Relevant Connectable Product Scope decisions under UK PSTI Product Security should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed.
Use this guide to turn official requirements into scope, evidence, owner, and review decisions. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation.
Structured answer sets in this page tree.
Cited legal and guidance references.
This page explains when a product is in scope: a relevant connectable product is one that is internet-connectable or network-connectable and is not an excepted product. Use it to determine which UK PSTI Product Security duties apply, who owns each action, required evidence, and the review path for escalation decisions.
Start by checking whether the product is internet-connectable or network-connectable and whether it is excluded as an excepted product. If it is in scope, decide which manufacturer, importer, distributor, statement-of-compliance, vulnerability-disclosure, password, support-period, or OPSS enforcement duty is triggered.
A practical scope answer should name the exact trigger, affected product or process, required action, owner, evidence, and escalation point. Keep the legal source, product-scope decision, manufacturer/importer/distributor role, statement of compliance, and technical evidence together so OPSS-facing records are reviewable.
Ownership should sit with the team that controls product design, supply-chain placement, importer/distributor checks, or customer security information, with legal and product-security review.
Evidence should show relevant-connectable-product scope, default-password controls, vulnerability disclosure channel, minimum support period, statement of compliance, supply-chain role checks, and OPSS notice response readiness.
Most PSTI mistakes happen at the boundary between manufacturer, importer and distributor duties, excepted products, bundled products, support-period statements, and evidence that does not match the shipped product.
Use this section before UK market placement, importer onboarding, distributor acceptance, or support-period publication so the evidence matches the actual product and supply-chain role.
Use a compact PSTI workflow that captures product scope, role, password control, vulnerability disclosure route, support-period information, statement-of-compliance approval, and OPSS escalation path.
The output should be a product-scope note, statement-of-compliance pack, supplier attestation, customer-facing support-period notice, or OPSS response record.
Use this UK PSTI Product Security guide to turn Relevant Connectable Product Scope into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.
Turn Relevant Connectable Product Scope into scoped questions, evidence fields, and review tasks.
Use Research Copilot to answer follow-up questions with cited source material.
Review scope, evidence, owners, and the next compliance actions with Sorena.
"This document provides guidance on regulatory activities, enforcement, and related resources for the Product Security and Telecommunications Infrastructure"
"non-compliance under the PSTI Act"
"The government has been working with the tech industry to better secure consumer connectable products for several years"
"security requirements for relevant connectable products"
"This is a UK government guidance page about the PSTI Product Security regime and compliance requirements"