Connected devices MUST comply from April 29th
On April 29th 2024, the UK will make history as the first country in the world to introduce ground-breaking protections for consumers using connectable devices, from smart phones and games consoles to smart doorbells, connected appliances and home systems.
The regulatory regime, introduced through the Product Security and Telecommunications Infrastructure Act (PSTI) 2022 and the PSTI Regulations 2023, will position the UK as the global pioneer in enforcing new minimum cyber security standards, signalling a substantial leap forward in consumer protection.
The Act and Regulations introduce a raft of new, common-sense protections like eliminating universal and easily guessable default passwords, providing a way to report issues to the manufacturers and ensuring manufacturers are transparent about how long a product will receive security updates. Manufacturers, retailers and importers of smart devices must now ensure they comply with the law and all products must carry a ‘Statement of Compliance’ at all stages of the supply chain.
Unsure if your company or your products are in scope? Need help from the experts to guarantee your compliance and continued access to the UK market? Want to avoid a £10m penalty (or 4% of global turnover whichever is greater) if you aren’t compliant after April 29th? Get in touch today and we can help immediately with a free call with one of our dedicated experts.
Compliance deadline announced
Following the introduction of the Product Security and Telecommunications Bill last December, the UK Government has now set a date for when new cyber security regulations will apply to connectable products.
Businesses involved in the supply chains of connectable will need to be compliant with the new regime from the 29th April 2024. Failure to comply with the requirements could result in products not being able to access the UK market and/or fines impacting global turnover.
This is in addition to EU market access requirements which are coming in from the 1st of August 2024 via the Radio Equipment Directive (RED).
SafeShark’s testing and certification service backed by the British Standards Institute (BSI) provides a complete one-stop route to compliance for both the UK and EU markets.
SafeShark has been working with NCSC and UK Government since the outset of the Secure By Design initiative and is also active in standards bodies writing the requirements that underpins the legislation – ETSI EN 303 645.
We are trusted by major brands such as LG who have certified their TV platforms via SafeShark. To find out more and start your compliance get in touch today.
Full details on the UK requirements can be read here.
57% of all connected devices vulnerable to medium-high severity attacks
Members of the UK House of Commons Digital, Culture, Media and Sport Committee are to investigate the dangers posed by hostile and criminal actors to connected technology, a branch which ranges from virtual assistants, smart appliances and wearable devices to smart homes and cities. Despite being used in homes, cities, businesses, and hospitals, research has found that 57 per cent of all connected devices were vulnerable to medium- or high-severity attacks.
Read more here.
SafeShark selected for DCMS accelerator programme
Some great news to kick off the week... we're delighted to be able to announce that SafeShark has won a coveted place on the Department for Digital, Culture, Media and Sport (DCMS) funded Cyber Runway accelerator programme! ✨🎈🎉
We are beyond thrilled to be joining such an amazing 'Grow' cohort and we can't wait to get started!
Find out more about the scheme here. And don't forget to follow us on Linkedin and Twitter to see more about what we are doing and how we can help your business.
SafeShark selected as finalist in DCMS ‘Most Innovative Cyber SME 2022’ competition
SafeShark has been selected as one of the UK’s 14 most creative and original information security businesses in the UK.
SafeShark, a Joint Venture between DTG Testing and Connect Devices, backed by BSI to provide the leading independent certification for new IoT cybersecurity standards, has been shortlisted in the UK’s Most Innovative Cyber SME 2022 contest, run by the Department for Digital, Culture, Media & Sport (DCMS) in partnership with Infosecurity Europe.
As a finalist, SafeShark will have a stand (M96) in the DCMS Cyber Innovation Zone at InfoSecurity Europe 2022 (21-23 June at ExCeL London) where we’ll be demo-ing the SafeShark objective and continuous testing to meet the new upcoming legislative requirements, backed by BSI certification to turn compliance into competitive edge.
A full list of 2022 finalists can be found here.
This is the seventh year the competition has been run, and is open to micro, small and medium cybersecurity businesses registered in the UK. The overall winner will be announced live on the Innovation Showcase stage at the show. Visitor registration is open here.
Commenting on the news, SafeShark Director and DTG CEO Richard Lindsay-Davies said: “We are delighted that SafeShark has been recognised as one of the most important innovations in the cyber security space. The legislation that is now before Parliament is designed to add a layer of protection for consumers in their own homes. This award underlines that SafeShark goes beyond those mandated requirements to demonstrate to retailers and their consumers that device manufacturers have really gone the extra mile to keep their customers safe.”
Record levels of investment into UK’s cyber security sector
New government data shows that 1,800 UK-registered cyber security firms have generated a total of £10.1bn in revenue in the most recent financial year, a massive 14% increase from the previous financial year. The DCMS Annual Cyber Sector Report, which tracks the growth and performance of the UK cyber security sector, reveals the industry contributed around £5.3bn to the UK economy in 2021, rising from the previous year’s figure of £4bn.
More than £1bn of external investment for these UK cyber security firms was secured across 84 deals. Employment across the industry also grew by 13%, with more than 6,000 new jobs added to the UK’s 50,000-strong cyber workforce.
“Cyber security firms are major contributors to the UK’s incredible tech success story. Hundreds of British firms from Edinburgh to Bristol are developing and selling cutting-edge cyber tools around the world that make it safer for people to live and work online. We are investing in skills training and business initiatives to help the UK go from strength to strength as a global cyber power and open up the sector to people from all walks of life.”
Nadine Dorries, Digital Secretary
Read the full release here
New laws proposed by DCMS to strengthen UK resilience to cyber attacks
DCMS has launched two consultations seeking the public’s views on new proposals stated to improve the UK’s resilience to cyber attacks.
The following statement was released by the Minister for Media, Data and Digital Infrastructure:
"It is vital that cyber security is a fundamental part of our country’s digital transformation journey."
Julia Lopez
Minister for Media, Data and Digital Infrastructure
DCMS have presented three pillars, each one representing a challenge the country faces with cyber security. These are:
- Proposals to amend provisions relating to digital service providers
- Proposals to future-proof the UK NIS regulations
- Empowering the cyber security profession
These pillars with be addressed through two separate consultations. The first looks at the first two challenges and aims to create a comprehensive framework for managed services and upgrading security legislation so the country can more easily manage future risks. The second focuses on embedding the standards and pathways across the cyber profession by 2025. These consultations close at 11:45pm on Sunday 10 April 2022, and 11:45pm on Sunday 20 March 2022, respectively.
The full press release can be read here.