Collection

Secure by design

The government is working to protect UK citizens and businesses from the threats posed by poorly secured consumer connectable products (also known as 'IoT' or 'smart' devices.)

Key announcements

The UK’s consumer connectable product security regime will come into effect on 29 April 2024. Businesses which are involved in the supply chains of these products will need to be compliant with the new regime from 29 April 2024. The government has published the full details of the legislative framework here.

We all increasingly rely on consumer connectable products to socialise, work and live our lives. Consumers and businesses should be able to trust that those products – whether they be watches, speakers, doorbells or baby monitors – are designed and built securely.

The UK government deeply values the benefits technology and greater connectivity can bring to our economy and society. However, we recognise action needs to be taken to address the risks to individuals, businesses, and the wider economy which inadequately secure consumer connectable products (or consumer “IoT” products) can represent.

The UK has led the world in addressing these risks through the development of the Product Security and Telecommunications Infrastructure (PSTI) Act. From the 29 April 2024, UK law will mandate that manufacturers of consumer connectable products comply with baseline security requirements based on the UK Code of Practice for Consumer IoT security, and the leading global standard for consumer IoT security, ETSI EN 303 645.

When this regime comes into effect, consumers and businesses who purchase new connectable products will benefit from world-leading security protections from the threat of cyber crime.

Legislation

The government has published the full details of the UK consumer connectable product security legislation that will come into effect on 29 April 2024.

Resources for consumers

All you need to understand about the government’s guidelines on consumer connectable product security.

Consumer connectable product security guidance

All you need to understand about the government’s guidelines on consumer connectable product security.

Policy context, rationale, consultations and evidence

Published 28 February 2019
Last updated 29 April 2023 + show all updates
  1. Updated to incorporate the new Product Security & Telecommunications Infrastructure Act, which has now become law and sets new security requirements for consumer internet-connected devices.

  2. Added details of the government response to the call for views, which was published on 21 April 2021, as well as new research reports.

  3. Updated to include call for views on proposals for regulating consumer smart device cyber security and new research documents.

  4. Added Pledges from industry to implement IoT Security Code of Practice.

  5. Added link to Government and tech industry collaborate to improve cyber security of IoT devices to the For manufacturers and retailers section.

  6. Added details of the consultation on the Government’s regulatory proposals regarding consumer Internet of Things (IoT) security.

  7. First published.