A new bill recently came out in the UK to increase data security and safeguard digital device users from hackers. This proposal will prevent the purchase of digital devices in the UK that do not meet basic security requirements. Thus, it foresees fines of up to £10 million (or up to 4 percent of global turnover for companies that are not compliant) as well as up to £20,000 a day in the case of an ongoing violation.
The Product Security and Telecommunications Infrastructure Bill (PSTI) will push companies to be more transparent about their activities to combat vulnerabilities in digital products and improve the public reporting system.
Some new rules the law includes are:
- A ban on default and easily guessable passwords that come on devices. The passwords are mandated to be “unique and not resettable to any universal factory setting” (Gov. UK., 2021).
- A requirement for manufacturers to keep users up to date on essential security updates. Moreover, manufacturers shall provide information to the users on whether the device will or will not receive vital security updates and patches.
- New rules requiring manufacturers to provide a public point of contact to report when defects and bugs are discovered in products.
- A series of measures designed to promote more collaborative negotiations between telecommunications operators and landowners encountering obstacles in negotiating requests to install and upgrade telecommunications infrastructure.
- Additionally, manufacturers will also be required to investigate compliance failures, state their compliance, and keep an up-to-date record.
It is also forecasted that the regulator will also develop additional standards in the event of new threats and require companies to comply with security requirements, recall their products, or stop selling them if they do not intervene.
The proposed legislation applies to connectable products, which includes all devices that can access the Internet (e.g., smartphones, smart TVs, etc.), but also to products that can connect to several other devices but not directly to the Internet (e.g., smart light bulbs, smart thermostats, etc.). This carries some exceptions:
- Desktop and laptop computers are exempted as they already include specific security features.
- Products subjected to dual regulation or not lead to tangible improvements in user safety (e.g., electric vehicle charging points and medical devices).
- Second-hand connectable products.
Finally, the PSTI Bill also addresses the conflictive issue on negotiating the rights to install, use and upgrade infrastructure through several actions focused on collaboration and better working relationships between parties. These measures are vital to the government-sponsored £1 billion shared network, which will extend fast and trusted 4G coverage to 95% of the UK’s territory, achieve the government’s goal of 85% gigabit-capable broadband coverage by 2025, and bring most of the population within reach of a 5G network by 2027.
Finally, to prevent the risk of infections on surgery patients, the users have been exhorted to report suspected or actual incidents involving phaco handpieces immediately.
Surveillance will be performed either by:
- The local healthcare institution incident reporting system;
- The national incident reporting authority of England, Scotland, Northern Ireland, or Wales.
Hopefully, the extensive action taken by the MHRA will allow phaco handpieces to be properly decontaminated, avoiding further damages to the UK citizens undergoing cataract-removal surgery.
Was this article helpful?
Check Obelis UK News page to keep up to date with the latest Medical Devices and Cosmetics market in the UK.
Regulatory Affairs Department
Should you like to appoint Obelis UK as your UK RP, or if you simply need guidance on your UK documentation, please do not hesitate to contact us.
GOV. UK. (2021). Press release: New cyber laws to protect people’s personal tech from hackers. Retrieved on 03/12/2021 from https://www.gov.uk/government/news/new-cyber-laws-to-protect-peoples-personal-tech-from-hackers
NCSC. GOV. UK. (2021). Cyber aware guidance: Improve your online security today. Retrieved on 03/12/2021 from https://www.ncsc.gov.uk/cyberaware/home
NCSC. GOV.UK. (2021). Guidance: Smart devices: using them safely in your home Retrieved on 03/12/2021 from: https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home