TemplateStatement Drafting

PSTI Statement of Compliance Template

A useful template reduces drafting drift across product lines.

The template should pull information from the control and release workflow, not invent it at the last minute.

Back to main artifactReview sources
Author
Sorena AI
Published
Feb 22, 2026
Updated
Feb 22, 2026
Sections
3

Structured answer sets in this page tree.

Primary sources
2

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Feb 22, 2026
Updated Feb 22, 2026
Overview

The best statement template is one that only uses approved product identifiers, support-period values, and compliance conclusions taken from the product evidence file. That avoids the common failure where the statement and the product website describe different support periods or different security positions. It is also important to confirm that the product is actually using the section 9 statement route rather than the newer Schedule 2A deemed-compliance route.

Section 1

Template section one: product and manufacturer identity

Start with the exact product identity, model references, and the manufacturer identity relevant to the UK route to market. Schedule 4 requires the product type plus any batch or serial number needed to identify the product, the manufacturer's name and address, and any authorised representative's name and address. If there are multiple manufacturers, the template must support the joint preparation position allowed by the Act.

This is the anchor for every other statement field.

  • Product type, batch or serial number, and model or version identifiers
  • Manufacturer legal identity and address, plus any authorised representative details
  • Joint manufacturer logic where relevant
Recommended next step

Keep PSTI Statement of Compliance Template in one governed evidence system

SSOT can take PSTI Statement of Compliance Template from reusing this material inside a governed evidence system to a reusable workflow inside Sorena. Teams working on PSTI Statement can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Evidence system
Open SSOT for PSTI Statement of Compliance Template

Start from PSTI Statement of Compliance Template and keep documents, evidence, and control records in one governed system.

Explore next step
Talk to Sorena
Talk through PSTI Statement

Review your current process, evidence gaps, and next steps for PSTI Statement of Compliance Template.

Explore next step
Section 2

Template section two: applicable requirements and support period

The template should identify the applicable security requirements and record the defined support period exactly as the customer-facing materials state it. Schedule 4 also requires the declaration that, in the manufacturer's opinion, the applicable security requirements have been complied with and that the support-period statement was correct when the manufacturer first supplied the product.

Do not let teams type this freehand from memory.

  • List the applicable security requirements for the product
  • Include the manufacturer's compliance declaration in the Schedule 4 form
  • Pull the defined support period from the approved source of truth
  • Reference the supporting evidence file or release pack
Section 3

Template section three: approvals and recordkeeping

The template should also support the internal approval path and retention calculation. Schedule 4 requires the name, function, and signature of the person signing, plus the place and date of issue. That means the template should capture the issue date and any links needed for later retrieval by the manufacturer and importer.

A statement that cannot be version-controlled will eventually break the retention model, and if the product is on a Schedule 2A route the template should not be used as a substitute for checking those separate conditions.

  • Issue date, signatory name and function, signature, and place of issue
  • Evidence pack link or identifier
  • Retention schedule set to the longer of 10 years and the support period where the statement route applies
Primary sources

References and citations

Related guides

Explore more topics

UK PSTI Act Applicability Test | Relevant Connectable Product Scope and Exclusions
Grounded UK PSTI applicability test covering section 4 relevant connectable product logic, internet-connectable and network-connectable products.
UK PSTI Act Checklist | Scope, Statements, Security Controls, and Records
Audit-ready UK PSTI checklist covering product scope, role allocation, the three mandatory security requirements, statement of compliance handling, retention.
UK PSTI Act Compliance Program | Product Security Governance and OPSS Readiness
Program design guide for UK PSTI compliance covering product scope, engineering controls, statement governance, supply-chain checks.
UK PSTI Act Deadlines and Compliance Calendar | Royal Assent, Commencement, and Review Dates
Grounded UK PSTI calendar covering 6 December 2022 Royal Assent, 29 April 2024 commencement, and the 2025 amendments now in force.
UK PSTI Act FAQ | Scope, Statements, Support Periods, and OPSS Questions
Practical FAQ on the UK PSTI regime covering product scope, the three mandatory requirements, statement of compliance issues, role duties, retention.
UK PSTI Act Requirements | Mandatory Security Duties, Statements, and Records
Detailed UK PSTI requirements guide covering the three mandatory security requirements, statement and deemed-compliance rules, and retention periods where the statement route applies.
UK PSTI OPSS Enforcement and Penalties | Risk Based Intervention and Escalation
Grounded OPSS enforcement guide for the UK PSTI regime covering risk-based and proportionate intervention, escalating enforcement, evidence expectations.
UK PSTI Password and Update Policy Requirements | Default Passwords, Disclosure, and Support Period
Grounded guide to UK PSTI password and update obligations covering unique or user-defined credentials, public vulnerability disclosure information.
UK PSTI Penalties and Fines | Financial and Operational Exposure
Practical guide to UK PSTI penalties and enforcement exposure covering why statement defects, support-period mismatches.
UK PSTI Relevant Connectable Products Scope | Internet Connectable, Network Connectable, and Exclusions
Detailed scope guide for UK PSTI relevant connectable products covering section 4 and 5 definitions, internet-connectable products.
UK PSTI Security Requirements in Practice | Engineering and Support Implementation
Operational guide for implementing UK PSTI security requirements in practice across engineering, firmware, support, vulnerability handling.
UK PSTI Statement of Compliance and Evidence | Statements, Summaries, and Retention
Grounded guide to UK PSTI statement-of-compliance obligations covering section 9, Schedule 2A alternatives, minimum information, and retention where the statement route applies.
UK PSTI Supply Chain Roles | Manufacturer, Importer, and Distributor Duties
Grounded guide to UK PSTI supply-chain roles covering manufacturer, importer, and distributor duties, statement handling, compliance-failure escalation.
UK PSTI vs EU Cyber Resilience Act | Product Scope, Duties, and Evidence Differences
Practical comparison of the UK PSTI regime and the EU Cyber Resilience Act covering product scope, baseline security duties, vulnerability handling.