Collection

Secure by design

The government is working to protect UK citizens and businesses from the threats posed by poorly secured consumer connectable products (also known as 'IoT' or 'smart' devices.)

• From: Department for Science, Innovation and Technology
• Published: 28 February 2019
• Last updated: 2 May 2024 — See all updates

Key announcements

The UK’s consumer connectable product security regime came into effect on 29 April 2024.

Read the press notice here.

Businesses involved in the supply chains of these products now need to be compliant with the new regime. The government has published the full details of the legislative framework here.

We all increasingly rely on consumer connectable products to socialise, work and live our lives. Consumers and businesses should be able to trust that those products – whether they be watches, speakers, doorbells or baby monitors – are designed and built securely.

The UK government deeply values the benefits technology and greater connectivity can bring to our economy and society. However, we recognise action needs to be taken to address the risks to individuals, businesses, and the wider economy which inadequately secure consumer connectable products (or consumer “IoT” products) can represent.

The UK has led the world in addressing these risks through the development of the Product Security and Telecommunications Infrastructure (PSTI) Act. From the 29 April 2024, UK law mandates that manufacturers of consumer connectable products comply with baseline security requirements based on the UK Code of Practice for Consumer IoT security, and the leading global standard for consumer IoT security, ETSI EN 303 645.

Consumers and businesses who purchase new connectable products now benefit from world-leading security protections from the threat of cyber crime.

Legislation

The government has published the full details of the UK consumer connectable product security legislation that will come into effect on 29 April 2024.

• The UK Product Security and Telecommunications Infrastructure (Product Security) regime
  • 2 May 2024
  • Guidance

Resources for consumers

All you need to understand about the government’s guidelines on consumer connectable product security.

• New laws to protect consumers from cyber criminals come into force in the UK
  • 29 April 2024
  • Press release
• Smart devices: using them safely in your home
  • 2 May 2024
  • Guidance

Consumer connectable product security guidance

All you need to understand about the government’s guidelines on consumer connectable product security.

• ETSI industry standard based on the Code of Practice
  • 16 July 2020
  • Guidance
• Code of Practice for Consumer IoT Security
  • 14 October 2018
  • Guidance
• Code of Practice for Consumer IoT Security - international versions
  • 14 October 2018
  • Guidance
• Mapping of IoT security recommendations, guidance and standards
  • 14 October 2018
  • Guidance
• Government and tech industry collaborate to improve cyber security of IoT devices
  • 21 May 2019
  • News story
• Pledges from industry to implement the Code of Practice for Consumer IoT Security
  • 14 October 2018
  • Guidance

Policy context, rationale, consultations and evidence

Read about the context underpinning the government’s consumer connectable product security policy.

The UK Code of Practice for Consumer IoT Cybersecurity - The PETRAS National Centre of Excellence / Department of Science, Technology, Engineering, and Public Policy (STEaPP) University College London

21 April 2021 Research

---

Consumer Attitudes Towards IoT Security - Ipsos MORI

21 April 2021 Research

---

Framing the Nature and Scale of Cyber Security Vulnerabilities within the Current Consumer IoT Landscape - Centre for Strategy & Evaluation Services

16 July 2020 Research

---

Evidencing the cost of the UK Government’s Proposed Regulatory Interventions for Consumer IoT Products - RSM UK Consulting LLP

16 July 2020 Research

---

Technical report - Evidencing the cost of the UK Government’s Proposed Regulatory Interventions for Consumer IoT Products - RSM UK Consulting LLP

16 July 2020 Research

• Grant Programme for Consumer IoT Assurance Schemes 2020/21
  • 14 June 2021
  • Guidance
• Regulating consumer smart product cyber security - government response
  • 21 April 2021
  • Policy paper
• Proposals for regulating consumer smart product cyber security - call for views
  • 1 October 2020
  • Policy paper
• Consultation on regulatory proposals on consumer IoT security
  • 3 February 2020
  • Consultation outcome
• Secure by Design report
  • 7 March 2018
  • Policy paper
• Government response to the Secure by Design informal consultation
  • 14 October 2018
  • Policy paper
• Rapid evidence assessment on labelling schemes for IoT security
  • 14 October 2018
  • Policy paper
• Summary literature review on IoT security
  • 7 March 2018
  • Guidance

Published 28 February 2019
Last updated 2 May 2024 + show all updates

1. 2 May 2024

   The product security regime is now law. This page has been updated to reflect that, and to add links to the press notice and other relevant documents.

2. 29 April 2023

   Updated to incorporate the new Product Security & Telecommunications Infrastructure Act, which has now become law and sets new security requirements for consumer internet-connected devices.

3. 21 April 2021

   Added details of the government response to the call for views, which was published on 21 April 2021, as well as new research reports.

4. 16 July 2020

   Updated to include call for views on proposals for regulating consumer smart device cyber security and new research documents.

5. 6 June 2019

   Added Pledges from industry to implement IoT Security Code of Practice.

6. 21 May 2019

   Added link to Government and tech industry collaborate to improve cyber security of IoT devices to the For manufacturers and retailers section.

7. 1 May 2019

   Added details of the consultation on the Government’s regulatory proposals regarding consumer Internet of Things (IoT) security.

8. 28 February 2019

   First published.