IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

UK gov introduces cyber bill designed to clamp down on unsecure devices

Law could prevent sale of smartphones, TVs, speakers, toys, and other digital devices that fail to meet minimum security requirements

Companies could be fined up to £10 million or 4% of their global turnover if they sell digital products that fail to protect consumers from being hacked.

Manufacturers, importers, and distributors of digital tech will be required to make sure the devices meet new security standards under a new law proposed by the UK government - with heavy fines for those who fail to comply.

The Product Security and Telecommunications Infrastructure (PSTI) Bill, introduced to Parliament on Wednesday, will allow the government to ban universal default passwords, force firms to be transparent to customers about what they are doing to fix security flaws in connectable products, and create a better public reporting system for vulnerabilities found in those products.

At present, digital device manufacturers must comply with rules to stop them from causing people physical harm from issues such as overheating, sharp components, or electric shock. But there is no regulation to protect consumers from harm caused by cyber breaches, which can include fraud and theft of personal data.

The bill will give the government new powers to bring in tougher security standards for device makers.

The tougher standards include a ban on easy-to-guess default passports that come preloaded on devices - such as ‘password’ or ‘admin’ - which are a target for hackers. All passwords that come with new devices will need to be unique and immune to resets from universal factory settings.

The new law will also require connectable product manufacturers to tell customers at the point of sale, and keep them updated, about the minimum amount of time a product will receive vital security updates and patches. If a product does not come with security updates, that must be disclosed to the customer.

This will increase people’s awareness about when the products they buy could become vulnerable so they can make better-informed purchasing decisions, according to the government. It's believed nearly 80% of the firms targeted by the bill do not have any such system in place, the government said.

There will also be new rules that require manufacturers to provide a public point of contact to make it simpler for security researchers and others to report when they discover flaws and bugs in products.

This new cyber security regime will be overseen by a regulator, which will be designated once the bill comes into force, and will have the power to fine companies for non-compliance up to £10 million or 4% of their global turnover, as well as up to £20,000 a day in the case of an ongoing contravention.

The regulator will also be able to issue notices to companies requiring that they comply with the security requirements, recall their products, or stop selling or supplying them altogether. As new threats emerge or standards develop, ministers will have the power to mandate further security requirements for companies to follow via secondary legislation.

Related Resource

The Okta digital trust index

Exploring the human edge of trust

Woman types on a laptop, image is faded purple with title text beside it on white backgroundFree download

NCSC technical director Dr. Ian Levy said the bill would “ensure the security of connected consumer devices and hold device manufacturers to account for upholding basic cyber security”.

“The requirements this bill introduces – which were developed jointly by DCMS and the NCSC with industry consultation – mark the start of the journey to ensure that connected devices on the market meet a security standard that’s recognised as good practice,” he added.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022