近日,英国政府宣布了PSTI法规,即《产品安全和电信基础设施(相关可连接产品的安全要求)法规2023》。该法规已于
年9月14日正式立法,并且确定PSTI安全制度将从2024年4月29日开始生效。此法规适用于英格兰、威尔士、苏格兰和北爱尔兰。
Recently, the UK government announced the PSTI regulation, the Product Safety and Telecommunications Infrastructure (Safety Requirements for Associated Connectable Products) Regulations 2023. The regulation was formally legislated on September 14, 2023 and it was determined that the PSTI security regime will be effective from April 29, 2024 onwards. This legislation applies to England, Wales, Scotland and Northern Ireland.
新的PSTI法规规定了对向英国消费者提供产品的最低安全基线要求,其法规主要基于英国消费者物联网安全实践准则以及全球领先的消费者物联网安全标准ETSI EN 303 645,对密码、最短安全更新时间周期、如何披露安全问题进行了相应的规定和要求。
The new PSTI regulation sets out the minimum security baseline requirements for products supplied to consumers in the U.K. Its regulations are largely based on the U.K. Code of Practice for Consumer IoT Security as well as the world's leading consumer IoT security standard, ETSI EN 303 645, with corresponding regulations and requirements for passwords, minimum security update inter.
PSTI简介 PSTI Introduction
网络安全已经成为现代社会中一个不容忽视的关键议题。根据GSMA的预测,到2025年,全球物联网设备的连接数将达到250亿个。在这些连接中,消费级物联网设备将占据110亿个,而工业级物联网设备将达到140亿个,超过了全球总连接数的一半。随着全球范围内物联网设备数量的迅速增加,各国纷纷制定了网络安全法律法规,以加强对市场上物联网产品的规范化管理。英国的《2022年产品安全和电信基础设施法案》(简称PSTIA)便是在这样的背景下制定的。
Cybersecurity has become a critical topic that cannot be ignored in modern society. According to the GSMA, by 2025, the number of global IoT device connections will reach 25 billion. Of these connections, consumer-grade IoT devices will account for 11 billion, while industrial-grade IoT devices will reach 14 billion, more than half of the total global connections. With the rapid increase in the number of IoT devices globally, countries have enacted cybersecurity laws and regulations to strengthen the standardization of IoT products in the market. The UK's Product Security and Telecommunications Infrastructure Act 2022 (PSTIA) was developed against this backdrop.
PSTIA由两部分组成(PSTIA consists of two parts):
第1部分:列出了范围内互联产品的产品安全要求,以帮助抵御网络攻击。
Part 1: sets out the product security requirements for in-scope connected products to help defend against cyber attacks.
第2部分:重点介绍支持移动的、全光纤和千兆网络的部署和扩展。
Part 2: Focuses on the deployment and expansion of mobile-enabled, full-fiber and gigabit networks.ow to disclose security issues.
随后,英国政府颁布了产品安全和电信基础设施 (相关可连接产品的安全要求)法规(以下简称“PSTI法规”) ,规定了对向英国消费者提供产品的最低安全要求,这些条例已于2023年9月14日签署成为法律。
Subsequently, on September 14, 2023, the U.K. government enacted the Product Safety and Telecommunications Infrastructure (Safety Requirements for Associated Connectable Products) Regulations ("PSTI Regulations"), which set out the minimum safety requirements for products supplied to U.K. consumers.
PSTI 产品范围 PSTI Product Range
英国PSTI覆盖的产品范围包括绝大多数的消费类联网产品,例如:智能手机、智能家电、智能家居助手、摄像头、智能门锁、警报系统、智能家庭集线器和语音助手、户外活动设备、儿童玩具和婴儿监视器等,也适用于不能直接连接到互联网但能连接到多个其他设备的产品,比如智能灯泡、智能恒温器和可穿戴健身追踪器。
The product range covered by the UK PSTI includes the vast majority of consumer connected products such as smartphones, smart appliances, smart home assistants, cameras, smart door locks, alarm systems, smart home hubs and voice assistants, outdoor activity equipment, children's toys and baby monitors, but also applies to products that cannot be connected directly to the internet but can be connected to multiple other devices, such as smart light bulbs, smart thermostats and wearable fitness trackers.
同时,PSTI 2023还列出了排除在监管制度外的产品清单,包括计算机(台式电脑、笔记本电脑、没有蜂窝连接的平板电脑)、医疗设备、电动汽车充电桩和智能电表等计量产品,以及供应北爱尔兰的符合相关立法规定的产品都不在范围内。
At the same time, PSTI 2023 also sets out a list of products that are excluded from the regulatory regime, including computers (desktop computers, laptops, tablets without cellular connectivity), medical devices, metering products such as electric vehicle charging pads and smart meters, as well as products supplied to Northern Ireland that are compliant with the relevant legislation are out of scope.
PSTIA 对企业的影响 Impact of PSTIA on businesses
根据PSTIA规定,自2024年4月29日起,所有相关产品都必须配备新的合规性声明。这一规定涵盖了大部分的联网产品,适用范围广泛。对于不遵守规定的企业,将面临严厉的处罚措施:违规企业可能会被处以高达1000万英镑的罚款或其全球收入的4%,若违规行为持续,则每天可加征最高2万英镑的罚金。此外,监管机构还有权力召回市场上的违规产品,并公开违规详情。因此,建议各相关制造商对在英国市场销售的产品,以及计划出口至英国市场的产品进行清点,立即开始针对PSTI法规的合规性评估,以保障企业利益。
Under the PSTIA, as of April 29, 2024, all relevant products must be equipped with a new Declaration of Conformity. This regulation covers most connected products and has a wide scope of application. Companies that do not comply will face severe punitive measures: non-compliant companies could be fined up to £10 million or 4% of their global revenue, with additional penalties of up to £20,000 per day if the violation persists. In addition, the regulator has the power to recall offending products from the market and disclose details of the breach. It is therefore recommended that all relevant manufacturers take an inventory of products sold in the UK market, as well as those planned to be exported to the UK market, and begin a compliance assessment against the PSTI regulations immediately to protect the interests of the business.
