search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Shopfloor FOCUS: SUPPLY CHAIN


The new laws to protect consumers from cyber criminals, and what they mean for you


The UK’s consumer connected product security regime is now in effect, but what exactly is it and how can the electrical retail industry make changes for the future? Product law expert and Director at Fieldfisher, Aonghus Heatley, explains…


52


The consumer connected product security regime came into effect in the UK earlier this year. The law impacts consumer products connected to the Internet, such as smartphones, speakers, fridges, doorbells, printers… the list goes on. It imposes obligations on manufacturers, importers and distributors (including retailers), no matter their location, if their product is for sale in the UK.


What is the new law? The Product Security and Telecommunications Infrastructure Act 2022 (the PSTI Act) aims to ensure that UK consumers are not put at risk by insecure technology products. While smart devices have in the past been compromised at scale by cybercriminals, the objective of the new requirements is to prevent such security breaches, for example by strengthening default passwords. Other requirements (and more will be added in future) include providing information to the public on how to report security issues and on minimum security update periods (such as in an End-of-Life policy). If you are selling a product, it’s your responsibility to make sure that


product complies with the new requirements. While many retailers were actively driving compliance along their supply chains in anticipation of the deadline, we are speaking with a number of retailers who were either unaware that the products they sell, even those already on their shelves or in their warehouses, must be in compliance with the regime’s requirements or who were unable to get their supply-chain partners – such as importers or manufacturers – to engage with them. Non- compliance could result in those retailers being criminally liable. Retailers are also having to take practical steps themselves; the regime


requires that products are accompanied by a ‘Statement of Compliance’ which retailers will need to enclose or affix to products which they currently hold.


Based abroad? If the product you are shipping is going to go on sale in the UK and you are responsible for importing it, the regulation does affect you. You could be committing a criminal act by shipping a non-compliant product to the UK. The PSTI requirements apply to products already in the supply chain; for example, if you have stock in a warehouse awaiting distribution, it needs to be brought into compliance. It remains to be seen what enforcement posture the relevant regulator,


the Office for Product Safety and Standards (OPSS), will take; it has been reasonable and pragmatic in the past, enhancing cybersecurity against malicious actors is a nationally important issue for the UK. This may result in the OPSS taking a harder line than might otherwise be expected, even where it is clear that a company made all reasonable efforts to ensure compliance before last month’s deadline.


Some retailers will likely accept the risk of committing an offence by continuing to sell non-compliant products. Others will want to avoid the commission of an offence at all costs. We expect that there will be a large number of retailers which will try to take a middle-ground – trying to do what they can to ensure compliance, but without taking non-compliant products off the shelves.


What are the penalties? The regulator is, we think, more likely to use the carrot than the stick; that’s not to say they won’t show that they mean business now the changes have come into place. If, for example, you were selling a webcam for a child’s bedroom that could easily be hacked – because it uses an easily guessable default password – you could find yourself facing criminal penalties.


Companies can be landed with fines of up to £10 million, or four per cent of qualifying worldwide revenue, whichever is higher. The PSTI Act will be enhanced as technology evolves. If you consider


that three-quarters of UK homes now contain some sort of smart device or appliance there can be no doubt that further regulations will be coming down the line.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60