PSTI 인증

As an accredited testing laboratory, we’ve helped thousands of manufacturers complete cyber security testing for their products and achieve PSTI certification.

1. PSTI certification

In December 2022, the UK government formally passed the "Product Security and Telecommunications Infrastructure Act 2022" (PSTI) and it will be enforced from April 29, 2024. The new regulation marks a new era for cybersecurity in the UK, as it mandates the creation of new minimum security requirements that manufacturers, importers, and distributors of consumer connectable products (also called Internet of Things or IoT devices) must comply with.

2. More about PSTI certification

The bill received Royal Assent on 6 December 2022. It entered into force in April 2023 with a 12-month transition period, and became mandatory from 29th April 2024, and manufacturers are obliged to comply with the security requirements described therein or face potential penalties.

The bill consist of three main parts:

  • Part 1: product security;
  • Part 2: telecommunications infrastructure;
  • Part 3: final provisions.

Part 1 of the PSTI Regulation requires manufacturers, distributors, and importers to ensure that products placed on the UK market comply with minimum security requirements aimed at protecting the UK consumer.

It applies to England and Wales, Scotland, and Northern Ireland.

Products that can be connected to a network or internet are under the scope of this regulation. These are the Internet of Things devices, that include, but are not limited to:

  • Smartphones;
  • Smart cameras;
  • Smart TVs;
  • Smart speakers;
  • Connected home appliances like smart refrigerators, smart washing machines;
  • Smart home assistants;
  • Routers;
  • Cameras;
  • Smoke detectors;
  • Connected safety-relevant products such as smoke detectors, windows sensors, and door locks (smart locks);
  • Connected home automation and alarm systems (gateways and hubs);
  • Smart home hubs and assistants;
  • Wearable connected fitness trackers;
  • Outdoor leisure products, such as handheld connected GPS devices that are not wearables;
  • Connected children’s toys and baby monitors;
  • Internet of Things base stations and hubs to which multiple devices connect;

It is also important to know that the following devices are excluded from the UK PSTI Regulations:

  • vehicles;
  • Charge points for electric vehicles;
  • Medical devices (if they fall under the MDR);
  • Smart meter products;
  • Computer products like desktop, laptop and tablet computers (desktop and laptop computers designed for use by children aged 14 and under) which do not have the capability to connect to cellular networks;

Not sure if your product requires PSTI certification? Please 간단한 양식을 작성해 주세요, 당사 전문가가 기꺼이 추가 지원을 해드릴 것입니다.

According to the UK GOV’s publication on PSTI, such as the documentThe Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023,as shown in Schedule 2, PSTI currently assesses products for compliance with three control requirements at this stage:

  1. Prohibition of common default passwords, reference standards: ETSI EN 303 645 provisions 5.1-1 and 5.1-2;
  2. Implementation of vulnerability disclosure management, reference standards: ETSI EN 303 645 provision 5.2-1;
  3. Requirement to maintain transparency for the shortest security update time period, reference standards: ETSI EN 303 645 provision 5.3-13.

ETSI EN 303 645 establishes new global standards for the security of consumer devices connected to the Internet of Things (IoT), enabling products to withstand serious cybersecurity threats and comply with GDPR requirements, protecting personal data and consumer privacy.

The ETSI EN 303 645 standard for IoT product security and privacy includes the following 13 categories of requirements:

  1. Common default password security;
  2. Vulnerability disclosure management;
  3. Software updates;
  4. Sensitive security parameter storage;
  5. Communication security;
  6. Minimization of attack surface;
  7. Protection of personal data;
  8. Software integrity;
  9. System resilience to interruptions;
  10. Inspection of system telemetry data;
  11. Ease of deletion of personal data by users;
  12. Simplified device installation and maintenance;
  13. Validation of input data.

PSTI Act and ETSI EN 303 645 standard testing processes:

  • Sample data preparation: three sets of samples including main units and accessories, unencrypted software, user manuals/specifications/relevant services, and login accounts;
  • Establishment of test environment: establish a test environment based on the user manual;
  • Execution of network security assessment: document review and technical testing, check vendor questionnaires, and provide feedback;
  • Weakness remediation: provide consulting services to address weakness issues;
  • Issuance of PSTI assessment report or ETSI EN 303 645 assessment report.

3. 가격 및 리드타임

You will never pay for services that you don’t need! GTG Group provides a customized quote which are tailored to each client's needs and budget. Furthermore, we can expedite the certification process by leveraging modern technologies that ensure you receive the PSTI certification in a reasonably short time frame, faster than the average industry time.

However, the cost and the lead time of testing and certification varies depending on the product complexity and the testing requirements. GTG Group provides free consultation to assess your needs and provide advice on how to get started with compliance. 문의하기 today by 간단한 양식 작성!

4. FAQs

Does the Statement of Compliance (SoC) have to be a piece of paper that comes in the box with the product? What doesattachedmean? Does the Statement of Compliance (SoC) have to be a piece of paper that comes in the box with the product? What doesattachedmean?

No. It is up to each organization to decide how to comply with the Act based on the requirements of their own products. The Act require that the SoC must be a document, but they do not specify that this document must be paper-based; it can also be in digital form. However, manufacturers must ensure that this document is provided with the product, in whatever form, to ensure that users can access it when they receive the product.

Should Bluetooth be considered as meeting the second connectivity condition?

Section 5 defines the connectivity condition as follows:
‘(5) A product meets the second connectivity condition if

  • (a) it can connect directly to two or more products simultaneously through a communication protocol that is not part of the Internet Protocol Suite, and
  • (b) it can connect directly to an Internet-connectable product (whether or not it is also connected to any other product) through such a communication protocol.’

Accordingly, a Bluetooth product meets the second connectivity condition if it is capable of connecting to two or more products and is also capable of connecting directly to an Internet-connectable product.

If I only sell connected products for business/professional use, are they exempt from the Act?

If the manufacturer knew or should have known that the product would be used as a UK consumer connected product, then the product falls within the scope of the requirements. This means that whether or not the product is marketed to ‘professionals or merchants’, if the manufacturer knew or should have known that consumers would use the product, then the product needs to comply with the Act. For a manufacturer to be exempt from the Act, they must ensure that the product will not be used by consumers. They must ensure that the product will not be used by consumers, that there is no equivalent product on the market for consumers, and that the product has not been offered to consumers before.

Since retailers as part of the supply chain will be affected by the UK’s PSTI Act, do online consumer retail platforms like eBay, Amazon, Taobao, etc., need to comply with the UK PSIT Act in the following scenarios?

  • a. The relevant products come from distributors and importers who procure from suppliers,
  • b. The relevant products are directly procured by the online consumer retail platform from suppliers.

All relevant parties must comply with the Product Safety and Telecommunications Infrastructure Act of 2022.

5. 왜 우리를 선택합니까?

2012년에 설립된 GTG 그룹은 중국의 독립적인 ISO/IEC 17025 공인 제품 테스트 및 인증 서비스 제공업체로서 광범위한 제품에 대한 포괄적인 테스트 및 규제 인증 획득 서비스를 제공합니다. 우리의 목표는 귀사의 제품을 인증하고 규제 표준 준수를 보장하여 귀사가 전 세계 시장에 진출할 수 있도록 돕는 것입니다.

By working with GTG Group, you will enjoy the convenience of completing all of your tests (cyber security, safety, EMC, RF, wireless, energy efficiency, environmental, durability, performance, chemical and other tests) and receive certification for your product from a single accredited lab. You will also eliminate the headaches of using multiple labs, delays in logistics, and shipping costs. 문의하기 오늘!

GTG 그룹과 협력할 때 가장 큰 장점 중 하나는 실제 테스트를 수행하고 최종 사용자에 대한 책임을 진다는 것입니다. 이는 위험을 방지하고 제품을 사용하는 기업과 개인에게 마음의 평화를 제공하기 때문에 필수적입니다. 우리는 세계 최고의 기업들과 협력해 왔으며 우리의 서비스는 고객들로부터 높은 평가를 받고 있습니다. 테스트 및 인증을 위해 GTG 그룹을 선택하면 신뢰할 수 있고 신뢰할 수 있는 파트너와 협력하고 있다는 확신을 가질 수 있습니다.

당사의 테스트 및 테스트 보고서는 전 세계적으로 규제 기관에서 인정하고 승인하여 귀하의 제품이 필요한 표준 및 규정을 충족하는지 확인합니다. GTG 그룹의 자회사는 IECEE, UL, A2LA, NVLAP, ITS(Intertek), KTC, TÜV, Eurofins, CNAS, CMA, CQC를 포함한 국내 및 국제 인증 기관의 인증을 받았습니다. 우리의 인증은 업계 표준을 충족하는 고품질 테스트 서비스를 제공하려는 우리의 약속에 대한 증거입니다. 모든 인증 서류를 확인하세요. 이 페이지.

GTG Group accredited laboratory have more than 13 years of experience in IoT products testing for the global market and have helped thousands of businesses achieve PSTI certification. Experts we hired are all with deep industry expertise and extensive technical knowledge that can help you avoid common mistakes.

Furthermore, our facilities are with enough space to perform every type of test separately and have room for all your equipment as well as plenty of workspace around it. GTG Group covers a testing area of 30,000 square meters and have more cyber security testing labs, safety testing labs, EMC testing labs, RF testing labs, energy efficiency testing labs, performance testing labs, durability testing labs and environmental testing labs than our peers.

또한 당사의 표준화되고 표준화된 테스트 프로세스를 통해 짧은 시간 내에 정확하고 신뢰할 수 있는 테스트 결과를 제공할 수 있습니다. 그렇기 때문에 우리의 처리 시간은 업계에서 가장 빠르며 고객이 지체 없이 제품을 시장에 출시할 수 있도록 보장합니다.

GTG 그룹은 최신 테스트 장비에 막대한 투자를 하고 있으며 테스트 방법이 정확하고 신뢰할 수 있도록 엄격한 품질 관리 프로세스를 갖추고 있습니다. 또한, 실험실에서는 정기적으로 장비를 업그레이드하여 최신 기술을 유지합니다.

우리는 모든 제품이 다르며 제품 개발에 있어서 비용이 중요한 요소라는 것을 알고 있습니다. GTG 그룹은 품질 저하 없이 저렴한 테스트 솔루션을 제공하기 위해 노력하고 있습니다. 당사의 전문가 팀은 귀하와 긴밀히 협력하여 귀하 제품의 특정 요구 사항을 이해하고 귀하의 요구 사항을 충족하고 규제 표준 준수를 보장하는 설계 테스트 솔루션을 제공합니다. 즉, 귀하가 원하지 않는 서비스에 대한 비용을 지불하지 않고도 필요한 테스트를 받을 수 있으며 고객이 항상 비용 대비 최고의 가치를 얻을 수 있음을 보장합니다.

또한 무료 사전 적합성 테스트 서비스를 제공하여 프로세스 초기에 잠재적인 설계 결함을 감지하고 해결함으로써 설계 비용을 절감하고 시장 출시를 가속화할 수 있습니다. 우리는 위험이나 의무를 약속하지 않습니다!

무료 견적을 받을 준비가 되셨나요?

우리는 테스트 및 인증 서비스에 대해 경쟁력 있는 가격을 제공합니다. 그리고 우리 팀은 규정 준수 테스트/인증에 관한 일반적인 문의나 기술 논의에 언제든지 응할 수 있습니다. 간단한 양식을 작성하여 GTG 그룹 전문가와 상담하세요.
도움이 필요하거나 질문이 있으신가요?

표준 해석, 표준 적용 가능성 또는 국가별 요구 사항과 관련하여 제품 테스트 및 인증에 대해 질문이 있습니까?

귀하의 제품에 어떤 표준이 적용되는지 잘 모르시나요? 얘기하자! 우리 전문가들은 연중무휴 24시간 대기하고 있습니다.

인증

여기에서 당사의 포괄적인 테스트 범위, 당사가 다루는 표준을 확인하고 전체 인증을 확인하세요.

무료 견적을 받을 준비가 되셨나요?

우리는 테스트 및 인증 서비스에 대해 경쟁력 있는 가격을 제공합니다. 그리고 우리 팀은 규정 준수 테스트/인증에 관한 일반적인 문의나 기술 논의에 언제든지 응할 수 있습니다.

문의하기 0086-18188898539로 전화하여 우리 팀과 대화하거나 무료 견적 아래의 간단한 양식을 작성해 주세요.
받기 무료 견적 몇 분 안에!

GTG 그룹은 13년 동안 수천 개의 조직이 국제 승인을 받아 글로벌 시장에 접근하도록 도왔습니다!

© 2012-2024 GTG 그룹. 판권 소유.

© 2012-2024 GTG 그룹. 판권 소유.