): UK PSTI Product Security guidance for PSTI Password And Update Policy Requirements, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security PSTI Scope Classifier Workflow Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-scope-classifier-workflow.md): UK PSTI Product Security guidance for PSTI Scope Classifier Workflow, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security PSTI Statement Of Compliance Template Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-statement-of-compliance-template.md): UK PSTI Product Security guidance for PSTI Statement Of Compliance Template, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security PSTI vs CRA Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-cra.md): UK PSTI Product Security guidance for PSTI vs CRA, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security PSTI vs ETSI EN 303 645 Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-etsi-en-303-645.md): UK PSTI Product Security guidance for PSTI vs ETSI EN 303 645, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security PSTI vs EU Cyber Resilience Act Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-eu-cyber-resilience-act.md): UK PSTI Product Security guidance for PSTI vs EU Cyber Resilience Act, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security Requirements Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/requirements.md): Practical guidance for the UK PSTI Product Security requirements, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security Requirements In Practice Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/security-requirements-in-practice.md): UK PSTI Product Security guidance for Security Requirements In Practice, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security Supply Chain Roles Manufacturer Importer Distributor Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/supply-chain-roles-manufacturer-importer-distributor.md): UK PSTI Product Security guidance for Supply Chain Roles Manufacturer Importer Distributor, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI Product Security Support Period Evidence Workflow Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/support-period-evidence-workflow.md): UK PSTI Product Security guidance for Support Period Evidence Workflow, with practical decisions, evidence, edge cases, and external source citations. - [UK PSTI vs Australia Cyber Security Act Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-australia-cyber-security-act.md): UK PSTI Product Security guidance for PSTI vs Australia Cyber Security Act, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Default Passwords under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/default-passwords.md): UK PSTI Product Security guidance for Default Passwords, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about ETSI Evidence under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/etsi-evidence.md): UK PSTI Product Security guidance for ETSI Evidence, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Excepted Products under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/excepted-products.md): UK PSTI Product Security guidance for Excepted Products, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Importer And Distributor Duties under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/importer-and-distributor-duties.md): UK PSTI Product Security guidance for Importer And Distributor Duties, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about OPSS Notices under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/opss-notices.md): UK PSTI Product Security guidance for OPSS Notices, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Relevant Connectable Products under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/relevant-connectable-products.md): UK PSTI Product Security guidance for Relevant Connectable Products, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Statement Of Compliance under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/statement-of-compliance.md): UK PSTI Product Security guidance for Statement Of Compliance, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Support Periods under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/support-periods.md): UK PSTI Product Security guidance for Support Periods, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Update Transparency under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/update-transparency.md): UK PSTI Product Security guidance for Update Transparency, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Vulnerability Disclosure under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/vulnerability-disclosure.md): UK PSTI Product Security guidance for Vulnerability Disclosure, with practical decisions, evidence, edge cases, and external source citations. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/importer-and-distributor-duties