PSTI认证

As an accredited testing laboratory, we’ve helped thousands of manufacturers complete cyber security testing for their products and achieve PSTI certification.

1. PSTI certification

In December 2022, the UK government formally passed the "Product Security and Telecommunications Infrastructure Act 2022" (PSTI) and it will be enforced from April 29, 2024. The new regulation marks a new era for cybersecurity in the UK, as it mandates the creation of new minimum security requirements that manufacturers, importers, and distributors of consumer connectable products (also called Internet of Things or IoT devices) must comply with.

2. More about PSTI certification

The bill received Royal Assent on 6 December 2022. It entered into force in April 2023 with a 12-month transition period, and became mandatory from 29th April 2024, and manufacturers are obliged to comply with the security requirements described therein or face potential penalties.

The bill consist of three main parts:

  • Part 1: product security;
  • Part 2: telecommunications infrastructure;
  • Part 3: final provisions.

Part 1 of the PSTI Regulation requires manufacturers, distributors, and importers to ensure that products placed on the UK market comply with minimum security requirements aimed at protecting the UK consumer.

It applies to England and Wales, Scotland, and Northern Ireland.

Products that can be connected to a network or internet are under the scope of this regulation. These are the Internet of Things devices, that include, but are not limited to:

  • Smartphones;
  • Smart cameras;
  • Smart TVs;
  • Smart speakers;
  • Connected home appliances like smart refrigerators, smart washing machines;
  • Smart home assistants;
  • Routers;
  • Cameras;
  • Smoke detectors;
  • Connected safety-relevant products such as smoke detectors, windows sensors, and door locks (smart locks);
  • Connected home automation and alarm systems (gateways and hubs);
  • Smart home hubs and assistants;
  • Wearable connected fitness trackers;
  • Outdoor leisure products, such as handheld connected GPS devices that are not wearables;
  • Connected children’s toys and baby monitors;
  • Internet of Things base stations and hubs to which multiple devices connect;

It is also important to know that the following devices are excluded from the UK PSTI Regulations:

  • vehicles;
  • Charge points for electric vehicles;
  • Medical devices (if they fall under the MDR);
  • Smart meter products;
  • Computer products like desktop, laptop and tablet computers (desktop and laptop computers designed for use by children aged 14 and under) which do not have the capability to connect to cellular networks;

Not sure if your product requires PSTI certification? Please 填写我们的简短表格,我们的专家将很乐意为您提供进一步的帮助。

According to the UK GOV’s publication on PSTI, such as the documentThe Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023,as shown in Schedule 2, PSTI currently assesses products for compliance with three control requirements at this stage:

  1. Prohibition of common default passwords, reference standards: ETSI EN 303 645 provisions 5.1-1 and 5.1-2;
  2. Implementation of vulnerability disclosure management, reference standards: ETSI EN 303 645 provision 5.2-1;
  3. Requirement to maintain transparency for the shortest security update time period, reference standards: ETSI EN 303 645 provision 5.3-13.

ETSI EN 303 645 establishes new global standards for the security of consumer devices connected to the Internet of Things (IoT), enabling products to withstand serious cybersecurity threats and comply with GDPR requirements, protecting personal data and consumer privacy.

The ETSI EN 303 645 standard for IoT product security and privacy includes the following 13 categories of requirements:

  1. Common default password security;
  2. Vulnerability disclosure management;
  3. Software updates;
  4. Sensitive security parameter storage;
  5. Communication security;
  6. Minimization of attack surface;
  7. Protection of personal data;
  8. Software integrity;
  9. System resilience to interruptions;
  10. Inspection of system telemetry data;
  11. Ease of deletion of personal data by users;
  12. Simplified device installation and maintenance;
  13. Validation of input data.

PSTI Act and ETSI EN 303 645 standard testing processes:

  • Sample data preparation: three sets of samples including main units and accessories, unencrypted software, user manuals/specifications/relevant services, and login accounts;
  • Establishment of test environment: establish a test environment based on the user manual;
  • Execution of network security assessment: document review and technical testing, check vendor questionnaires, and provide feedback;
  • Weakness remediation: provide consulting services to address weakness issues;
  • Issuance of PSTI assessment report or ETSI EN 303 645 assessment report.

3. 价格和交货时间

You will never pay for services that you don’t need! GTG Group provides a customized quote which are tailored to each client's needs and budget. Furthermore, we can expedite the certification process by leveraging modern technologies that ensure you receive the PSTI certification in a reasonably short time frame, faster than the average industry time.

However, the cost and the lead time of testing and certification varies depending on the product complexity and the testing requirements. GTG Group provides free consultation to assess your needs and provide advice on how to get started with compliance. 联系我们 today by 填写我们的简短表格

4. FAQs

Does the Statement of Compliance (SoC) have to be a piece of paper that comes in the box with the product? What doesattachedmean? Does the Statement of Compliance (SoC) have to be a piece of paper that comes in the box with the product? What doesattachedmean?

No. It is up to each organization to decide how to comply with the Act based on the requirements of their own products. The Act require that the SoC must be a document, but they do not specify that this document must be paper-based; it can also be in digital form. However, manufacturers must ensure that this document is provided with the product, in whatever form, to ensure that users can access it when they receive the product.

Should Bluetooth be considered as meeting the second connectivity condition?

Section 5 defines the connectivity condition as follows:
‘(5) A product meets the second connectivity condition if

  • (a) it can connect directly to two or more products simultaneously through a communication protocol that is not part of the Internet Protocol Suite, and
  • (b) it can connect directly to an Internet-connectable product (whether or not it is also connected to any other product) through such a communication protocol.’

Accordingly, a Bluetooth product meets the second connectivity condition if it is capable of connecting to two or more products and is also capable of connecting directly to an Internet-connectable product.

If I only sell connected products for business/professional use, are they exempt from the Act?

If the manufacturer knew or should have known that the product would be used as a UK consumer connected product, then the product falls within the scope of the requirements. This means that whether or not the product is marketed to ‘professionals or merchants’, if the manufacturer knew or should have known that consumers would use the product, then the product needs to comply with the Act. For a manufacturer to be exempt from the Act, they must ensure that the product will not be used by consumers. They must ensure that the product will not be used by consumers, that there is no equivalent product on the market for consumers, and that the product has not been offered to consumers before.

Since retailers as part of the supply chain will be affected by the UK’s PSTI Act, do online consumer retail platforms like eBay, Amazon, Taobao, etc., need to comply with the UK PSIT Act in the following scenarios?

  • a. The relevant products come from distributors and importers who procure from suppliers,
  • b. The relevant products are directly procured by the online consumer retail platform from suppliers.

All relevant parties must comply with the Product Safety and Telecommunications Infrastructure Act of 2022.

5.为什么选择我们?

GTG集团成立于2012年,是中国一家独立的ISO/IEC 17025认可的产品测试和认证服务提供商,为多种产品提供全面的测试和监管认证获取服务。我们的目标是认证您的产品并确保其符合监管标准,以帮助您进入全球市场。

By working with GTG Group, you will enjoy the convenience of completing all of your tests (cyber security, safety, EMC, RF, wireless, energy efficiency, environmental, durability, performance, chemical and other tests) and receive certification for your product from a single accredited lab. You will also eliminate the headaches of using multiple labs, delays in logistics, and shipping costs. 联系我们 今天!

与GTG集团合作最显着的优势之一是我们进行真实的测试并对最终用户负责。这是至关重要的,因为它可以避免风险并让使用这些产品的企业和个人安心。我们与一些世界领先的企业合作,我们的服务受到客户的高度评价。当您选择 GTG 集团进行测试和认证时,您可以确信自己正在与值得信赖且可靠的合作伙伴合作。

我们的测试和测试报告得到全球监管机构的认可和接受,确保您的产品符合必要的标准和法规。 GTG集团的子公司获得了当地和国际认证机构的认可,包括IECEE、UL、A2LA、NVLAP、ITS (Intertek)、KTC、TÜV、Eurofins、CNAS、CMA、CQC。我们的认证证明了我们致力于提供符合行业标准的高质量测试服务。检查所有认证文件 这一页

GTG Group accredited laboratory have more than 13 years of experience in IoT products testing for the global market and have helped thousands of businesses achieve PSTI certification. Experts we hired are all with deep industry expertise and extensive technical knowledge that can help you avoid common mistakes.

Furthermore, our facilities are with enough space to perform every type of test separately and have room for all your equipment as well as plenty of workspace around it. GTG Group covers a testing area of 30,000 square meters and have more cyber security testing labs, safety testing labs, EMC testing labs, RF testing labs, energy efficiency testing labs, performance testing labs, durability testing labs and environmental testing labs than our peers.

此外,我们标准化和规范化的测试流程使我们能够在短时间内提供准确可靠的测试结果。这就是为什么我们的周转时间是业内最快的,确保我们的客户将他们的产品立即推向市场。

GTG集团大力投资现代化检测设备,并拥有严格的质量控制流程,确保检测方法准确可靠。此外,实验室定期升级其设备,以确保其始终处于技术前沿。

我们知道每种产品都是不同的,成本是产品开发的一个重要因素。 GTG 集团致力于在不影响质量的情况下提供价格实惠的测试解决方案。我们的专家团队将与您密切合作,了解您产品的具体需求,设计满足您要求并确保符合监管标准的测试解决方案。这意味着您可以获得所需的测试,而无需为不需要的服务付费,从而确保我们的客户始终物有所值。

我们还可以提供免费的预合规测试服务,帮助在流程早期发现和解决潜在的设计缺陷,从而降低设计成本并加速市场推出。我们承诺没有风险或任何义务!

准备好获得免费报价了吗?

我们为测试和认证服务提供有竞争力的价格。我们的团队随时可以解答有关合规性测试/认证的任何一般询问或技术讨论。填写我们的简短表格,与 GTG 集团专家交谈。
请问你需要帮忙或者有任何疑问吗?

对标准解释、标准适用性或国家特定要求的产品测试和认证有疑问吗?

不确定哪些标准适用于您的产品?我们来谈谈吧!我们的专家 24*7 待命。

认证

查看我们的综合测试范围、涵盖的标准,并在此处查看我们的完整认证。

准备好获得免费报价了吗?

我们为测试和认证服务提供有竞争力的价格。我们的团队随时可以解答有关合规性测试/认证的任何一般询问或技术讨论。

联系我们 拨打 0086-18188898539 与我们的团队交谈,或请求 免费报价 填写下面的简短表格。
得到 免费报价 几分钟后!

13 年来,GTG 集团已帮助数千家组织进入全球市场并获得国际认可!

© 2012-2024 GTG 集团。版权所有。

© 2012-2024 GTG 集团。版权所有。