Role GuideSupply Chain Duties

Manufacturer Importer Distributor Roles

Role mapping is where many PSTI programs become inaccurate.

The regime imposes related but distinct duties on manufacturers, importers, and distributors, especially after a compliance failure appears.

Back to main artifactReview sources
Author
Sorena AI
Published
Feb 22, 2026
Updated
Feb 22, 2026
Sections
3

Structured answer sets in this page tree.

Primary sources
2

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Feb 22, 2026
Updated Feb 22, 2026
Overview

The Act defines relevant persons to include manufacturers, importers, and distributors. Each role has its own entry duties, statement or deemed-compliance handling expectations, and post-market compliance-failure duties. Those duties should be reflected in contracts, playbooks, and incident response paths.

Section 1

Manufacturers carry the main product and statement burden

Manufacturers must comply with the relevant security requirements where the Act says the duty is engaged. They also control the statement-of-compliance position or, where applicable, the newer Schedule 2A deemed-compliance position for the UK market.

That means the manufacturer needs the strongest engineering and evidence link to the product itself.

  • Own the three mandatory security requirements
  • Prepare the statement or compliant summary path, or maintain the Schedule 2A evidence route where applicable
  • Maintain the product evidence file and support-period source of truth
Section 2

Importers and distributors have their own gatekeeping duties

Importers and distributors are not passive logistics roles under PSTI. For most products they must not make products available in the UK unless the statement or summary conditions are met, but sections 15(5) and 22(3) switch the check to satisfaction of the specified deemed-compliance conditions where a section 9(7) route applies. They also have action duties when compliance failures surface.

These checks should sit in onboarding, sourcing, and release-to-channel controls.

  • Verify statement availability or satisfaction of the applicable deemed-compliance conditions before UK placement
  • Escalate suspected compliance failures quickly
  • Stop supply where the law requires all reasonable steps to prevent further availability
Section 3

Post-market compliance-failure handling is shared and time-sensitive

The Act sets out contact, notification, and recordkeeping duties when manufacturers, importers, or distributors become aware of compliance failures. These provisions are important because many real cases begin after launch rather than before it.

The supply-chain response should therefore be pre-agreed before a failure occurs.

  • Create one compliance-failure contact tree across the UK supply chain
  • Record what was known, by whom, and what remedial steps were taken
  • Keep distributor and importer notification templates ready for use
Recommended next step

Use Manufacturer Importer Distributor Roles as a cited research workflow

Research Copilot can take Manufacturer Importer Distributor Roles from clarifying scope and applicability with cited answers to a reusable workflow inside Sorena. Teams working on Manufacturer Importer can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow
Open Research Copilot for Manufacturer Importer Distributor Roles

Start from Manufacturer Importer Distributor Roles and answer scope, timing, and interpretation questions with cited outputs.

Explore next step
Talk to Sorena
Talk through Manufacturer Importer

Review your current process, evidence gaps, and next steps for Manufacturer Importer Distributor Roles.

Explore next step
Primary sources

References and citations

Related guides

Explore more topics

UK PSTI Act Applicability Test | Relevant Connectable Product Scope and Exclusions
Grounded UK PSTI applicability test covering section 4 relevant connectable product logic, internet-connectable and network-connectable products.
UK PSTI Act Checklist | Scope, Statements, Security Controls, and Records
Audit-ready UK PSTI checklist covering product scope, role allocation, the three mandatory security requirements, statement of compliance handling, retention.
UK PSTI Act Compliance Program | Product Security Governance and OPSS Readiness
Program design guide for UK PSTI compliance covering product scope, engineering controls, statement governance, supply-chain checks.
UK PSTI Act Deadlines and Compliance Calendar | Royal Assent, Commencement, and Review Dates
Grounded UK PSTI calendar covering 6 December 2022 Royal Assent, 29 April 2024 commencement, and the 2025 amendments now in force.
UK PSTI Act FAQ | Scope, Statements, Support Periods, and OPSS Questions
Practical FAQ on the UK PSTI regime covering product scope, the three mandatory requirements, statement of compliance issues, role duties, retention.
UK PSTI Act Requirements | Mandatory Security Duties, Statements, and Records
Detailed UK PSTI requirements guide covering the three mandatory security requirements, statement and deemed-compliance rules, and retention periods where the statement route applies.
UK PSTI OPSS Enforcement and Penalties | Risk Based Intervention and Escalation
Grounded OPSS enforcement guide for the UK PSTI regime covering risk-based and proportionate intervention, escalating enforcement, evidence expectations.
UK PSTI Password and Update Policy Requirements | Default Passwords, Disclosure, and Support Period
Grounded guide to UK PSTI password and update obligations covering unique or user-defined credentials, public vulnerability disclosure information.
UK PSTI Penalties and Fines | Financial and Operational Exposure
Practical guide to UK PSTI penalties and enforcement exposure covering why statement defects, support-period mismatches.
UK PSTI Relevant Connectable Products Scope | Internet Connectable, Network Connectable, and Exclusions
Detailed scope guide for UK PSTI relevant connectable products covering section 4 and 5 definitions, internet-connectable products.
UK PSTI Security Requirements in Practice | Engineering and Support Implementation
Operational guide for implementing UK PSTI security requirements in practice across engineering, firmware, support, vulnerability handling.
UK PSTI Statement of Compliance and Evidence | Statements, Summaries, and Retention
Grounded guide to UK PSTI statement-of-compliance obligations covering section 9, Schedule 2A alternatives, minimum information, and retention where the statement route applies.
UK PSTI Statement of Compliance Template | Drafting Pattern and Evidence Inputs
Practical UK PSTI statement of compliance template guide covering product identification, applicable requirements, defined support period, drafting controls.
UK PSTI vs EU Cyber Resilience Act | Product Scope, Duties, and Evidence Differences
Practical comparison of the UK PSTI regime and the EU Cyber Resilience Act covering product scope, baseline security duties, vulnerability handling.