The UK’s consumer connectable product security regime will come into effect on 29 April 2024. Businesses involved in the supply chains of these products will need to be compliant with this legislative framework from that date.
From that date, the law will require manufacturers of UK consumer connectable products to comply with minimum security requirements.
These minimum security requirements are based on the UK’s Code of Practice for Consumer IoT security, the leading global standard for consumer IoT security ETSI EN 303 645, and on advice from the UK’s technical authority for cyber threats, the National Cyber Security Centre. The regime will also ensure other businesses in the supply chains of these products play their role in preventing insecure consumer products from being sold to UK consumers and businesses.