UK leads global charge on connected device security

The UK has cemented its role as a global leader in connected device security, with new agreements announced during Singapore International Cyber Week set to align international standards and boost consumer protection.

Under a major deal between the UK and Singapore, devices meeting Singapore’s cybersecurity standards will now be recognised under the UK’s Product Security and Telecommunications Infrastructure (PSTI) regime – the world’s first legislation to introduce minimum cyber requirements for consumer devices.

The PSTI regime, built on the ETSI EN 303 645 standard, mandates key protections such as banning default passwords and ensuring transparency over software update support. This alignment will simplify compliance, reduce costs, and accelerate the rollout of secure products globally.

The announcement forms part of a wider Global Cyber Security Labelling Initiative launched by a coalition of countries including the UK, Singapore, Australia, Germany, Finland, Japan, and South Korea. The initiative aims to harmonise standards across markets, delivering safer devices to consumers and a clearer compliance framework for manufacturers.

Cyber Security Minister Liz Lloyd CBE said the initiative will provide “safer products for people, clearer rules for business and less duplication across borders.”

Domestically, the UK is also embedding cybersecurity more deeply into business governance through the Good Business Charter, which now includes cyber resilience as a key accreditation criterion. The forthcoming Cyber Security and Resilience Bill will further strengthen protections for essential and digital services, reinforcing the UK’s leadership in the global cybersecurity landscape.

As more nations adopt the UK’s approach, the PSTI framework – and the EN 303 645 standard that underpins it – continues to set the global benchmark for smart device security, supporting innovation while protecting consumers.

For more on compliance with this, The Radio Equipment Directive and the upcoming Cyber Resilience Act in the EU get in touch today.

New draft RED standards through the first review phase

SafeShark has been taking part in the latest standards development work in CEN/CENELEC, preparing for the introduction of the RED cyber security requirements in Aug 2025.

Three new standards have been developed EN 18031-1, -2, -3 which cover:

Part 1 common security requirements for internet connected radio equipment;
Part 2 internet connected radio equipment that processes personal, traffic, or location data, as well as products for childcare, toys, and wearables; and
Part 3 internet connected radio equipment that enables the holder or user to transfer money, monetary value or virtual currency.

The first review involved national administrations e.g. BSI in the UK, reviewing the drafts and submitting comments. The comments are now being triaged and responded to before a second round of review.

Through our involvement in the work SafeShark is ensuring that its customers will have plenty of notice as to how they can prepare for the RED requirements.

Report: 90% of technology decision-makers deem security a 'business priority'

According to the PSA Certified 2022 Security Report, 90% of its technology decision-maker respondents have increased the importance placed on security in the past 12 months, making it one of their top three business priorities.

The annual report, now in its second year, surveyed 1,038 technology decision-makers across Europe, USA, and APAC. They found that a third of companies believe that the risk of IoT hacks has risen during the pandemic due to widespread distributed working. A further 31% of respondents identified cost as the major inhibitor from implementing more stringent security measures.

The desire for guidance is also higher than ever, with 96% of respondents saying they would be interested in an industry-led set of guidelines on IoT best practices – considerably higher than the 84% in 2021.

Security frameworks and step-by-step guides were ranked as the most useful tools for deploying secure products to market, underlining the critical nature of education and support in shaping a more secure IoT.

Read the full report here.

Cyber security requirements for the EU market under discussion

IoT cybersecurity standards for connected products and devices are coming.

SafeShark is active in European activities to scope requirements for new cyber security standards. The new standards will demonstrate cyber security performance of consumer IoT and industrial products so that the products can be placed on the EU market.

The roadmap for this involves European standards bodies ETSI and CEN/CENELEC agreeing the scope of a standards request from the EC, then developing the standards ready for use.

Products compliance deadline for the new standards is currently 30 months from October this year, meaning requirements would come into force around May 2024.

The new requirements will be part of the Radio Equipment Directive which outlines requirements for CE marking.

SafeShark will ensure that any new standards are part of its assurance scheme.

In the meantime assurance against current consumer IoT cyber security standard EN 303 645 will ensure that your product is prepared for these up-coming changes.

Contact us now or sign up for legislation alerts to stay in the loop.