---
title: "UK PSTI Product Security PSTI vs ETSI EN 303 645 Guide"
canonical_url: "https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-etsi-en-303-645"
source_url: "https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-etsi-en-303-645"
author: "Sorena AI"
description: "UK PSTI Product Security guidance for PSTI vs ETSI EN 303 645, with practical decisions, evidence, edge cases, and external source citations."
published_at: "2026-05-09"
updated_at: "2026-05-09"
keywords:
- "UK PSTI Product Security"
- "PSTI vs ETSI EN 303 645"
- "UK PSTI Product Security PSTI vs ETSI EN 303 645"
- "compliance checklist"
- "practical guidance"
- "Compliance"
- "Regulatory guidance"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform
[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)
---
# UK PSTI Product Security PSTI vs ETSI EN 303 645 Guide
UK PSTI Product Security guidance for PSTI vs ETSI EN 303 645, with practical decisions, evidence, edge cases, and external source citations.
*Artifact Guide* *UK* *PSTI vs ETSI EN 303 645*
## UK PSTI Product Security PSTI vs ETSI EN 303 645
PSTI vs ETSI EN 303 645 decisions under UK PSTI Product Security should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed.
Use this guide to turn official requirements into scope, evidence, owner, and review decisions. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation.
This page helps you determine which UK PSTI Product Security duties apply, who owns each action, required evidence, and the review path for escalation decisions.
## PSTI vs ETSI EN 303 645: practical compliance comparison
Compare PSTI and ETSI EN 303 645 through scope, actors, triggers, duties, evidence, deadlines, enforcement, and operational decision rules.
- **PSTI**: PSTI is the primary scoping column: use it to confirm covered facts, accountable owners, mandatory artifacts, timing, and enforcement exposure before assigning implementation work.
- **ETSI EN 303 645**: ETSI EN 303 645 is the second workstream in this comparison. Use it to test where the comparator has different scope, owners, triggers, evidence, timing, enforcement, and reuse limits from PSTI.
| Dimension | PSTI | ETSI EN 303 645 | Operational implication | Sources |
| --- | --- | --- | --- | --- |
| Scope and covered activity | PSTI: define the exact products, services, processing, claims, entities, assets, or activities that bring this side into scope; record out-of-scope facts separately. | ETSI EN 303 645: test its own scope boundary, exclusions, and covered activity; do not copy the PSTI conclusion without a separate source-linked finding. | Write two scope findings first: where PSTI applies, where ETSI EN 303 645 applies, and which facts are outside one side even if evidence can be reused. | [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
[Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
[Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
[ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
[The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties. |
| Who must act | PSTI: identify whether the duty sits with the manufacturer, importer, distributor, or authorised representative, and record which supply-chain role can change the product, statement of compliance, vulnerability-disclosure channel, password control, or support-period information. | ETSI EN 303 645: assign the comparator duty to its own accountable actor and note when counterparties, subsidiaries, importers, providers, or customers differ. | Name each role separately because one entity can hold different obligations in different workflows. | [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
[Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
[Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
[ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
[The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties. |
| Trigger or threshold | PSTI: state the fact that starts the obligation, such as market placement, processing, designation, incident, reporting period, transfer, data request, supplier change, or public claim. | ETSI EN 303 645 is a voluntary consumer IoT baseline standard, so use it as a control and evidence comparator rather than treating it as a legal trigger with statutory thresholds or supervisory notices. | Start with the trigger so teams do not apply the wrong regime to the wrong facts. | [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
[Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
[Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
[ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
[The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties. |
| Core obligations | The UK PSTI Act mandates three baseline security requirements for all connectable products: no universal default passwords, a published vulnerability disclosure policy, and a declared minimum security update period - each enforced by OPSS under the PSTI regime. | ETSI EN 303 645 defines 13 provisions covering no universal default passwords, a vulnerability disclosure policy, software update mechanisms, secure storage of sensitive parameters, minimized attack surface, security communications, minimized exposed attack surface, software integrity, personal data protection, resilience, telemetry examination, deletion of user data, and easy device installation. | Translate obligations into tickets, notices, records, controls, or contract terms. | [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
[Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
[Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
[ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
[The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties. |
| Evidence and records | PSTI: keep the evidence that proves this side of the decision, including cited text, registers, policies, test records, contracts, notices, reports, approvals, or audit artifacts. | ETSI EN 303 645: keep comparator evidence in a distinct record set and link only the artifacts that genuinely satisfy both source-linked requirements. | Keep source links, factual analysis, owner approval, and implementation evidence together. | [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
[Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
[Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
[ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
[The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties. |
| Timing and cadence | PSTI: capture the application date, commencement date, transition period, reporting clock, review cadence, remediation window, or certification renewal that controls this side. | ETSI EN 303 645: track the comparator schedule separately so a later deadline, recurring audit, or incident timer is not hidden by the other workstream. | Use current source dates; do not reuse old project plans after amendments or guidance updates. | [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
[Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
[Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
[ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
[The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties. |
| Enforcement or assurance route | PSTI: identify the competent authority, regulator, assessor, customer audit, certification body, contractual remedy, penalty, or supervisory process tied to this side. | ETSI EN 303 645: identify the comparator enforcement or assurance route and record where supervision, penalties, market access, certification, or contract leverage differs. | Escalate when enforcement routes differ because a regulator, market-surveillance authority, certification body, customer, or contract counterparty may require different proof. | [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
[Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
[Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
[ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
[The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties. |
| Overlap and reuse | PSTI: reuse controls only where the source-linked duty, evidence standard, owner, and timing align with the comparator; otherwise keep a bridge note. | ETSI EN 303 645 can reuse evidence from the other side only when the same fact pattern, system boundary, control, owner, and source-linked requirement are genuinely aligned. | Document overlap explicitly instead of merging both tests into one vague compliance label. | [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
[Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
[Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
[ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
[The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties. |
| Practical decision rule | PSTI: treat this as the controlling workstream when its scope trigger, deadline, regulator, or required artifact is the immediate blocker. | ETSI EN 303 645: run a parallel or follow-on workstream when this side adds separate actors, evidence, timing, penalties, customer assurances, or implementation constraints. | Choose one practical next step: proceed under PSTI, proceed under ETSI EN 303 645, run both in parallel, or document why neither side controls the present fact pattern. | [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
[Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
[Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
[ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
[The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties. |
Sources for Scope and covered activity - PSTI:
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
Sources for Scope and covered activity - ETSI EN 303 645:
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
Sources for Scope and covered activity - operational implication:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
Sources for Who must act - PSTI:
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
Sources for Who must act - ETSI EN 303 645:
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
Sources for Who must act - operational implication:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
Sources for Trigger or threshold - PSTI:
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
Sources for Trigger or threshold - ETSI EN 303 645:
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
Sources for Trigger or threshold - operational implication:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
Sources for Core obligations - PSTI:
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
Sources for Core obligations - ETSI EN 303 645:
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
Sources for Core obligations - operational implication:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
Sources for Evidence and records - PSTI:
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
Sources for Evidence and records - ETSI EN 303 645:
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
Sources for Evidence and records - operational implication:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
Sources for Timing and cadence - PSTI:
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
Sources for Timing and cadence - ETSI EN 303 645:
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
Sources for Timing and cadence - operational implication:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
Sources for Enforcement or assurance route - PSTI:
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
Sources for Enforcement or assurance route - ETSI EN 303 645:
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
Sources for Enforcement or assurance route - operational implication:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
Sources for Overlap and reuse - PSTI:
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
Sources for Overlap and reuse - ETSI EN 303 645:
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
Sources for Overlap and reuse - operational implication:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
Sources for Practical decision rule - PSTI:
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
Sources for Practical decision rule - ETSI EN 303 645:
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
Sources for Practical decision rule - operational implication:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - PSTI regulations and guidance support the comparison finding that scope, role, and evidence decisions must be tied to mandatory product-security duties.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
### How to use the PSTI vs ETSI EN 303 645 comparison
- Start with the trigger and role rows before reading obligations.
- Use one source-linked note for each side before assigning controls.
- Escalate overlap cases where both regimes can apply to the same data flow, product, service, or contract.
Sources for the practical decision rule:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - Supports the comparison decision rule.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
## How should teams compare PSTI vs ETSI EN 303 645 under UK PSTI Product Security?
Start by deciding whether the product is a relevant connectable product and which manufacturer, importer, distributor, statement-of-compliance, vulnerability-disclosure, password, support-period, or OPSS enforcement duty is triggered. The useful answer should name the exact trigger, affected product or process, required action, owner, evidence, and escalation point.
Keep the legal source, product-scope decision, manufacturer/importer/distributor role, statement of compliance, and technical evidence together so OPSS-facing records are reviewable.
- Define the exact PSTI vs ETSI EN 303 645 trigger and the business process it affects.
- Record which role, product, system, customer group, or data flow is in scope.
- Attach the source-linked rule, the owner, and the evidence field before approving the control.
- Escalate uncertainty when the facts depend on thresholds, exemptions, cross-border activity, vulnerable users, or enforcement-sensitive wording.
Sources for this answer:
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations set the mandatory baseline security requirements for relevant connectable products.
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - Primary source support for the PSTI vs ETSI EN 303 645 decision.
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
## Who should own PSTI vs ETSI EN 303 645, and what evidence should prove the decision?
Ownership should sit with the team that controls product design, supply-chain placement, importer/distributor checks, or customer security information, with legal and product-security review.
Evidence should show relevant-connectable-product scope, default-password controls, vulnerability disclosure channel, minimum support period, statement of compliance, supply-chain role checks, and OPSS notice response readiness.
- Name one accountable owner and one reviewer for the PSTI vs ETSI EN 303 645 workflow.
- Keep source screenshots or source links, decision notes, implementation tickets, and approval records together.
- Use dated evidence for deadlines, notices, risk assessments, contracts, user journeys, and regulator-facing records.
- Review the evidence after product changes, new markets, new vendors, enforcement updates, or material changes in the source text.
Sources for this answer:
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - Evidence and ownership support for UK PSTI Product Security.
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
*Recommended next step*
*Placement: after the practical guidance*
## Turn UK PSTI Product Security PSTI vs ETSI EN 303 645 into assigned work
Use this UK PSTI Product Security guide to turn PSTI vs ETSI EN 303 645 into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.
- [Open Assessment Autopilot for UK PSTI Product Security](/solutions/assessment.md): Turn PSTI vs ETSI EN 303 645 into scoped questions, evidence fields, and review tasks.
- [Review UK PSTI Product Security source evidence](/solutions/research-copilot.md): Use Research Copilot to answer follow-up questions with cited source material.
- [Talk through UK PSTI and ETSI EN 303 645 implementation](/contact.md): Review scope, evidence, owners, and the next compliance actions with Sorena.
## Primary sources
- [Product Security and Telecommunications Infrastructure security requirements regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - UK PSTI security requirements regulations for relevant connectable products.
- Quote: "security requirements for relevant connectable products"
- [The UK Product Security and Telecommunications Infrastructure (Product Security) regime](https://www.gov.uk/government/publications/the-uk-product-security-and-telecommunications-infrastructure-product-security-regime?ref=sorena.io) - Supports the comparison decision rule.
- Quote: "This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"
- [Regulations: consumer connectable product security](https://www.gov.uk/guidance/regulations-consumer-connectable-product-security?ref=sorena.io) - OPSS and DSIT guidance identifies PSTI roles, compliance duties, security requirements, exclusions, and enforcement context.
- Quote: "Guidance for manufacturers, importers and distributors"
- [ETSI EN 303 645, Cyber Security for Consumer Internet of Things: Baseline Requirements](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - ETSI EN 303 645 is the voluntary consumer IoT baseline standard used here as the comparator to mandatory UK PSTI duties.
- Quote: "high-level security and data protection provisions for consumer IoT devices"
- [Consumer connectable product security regulations](https://www.gov.uk/government/publications/OPSS-enforcement-enforcement-actions/consumer-connectable-product-security-regulations?ref=sorena.io) - OPSS enforcement guidance supports the PSTI enforcement route and authority-facing evidence expectations.
- Quote: "OPSS is the enforcement authority responsible for ensuring compliance"
- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary UK PSTI Act source for connected product security duties.
- Quote: "Product Security and Telecommunications Infrastructure Act 2022"
## Related Topic Guides
- [UK PSTI Act relevant connectable products: full scope and category definitions](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/relevant-connectable-products-scope.md): UK PSTI Product Security guidance for Relevant Connectable Products Scope, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Act statement of compliance: evidence requirements and audit documentation](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/statement-of-compliance-and-evidence.md): UK PSTI Product Security guidance for Statement Of Compliance And Evidence, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Act statement of compliance: what must the SoC contain?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/statement-of-compliance.md): UK PSTI Product Security guidance for Statement Of Compliance, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Act: is your product a relevant connectable product? scope test](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/relevant-connectable-product-scope.md): UK PSTI Product Security guidance for Relevant Connectable Product Scope, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Act: step-by-step statement of compliance preparation workflow](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/statement-of-compliance-workflow.md): UK PSTI Product Security guidance for Statement Of Compliance Workflow, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Act: step-by-step vulnerability disclosure process workflow](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/vulnerability-disclosure-workflow.md): UK PSTI Product Security guidance for Vulnerability Disclosure Workflow, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Act: vulnerability disclosure policy requirements and template](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/vulnerability-disclosure-policy.md): UK PSTI Product Security guidance for Vulnerability Disclosure Policy, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Default Password Requirements](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/default-password-requirements.md): A source-linked guide to the UK PSTI default password rule for consumer connectable products: unique passwords, user-defined setup, prohibited patterns, and evidence to keep.
- [UK PSTI Product Security Applicability Test Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/applicability-test.md): Practical guidance for the UK PSTI Product Security applicability test, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security Checklist](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/checklist.md): Practical guidance for the UK PSTI Product Security checklist, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security Compliance Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/compliance.md): Practical guidance for the UK PSTI Product Security compliance, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security Deadlines and Compliance Calendar Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/deadlines-and-compliance-calendar.md): UK PSTI Product Security guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security ETSI Evidence Mapping Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/etsi-evidence-mapping.md): UK PSTI Product Security guidance for ETSI Evidence Mapping, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security FAQ](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq.md): Practical guidance for the UK PSTI Product Security FAQ, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security Importer And Distributor Duties Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/importer-and-distributor-duties.md): UK PSTI Product Security guidance for Importer And Distributor Duties, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security Minimum Support Period And Update Transparency Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/minimum-support-period-and-update-transparency.md): UK PSTI Product Security guidance for Minimum Support Period And Update Transparency, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security OPSS Enforcement and Penalties Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/opss-enforcement-and-penalties.md): UK PSTI Product Security guidance for OPSS enforcement and penalties, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security OPSS Notices Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/opss-notices.md): UK PSTI Product Security guidance for OPSS Notices, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security penalties and fines Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/penalties-and-fines.md): UK PSTI Product Security guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security PSTI Password And Update Policy Requirements Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-password-and-update-policy-requirements.md): UK PSTI Product Security guidance for PSTI Password And Update Policy Requirements, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security PSTI Scope Classifier Workflow Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-scope-classifier-workflow.md): UK PSTI Product Security guidance for PSTI Scope Classifier Workflow, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security PSTI Statement Of Compliance Template Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-statement-of-compliance-template.md): UK PSTI Product Security guidance for PSTI Statement Of Compliance Template, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security PSTI vs CRA Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-cra.md): UK PSTI Product Security guidance for PSTI vs CRA, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security PSTI vs EU Cyber Resilience Act Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-eu-cyber-resilience-act.md): UK PSTI Product Security guidance for PSTI vs EU Cyber Resilience Act, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security Requirements Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/requirements.md): Practical guidance for the UK PSTI Product Security requirements, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security Requirements In Practice Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/security-requirements-in-practice.md): UK PSTI Product Security guidance for Security Requirements In Practice, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security Supply Chain Roles Manufacturer Importer Distributor Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/supply-chain-roles-manufacturer-importer-distributor.md): UK PSTI Product Security guidance for Supply Chain Roles Manufacturer Importer Distributor, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI Product Security Support Period Evidence Workflow Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/support-period-evidence-workflow.md): UK PSTI Product Security guidance for Support Period Evidence Workflow, with practical decisions, evidence, edge cases, and external source citations.
- [UK PSTI vs Australia Cyber Security Act Guide](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-australia-cyber-security-act.md): UK PSTI Product Security guidance for PSTI vs Australia Cyber Security Act, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Default Passwords under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/default-passwords.md): UK PSTI Product Security guidance for Default Passwords, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about ETSI Evidence under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/etsi-evidence.md): UK PSTI Product Security guidance for ETSI Evidence, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Excepted Products under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/excepted-products.md): UK PSTI Product Security guidance for Excepted Products, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Importer And Distributor Duties under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/importer-and-distributor-duties.md): UK PSTI Product Security guidance for Importer And Distributor Duties, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about OPSS Notices under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/opss-notices.md): UK PSTI Product Security guidance for OPSS Notices, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Relevant Connectable Products under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/relevant-connectable-products.md): UK PSTI Product Security guidance for Relevant Connectable Products, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Statement Of Compliance under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/statement-of-compliance.md): UK PSTI Product Security guidance for Statement Of Compliance, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Support Periods under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/support-periods.md): UK PSTI Product Security guidance for Support Periods, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Update Transparency under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/update-transparency.md): UK PSTI Product Security guidance for Update Transparency, with practical decisions, evidence, edge cases, and external source citations.
- [What should teams do about Vulnerability Disclosure under UK PSTI Product Security?](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq/vulnerability-disclosure.md): UK PSTI Product Security guidance for Vulnerability Disclosure, with practical decisions, evidence, edge cases, and external source citations.
---
[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)
(c) 2026 Sorena AB (559573-7338). All rights reserved.
Source: https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-etsi-en-303-645