SafeShark Exposes Alarming Non-compliance Rates in Connected Consumer Devices

Following this week’s conformance deadline (April 29^th), SafeShark, the leading authority in connected product testing, has conducted analysis of more than 100 connected consumer devices currently on the market. The results show that a staggering three-quarters of these devices are still not compliant with the legal requirements set out in the Product Security and Telecoms Infrastructure Act.

SafeShark's testing revealed the concerning statistic that 92 of the 124 products (74%) we have checked in the past 24 hours fail to meet the necessary requirements. Plus,

Only 41% of the manufacturer websites had information about their vulnerability disclosure process - which is a mandatory provision in the legislation;
Only one quarter of product websites had the PSTI standard security support date mentioned for the product. Interestingly, 10% of products had PSTI information but did not quote the security support period as specified by the Act.

The findings underscore the urgent need for manufacturers, retailers, and distributors to prioritise compliance to ensure consumer safety and satisfaction.

Non-compliance carries potentially severe penalties, including withdrawal from UK market access and fines of £10m or 4% of global turnover, whichever is higher. That’s before any legal repercussions or damage to brand reputation. As consumers increasingly rely on connected devices in their daily lives, it is imperative for businesses to uphold the standards of quality and safety set out in the legislation as a minimum.

Commenting on the results, SafeShark Director Alex Buchan said: "The level of non-compliance we've uncovered is deeply concerning. It's clear that many manufacturers are falling short in meeting the essential requirements for connected consumer devices. The legislation provides businesses with explicit guidance on what compliance entails, and the OPSS can enforce stringent penalties against companies that fail to adhere to these regulations. We urge all stakeholders in the industry to take immediate action to address these issues."

SafeShark stands ready to assist manufacturers, retailers, and distributors in navigating the complexities of compliance and ensuring their products meet the necessary standards. By partnering with SafeShark, businesses can streamline their compliance journey and safeguard their reputation in the marketplace.

For more information on SafeShark's testing services and how we can help your business achieve compliance please contact our team directly.

Beko selects SafeShark as ‘clear choice’ for compliance partner

Beko is the latest brand to demonstrate its connected device compliance using SafeShark’s proprietary PSTI testing – the quick, simple way to prove products are in line with legislation before the April 29^th conformance deadline.

“Working with SafeShark has been a great experience for us at Beko,” said Arcelik Head of IoT Security Çağatay Büyüktopçu. “As pioneers in IoT Cyber Security, ensuring compliance with PSTI is paramount for our business. SafeShark's dedication to device security aligns perfectly with our values, and their 'as-a-service' model provides us with the peace of mind for ongoing and continuous compliance.”

“From the outset, their agility and enthusiasm for IoT security stood out, making them the clear choice for our strategic partnership. SafeShark's fast response times, flexibility, and excellent communication have made them a trusted ally in securing our IoT products in line with the new legislation. We wholeheartedly recommend SafeShark to any organisation seeking a reliable and efficient compliance partner for connected devices.”

Manufacturers, distributors and retailers now have less than two months to ensure all connected consumer devices they sell meet the new legislative requirements. From April 29^th this year they risk fines of up to £10m or 4% of global turnover (whichever is larger) and losing access to the UK market.

SafeShark’s quick, simple testing service ensures that won’t happen, issuing the government-mandated Statement of Compliance that must stay with the product throughout every stage of the distribution chain. Plus, thanks to our ongoing monitoring service, we can ensure that compliance throughout the lifetime of the product.

Beko is just one of the international brands passing their compliance burden to us to take care of, including the likes of LG, Philips, Lutron, Panasonic and many more.

Get in touch today and talk to one of our experts who can help determine if you’re in scope and what your next steps need to be.

Connected devices MUST comply from April 29th

On April 29^th 2024, the UK will make history as the first country in the world to introduce ground-breaking protections for consumers using connectable devices, from smart phones and games consoles to smart doorbells, connected appliances and home systems.  

The regulatory regime, introduced through the Product Security and Telecommunications Infrastructure Act (PSTI) 2022 and the PSTI Regulations 2023, will position the UK as the global pioneer in enforcing new minimum cyber security standards, signalling a substantial leap forward in consumer protection.

The Act and Regulations introduce a raft of new, common-sense protections like eliminating universal and easily guessable default passwords, providing a way to report issues to the manufacturers and ensuring manufacturers are transparent about how long a product will receive security updates.  Manufacturers, retailers and importers of smart devices must now ensure they comply with the law and all products must carry a ‘Statement of Compliance’ at all stages of the supply chain.

Unsure if your company or your products are in scope? Need help from the experts to guarantee your compliance and continued access to the UK market? Want to avoid a £10m penalty (or 4% of global turnover whichever is greater) if you aren’t compliant after April 29^th? Get in touch today and we can help immediately with a free call with one of our dedicated experts.

Recording: DSIT and OPSS enforcement update

In this SafeShark webinar with the Department for Science, Innovation and Technology (DSIT), and the Office for Product Safety & Standards (OPSS) - the enforcement authority responsible for ensuring compliance with the PSTI regulations on behalf of DSIT - we asked those responsible for shaping the legislation, driving device safety and enforcing compliance to answer your questions.

Watch the recording of this insightful and lively session below.

The government-mandated deadline for compliance is April 29th 2024, with potential enforcement action including fines for those that fail to act set at £10million or 4% of global turnover – whichever is greater.

So, if you manufacture a consumer device that connects to the internet, or to other devices that connect to the internet (both wired and wireless), you need to act now. And SafeShark is here to help.

SafeShark selected for DSIT-funded cyber accelerator for second year running

SafeShark is delighted to have been selected for the DSIT-funded Cyber Runway scheme as part of the ‘Scale’ cohort of innovative cyber companies for 2024/25.

The largest cyber accelerator in the UK, Cyber Runway is part of the government’s £2.6bn National Cyber Strategy to protect and promote the UK online. The scheme is designed to address the biggest challenges facing cyber security by supporting the most promising innovators at various stages of growth. This includes an objective to strengthen the UK cyber security ecosystem and ensure we have a sustainable, innovative, and internationally competitive cyber and information security sector.

Having been selected as one of the ‘Grow’ cohort last year, it is a mark of SafeShark’s genuine innovation and standing in the market that it has again been selected as one of the most innovative SME’s operating in cyber security today – this year as part of the ‘Scale’ group.

SafeShark Director Alex Buchan said: “To have been selected for this fantastic scheme for a second time really is a badge of honour for SafeShark. It comes at a crucial time for us and for industry as the April 2024 compliance deadline races towards all manufacturers of connected devices.

“Being part of this scheme with other innovators in the cyber space ensures we are in the very best company with access to premium support, which in turn helps us support our customers. And it is a clear endorsement of SafeShark’s innovation, cyber credentials and credibility.”

Saj Huq, CCO and Head of Innovation at Plexal, commented: “We’re excited to welcome two cohorts to Cyber Runway’s Grow and Scale streams, helping some of the UK’s most promising young companies to develop their technologies, and in turn strengthen the UK’s digital economy and drive greater cyber resilience.”

In the UK the Product Security and Telecoms Infrastructure (PSTI) Bill is now law. All manufacturers of connected devices are legally obliged to comply with the new legislation by April 29th 2024.

SafeShark is the only PSTI and RED compliance specialist in the market. A joint venture between DTG Testing and Connect Devices and backed by BSI, we deliver UK and EU market access to consumer electronic devices through independent PSTI and RED compliance testing.

Our mission is clear: to grant swift and hassle-free access to UK and EU markets through our simple, trusted and continuous compliance testing. Download our guide to cyber security compliance here.

Compliance deadline announced

Following the introduction of the Product Security and Telecommunications Bill last December, the UK Government has now set a date for when new cyber security regulations will apply to connectable products.

Businesses involved in the supply chains of connectable will need to be compliant with the new regime from the 29th April 2024. Failure to comply with the requirements could result in products not being able to access the UK market and/or fines impacting global turnover.

This is in addition to EU market access requirements which are coming in from the 1st of August 2024 via the Radio Equipment Directive (RED).

SafeShark’s testing and certification service backed by the British Standards Institute (BSI) provides a complete one-stop route to compliance for both the UK and EU markets.

SafeShark has been working with NCSC and UK Government since the outset of the Secure By Design initiative and is also active in standards bodies writing the requirements that underpins the legislation – ETSI EN 303 645.

We are trusted by major brands such as LG who have certified their TV platforms via SafeShark. To find out more and start your compliance get in touch today.

Full details on the UK requirements can be read here.

PSTI bill introduced to parliament for second reading

The Product Security and Telecommunications Infrastructure Bill has its second reading today, 26 January 2022. The bill would make provisions about the security of internet-connectable products and products capable of connecting to such products; to make provision about electronic communications infrastructure; and for connected purposes.

The Bill would:

Allow the Secretary of State to make regulations to introduce mandatory
security requirements for connectable products sold in the UK; and

Make changes to the electronic communications code which governs the
rights of telecoms companies to install infrastructure on land.

This briefing explains the background and main provisions of the Product Security and Telecommunications Infrastructure Bill 2021-22.

Read it in full here.