---
title: "UK PSTI Supply Chain Roles"
canonical_url: "https://www.sorena.io/artifacts/uk/psti-act/supply-chain-roles-manufacturer-importer-distributor"
source_url: "https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/supply-chain-roles-manufacturer-importer-distributor"
author: "Sorena AI"
description: "Grounded guide to UK PSTI supply-chain roles covering manufacturer, importer, and distributor duties, statement handling, compliance-failure escalation."
published_at: "2026-02-22"
updated_at: "2026-02-22"
keywords:
  - "UK PSTI manufacturer duties"
  - "UK PSTI importer duties"
  - "UK PSTI distributor duties"
  - "compliance failure PSTI"
  - "manufacturer duties"
  - "importer duties"
  - "distributor duties"
  - "supply chain roles"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# UK PSTI Supply Chain Roles

Grounded guide to UK PSTI supply-chain roles covering manufacturer, importer, and distributor duties, statement handling, compliance-failure escalation.

*Role Guide* *Supply Chain Duties*

## Manufacturer Importer Distributor Roles

Role mapping is where many PSTI programs become inaccurate.

The regime imposes related but distinct duties on manufacturers, importers, and distributors, especially after a compliance failure appears.

The Act defines relevant persons to include manufacturers, importers, and distributors. Each role has its own entry duties, statement or deemed-compliance handling expectations, and post-market compliance-failure duties. Those duties should be reflected in contracts, playbooks, and incident response paths.

## Manufacturers carry the main product and statement burden

Manufacturers must comply with the relevant security requirements where the Act says the duty is engaged. They also control the statement-of-compliance position or, where applicable, the newer Schedule 2A deemed-compliance position for the UK market.

That means the manufacturer needs the strongest engineering and evidence link to the product itself.

- Own the three mandatory security requirements
- Prepare the statement or compliant summary path, or maintain the Schedule 2A evidence route where applicable
- Maintain the product evidence file and support-period source of truth

## Importers and distributors have their own gatekeeping duties

Importers and distributors are not passive logistics roles under PSTI. For most products they must not make products available in the UK unless the statement or summary conditions are met, but sections 15(5) and 22(3) switch the check to satisfaction of the specified deemed-compliance conditions where a section 9(7) route applies. They also have action duties when compliance failures surface.

These checks should sit in onboarding, sourcing, and release-to-channel controls.

- Verify statement availability or satisfaction of the applicable deemed-compliance conditions before UK placement
- Escalate suspected compliance failures quickly
- Stop supply where the law requires all reasonable steps to prevent further availability

## Post-market compliance-failure handling is shared and time-sensitive

The Act sets out contact, notification, and recordkeeping duties when manufacturers, importers, or distributors become aware of compliance failures. These provisions are important because many real cases begin after launch rather than before it.

The supply-chain response should therefore be pre-agreed before a failure occurs.

- Create one compliance-failure contact tree across the UK supply chain
- Record what was known, by whom, and what remedial steps were taken
- Keep distributor and importer notification templates ready for use

*Recommended next step*

*Placement: after the scope or definition section*

## Use Manufacturer Importer Distributor Roles as a cited research workflow

Research Copilot can take Manufacturer Importer Distributor Roles from clarifying scope and applicability with cited answers to a reusable workflow inside Sorena. Teams working on Manufacturer Importer can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Research Copilot for Manufacturer Importer Distributor Roles](/solutions/research-copilot.md): Start from Manufacturer Importer Distributor Roles and answer scope, timing, and interpretation questions with cited outputs.
- [Talk through Manufacturer Importer](/contact.md): Review your current process, evidence gaps, and next steps for Manufacturer Importer Distributor Roles.

## Primary sources

- [Product Security and Telecommunications Infrastructure Act 2022](https://www.legislation.gov.uk/ukpga/2022/46/contents?ref=sorena.io) - Primary legislation for relevant connectable products, role duties, statements of compliance, compliance failures, and enforcement powers.
- [PSTI Security Requirements for Relevant Connectable Products Regulations 2023](https://www.legislation.gov.uk/uksi/2023/1007/contents?ref=sorena.io) - Regulations that specify the three mandatory security requirements, current deemed-compliance routes, excepted products, statement-of-compliance details, and retention periods.

## Related Topic Guides

- [UK PSTI Act Applicability Test | Relevant Connectable Product Scope and Exclusions](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/applicability-test.md): Grounded UK PSTI applicability test covering section 4 relevant connectable product logic, internet-connectable and network-connectable products.
- [UK PSTI Act Checklist | Scope, Statements, Security Controls, and Records](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/checklist.md): Audit-ready UK PSTI checklist covering product scope, role allocation, the three mandatory security requirements, statement of compliance handling, retention.
- [UK PSTI Act Compliance Program | Product Security Governance and OPSS Readiness](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/compliance.md): Program design guide for UK PSTI compliance covering product scope, engineering controls, statement governance, supply-chain checks.
- [UK PSTI Act Deadlines and Compliance Calendar | Royal Assent, Commencement, and Review Dates](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/deadlines-and-compliance-calendar.md): Grounded UK PSTI calendar covering 6 December 2022 Royal Assent, 29 April 2024 commencement, and the 2025 amendments now in force.
- [UK PSTI Act FAQ | Scope, Statements, Support Periods, and OPSS Questions](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/faq.md): Practical FAQ on the UK PSTI regime covering product scope, the three mandatory requirements, statement of compliance issues, role duties, retention.
- [UK PSTI Act Requirements | Mandatory Security Duties, Statements, and Records](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/requirements.md): Detailed UK PSTI requirements guide covering the three mandatory security requirements, statement and deemed-compliance rules, and retention periods where the statement route applies.
- [UK PSTI OPSS Enforcement and Penalties | Risk Based Intervention and Escalation](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/opss-enforcement-and-penalties.md): Grounded OPSS enforcement guide for the UK PSTI regime covering risk-based and proportionate intervention, escalating enforcement, evidence expectations.
- [UK PSTI Password and Update Policy Requirements | Default Passwords, Disclosure, and Support Period](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-password-and-update-policy-requirements.md): Grounded guide to UK PSTI password and update obligations covering unique or user-defined credentials, public vulnerability disclosure information.
- [UK PSTI Penalties and Fines | Financial and Operational Exposure](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/penalties-and-fines.md): Practical guide to UK PSTI penalties and enforcement exposure covering why statement defects, support-period mismatches.
- [UK PSTI Relevant Connectable Products Scope | Internet Connectable, Network Connectable, and Exclusions](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/relevant-connectable-products-scope.md): Detailed scope guide for UK PSTI relevant connectable products covering section 4 and 5 definitions, internet-connectable products.
- [UK PSTI Security Requirements in Practice | Engineering and Support Implementation](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/security-requirements-in-practice.md): Operational guide for implementing UK PSTI security requirements in practice across engineering, firmware, support, vulnerability handling.
- [UK PSTI Statement of Compliance and Evidence | Statements, Summaries, and Retention](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/statement-of-compliance-and-evidence.md): Grounded guide to UK PSTI statement-of-compliance obligations covering section 9, Schedule 2A alternatives, minimum information, and retention where the statement route applies.
- [UK PSTI Statement of Compliance Template | Drafting Pattern and Evidence Inputs](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-statement-of-compliance-template.md): Practical UK PSTI statement of compliance template guide covering product identification, applicable requirements, defined support period, drafting controls.
- [UK PSTI vs EU Cyber Resilience Act | Product Scope, Duties, and Evidence Differences](/artifacts/uk/product-security-and-telecommunications-infrastructure-act/psti-vs-eu-cyber-resilience-act.md): Practical comparison of the UK PSTI regime and the EU Cyber Resilience Act covering product scope, baseline security duties, vulnerability handling.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/uk/product-security-and-telecommunications-infrastructure-act/supply-chain-roles-manufacturer-importer-distributor