OPSS can use Compliance Notices, Stop Notices, Recall Notices, Monetary Penalties, Forfeiture Orders, and court orders for Information Notices when businesses do not comply with the PSTI regime.
Use this guide to understand the notice process, appeal rights, and penalty exposure in plain language, and confirm the current legal position against official sources before implementation.
Structured answer sets in this page tree.
Cited legal and guidance references.
This page explains how OPSS enforces the UK PSTI Product Security regime, what enforcement actions it can take, what penalties may apply, and what notice and appeal rights businesses have.
OPSS can respond to non-compliance with Compliance Notices, Stop Notices, Recall Notices, Monetary Penalties, Forfeiture Orders, and court orders linked to an Information Notice. The enforcement guidance also says OPSS can publish details of compliance failures when it considers publication to be in the public interest.
For most notices, OPSS will usually issue a Notice of Intent first. Businesses can then make written representations within 10 days beginning on the day the notice of intention is given. If OPSS proceeds, the business may have a statutory right to appeal to the First-tier Tribunal.
Ownership should sit with the team that controls product design, supply-chain placement, importer/distributor checks, or customer security information, with legal and product-security review.
Evidence should show the product scope, the duty involved, the notice or penalty received, any representations made, the response sent to OPSS, and the date any appeal deadline expires.
Most PSTI mistakes happen at the boundary between manufacturer, importer and distributor duties, excepted products, bundled products, support-period statements, and evidence that does not match the shipped product.
Use this section before UK market placement, importer onboarding, distributor acceptance, or support-period publication so the evidence matches the actual product and supply-chain role.
Use a compact PSTI workflow that captures product scope, role, password control, vulnerability disclosure route, support-period information, statement-of-compliance approval, and OPSS escalation path.
The output can be a product-scope note, statement-of-compliance pack, supplier attestation, customer-facing support-period notice, or OPSS response record.
Use this UK PSTI Product Security guide to turn OPSS enforcement and penalties into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.
Turn OPSS enforcement and penalties into scoped questions, evidence fields, and review tasks.
Use Research Copilot to answer follow-up questions with cited source material.
Review scope, evidence, owners, and the next compliance actions with Sorena.
"OPSS enforces the above legislation. This guidance, which sits alongside our Enforcement Policy, explains the enforcement powers that are available to OPSS"
"Compliance advice and guidance may be provided alongside other enforcement actions"
"This document provides guidance on regulatory activities, enforcement, and related resources for the Product Security and Telecommunications Infrastructure"
"Product Security and Telecommunications Infrastructure Act 2022"
"This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"