Relevant Connectable Products Scope decisions under UK PSTI Product Security should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed.
Use this guide to turn official requirements into scope, evidence, owner, and review decisions. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation.
Structured answer sets in this page tree.
Cited legal and guidance references.
This page helps you determine which UK PSTI Product Security duties apply, who owns each action, required evidence, and the review path for escalation decisions.
Start by deciding whether the product is a relevant connectable product and which manufacturer, importer, distributor, statement-of-compliance, vulnerability-disclosure, password, support-period, or OPSS enforcement duty is triggered. The useful answer should name the exact trigger, affected product or process, required action, owner, evidence, and escalation point.
Keep the legal source, product-scope decision, manufacturer/importer/distributor role, statement of compliance, and technical evidence together so OPSS-facing records are reviewable.
Ownership should sit with the team that controls product design, supply-chain placement, importer/distributor checks, or customer security information, with legal and product-security review.
Evidence should show relevant-connectable-product scope, default-password controls, vulnerability disclosure channel, minimum support period, statement of compliance, supply-chain role checks, and OPSS notice response readiness.
Most PSTI mistakes happen at the boundary between manufacturer, importer and distributor duties, excepted products, bundled products, support-period statements, and evidence that does not match the shipped product.
Use this section before UK market placement, importer onboarding, distributor acceptance, or support-period publication so the evidence matches the actual product and supply-chain role.
Use a compact PSTI workflow that captures product scope, role, password control, vulnerability disclosure route, support-period information, statement-of-compliance approval, and OPSS escalation path.
The output should be a product-scope note, statement-of-compliance pack, supplier attestation, customer-facing support-period notice, or OPSS response record.
Use this UK PSTI Product Security guide to turn Relevant Connectable Products Scope into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.
Turn Relevant Connectable Products Scope into scoped questions, evidence fields, and review tasks.
Use Research Copilot to answer follow-up questions with cited source material.
Review scope, evidence, owners, and the next compliance actions with Sorena.
"Economic actors seeking to determine whether a product is a "relevant connectable product" should therefore review the definitions of "internet-connectable product" and "network-connectable product""
"Consumer connectable product security regulations"
"manufacturers of consumer connectable products who sell to UK consumers comply with baseline security requirements"
"Types of product that may be relevant connectable products"
"Products excepted from being relevant connectable products"