GAI and Secured by Design publish new technical briefing on the Product Security and Telecommunications Infrastructure Act

The Guild of Architectural Ironmongers (GAI) and Secured by Design (SBD) have joined forces to create a new technical briefing in response to requests for clarification on the implications of The Product Security and Telecommunications Infrastructure Act 2022 (The Act).

The Act received Royal Assent on 6 December 2022 and has been enacted into UK law. The government announced that companies have one year to implement the changes put forth in the legislation, with compliance required by 29 April 2024. This law applies to all consumer Internet of Things (IoT) products, which includes connected safety-relevant products, such as smart locks.

The briefing provides information on the legislation, its implications, and penalties for non-compliance.  It also explains how SBD’s Secure Connected Device accreditation can help with compliance. Finally, it highlights relevant standards in the area for people to be aware of, such as ETSI EN 303 645 and ETSI TS 103 701.    

Douglas Masterson, GAI technical manager, said: “The Guild is delighted to work closely with Secured by Design to produce this essential guidance, which will be of great importance to GAI members in particular as it impacts all manufacturers, importers and distributors of all IoT devices, and most notably for our sector in smart locks.” 

Michelle Kradolfer, Secured by Design National SBD Manager, added: "With less than six months to go, there's still a lack of awareness on the Act, which is why this technical briefing is essential for any company within the ironmongery and security industries that manufacture, import or distribute consumer IoT products in the UK. 

“The legislation is holding companies responsible for the security of their products and have outlined the minimum security requirements that will need to be complied with by the 29 April 2024. In recent years we've not only seen a significant rise in smart devices being available in the UK market, but number of cyber attacks on such devices have also increased. Therefore, it is vitally important to ensure that all IoT products have the right level of security in place to protect consumers and reduce the risk of them falling victim to cyber crime."

This technical briefing is available for GAI members to download from