The UK Product Security and Telecommunications Infrastructure (PSTI) Act

The UK Product Security and Telecommunications Infrastructure (PSTI) Act

The UK’s consumer connectable product security regime will come into effect on 29 April 2024. Businesses involved in the supply chains of these products will need to be compliant with this legislative framework from that date.

The regime comprises two pieces of legislation:

  • Part 1 of the Bill : The Product Security measures
  • Part 2 of the Bill : The Telecommunications Infrastructure measures

The Product Security measures (Part 1 of the Bill) will apply to manufacturers, importers, and distributors in the supply chain for consumer connectable products.

Considered Requirements:

The UK Government published the regulations that will enact the UK Product Security and Telecoms Infrastructure (PSTI) Act 2022 which aims to pave the way for new security requirements on ‘consumer connectable products’ to better protect UK home devices from hackers.

Under draft regulations that have been laid before the UK Parliament, the following minimum security standards must be met before consumer devices can be sold in the UK:

  • Universal default and easily guessable default passwords cannot be used on consumer connectable products.
  • Manufacturers must publish information on how long products will receive security updates for. This will include making customers aware of a product’s security update support period before allowing product purchases on the manufacturer’s website.
  • Manufacturers must publish contact information to allow vulnerabilities relating to their devices to be reported.
  • Manufacturers must declare that they are compliant through a ‘Statement of Compliance’. The regulations state that adherence to industry standards ETSI EN 303 645 and/or ISO/IEC 29147 can be used as evidence of compliance.
  • Manufacturers, importers, and distributors of the consumer connected devices will not be able to sell products in the UK if they are not accompanied by a Statement of Compliance.

BV Services: Awareness & Preparation and provide a 3rd Party Assessment for UK,PSTI

Contact us for more information!

United Kingdom: UKCA marking and UK approval process – indefinite CE mark recognition beyond 2024 deadline

UKCA marking and UK approval process – indefinite CE mark recognition beyond 2024 deadline

As follow-up on our NEWS from 29th November 2022, we want to inform as follow:

The UK Department of Business and Trade (DBT) announced its intention on 1st August 2023, to extend the use of CE marking indefinitely and announced the indefinite recognition of CE marking beyond the previously stated deadline of 2024.
This extension is intended to give companies flexibility and the choice to use either the UKCA or CE approach to market products in the UK. This update applies to the 18 regulations under the Department of Business and Trade (DBT). These are:

  • toys
  • pyrotechnics
  • recreational craft and personal watercraft
  • simple pressure vessels
  • electromagnetic compatibility
  • non-automatic weighing instruments
  • measuring instruments
  • measuring container bottles
  • lifts
  • equipment for potentially explosive atmospheres (ATEX)
  • radio equipment
  • pressure equipment
  • personal protective equipment (PPE)
  • gas appliances
  • machinery
  • equipment for use outdoors
  • aerosols
  • low voltage electrical equipment

Web:

https://www.gov.uk/government/news/uk-government-announces-extension-of-ce-mark-recognition-for-businesses

https://www.gov.uk/guidance/using-the-ukca-marking

Update, 17th May 2024:
The CE recognition end date of 31 December 2024 has been removed by the GB government. References to new legislation included which the government has laid to continue recognition of current EU requirements for a range of product regulations, including the CE marking, meaning businesses will have the flexibility to use either the UKCA or CE marking to sell a range of products in Great Britain. Relevant products and affected sectors have been included, as well as general updates to the guidance.
https://www.gov.uk/guidance/ce-marking#full-publication-update-history

United Kingdom: UKCA marking and UK approval process – further extending the acceptance of CE marking

UNITED KINGDOM: UKCA marking and UK approval process – further extending the acceptance of CE marking

As follow-up on our NEWS from 26th August 2021, we want to inform as follow:

All goods that previously required CE marking do not have to bear the UKCA marking until 31 December 2024. (source)

In order to give companies  more time to prepare for the full implementation of the new UK regime, CE marked goods that fall within the scope of these guidelines and comply with the EU requirements (provided they are in line with the UK requirements) can continue to be placed on the UK market until 31 December 2024 where EU and UK requirements remain the same. This still applies to goods that have been assessed by an EU notified body.

From 1 January 2025, the UKCA mark must be used to place goods on the UK market.

Importers still need to take steps to ensure that they comply with the new importer obligations when bringing products from the EU onto the UK market.

Details: https://www.gov.uk/guidance/placing-manufactured-goods-on-the-market-in-great-britain

Changeover of the brand appearance at 7layers

Changeover of the brand appearance at 7layers

As a long-standing member of the Bureau Veritas Group, we will in future also present ourselves in our brand identity as Bureau Veritas.

For customers who have so far perceived us as 7layers, this means above all continuity in competence and reliability. Through their existing contacts, our customers will have direct access to a service portfolio that addresses all aspects of the complex world of product certification. www.cps.bureauveritas.com

Moldova: Revocation of label regulation from 22nd February 2021

MOLDOVA: Revocation of label regulation from 22nd February 2021

Contrary to the regulation regarding the prohibition of simultaneous marking of products with CE and SM logos, which came into force on 22nd February 2021 (see 7layers NEWS https://www.7layers.com/en/moldova-label-regulation-change-from-feb-2021/), the Government of the Republic of Moldova has repealed this regulation with effect from publishing the Decision No. 208 of 30th March 2022 (https://www.legis.md/cautare/getResults?doc_id=130608&lang=ro).

From this date, approved products may bear the CE and SM logos simultaneously. If the device already bears a CE logo and a national approval has been granted, the SM logo is no longer mandatory.

 

Please note:

The CE declaration of conformity and the CE mark on the product is not sufficient for placing the products on the market of the Republic of Moldova. The usual approval process must still be followed.

Visit Bureau Veritas CPS at the embedded world 2022 in Nuremberg, Germany

Do you need to access the global market with state-of-the-art wireless connected devices or smart IoT services?
Do you want to make use of radio technologies such as 5G/4G/3G/2G, Bluetooth, WLAN, ZigBee, NFC, Radars?
Would you like to learn more about cybersecurity solutions?

Visit us at embedded world 2022!

21 – 23 June 2022
Nuremberg Exhibition Centre
90471 Nuremberg
Booth: 5-278, Hall 5

We support you with Wireless Testing & Certification, Global Market Access, CB Scheme Electrical Safety, Cybersecurity, and a broad range of Consulting services.

WEBINAR: Preparing for the EU RED Cybersecurity Launch

Preparing for the EU RED Cybersecurity Launch

25.04.2022

Radio equipment must comply to new cyber security requirements when it is placed of the EU market. The deadline in 2024 is approaching quickly, thus device manufacturers must start to prepare for it now.

In this webinar Michael Beine (Manager Cyber Security @ Bureau Veritas – 7layers) will explain what these new articles are about, he will give an impression how manufacturer can address them and how Bureau Veritas can help.

Register here!

WEBINAR: Cyber security for industry automation IEC 62443 – In a Nutshell

Cyber security for industry automation IEC 62443 – In a Nutshell

21.02.2022 / 22.02.2022 / 23.02.2022 / 24.02.2022 / 25.02.2022
10:00 am

To demonstrate the “state of the art” with regard to cyber security, the IEC 62443 series of standards is suitable for a wide range of applications: From industrial plant control to traffic, water and power grids to smart building and smart city.

The standard covers the full lifecycle ranging from Risk Assessment, Definition of Security Requirements, Secure Development Process,  Security Controls of Components, Devices and Systems and finally Services like Integration Installation and Maintenance.

It is applicable in the same way for

  • Manufacturer of Components
  • System Integrators
    • Service Providers for Installation and Maintenance

In this webinar, we will provide an overview and an introduction to this internationally increasingly relevant series of standards and the corresponding certification process.

Register here for free!

EU mandates minimum cyber security for wireless products

EU mandates minimum cyber security for wireless products

By enforcing minimum cyber security of wireless products, the EU-Commission intends to improve the resilience of the European Union against rapidly increasing cyber-threats. Especially protecting against attacks targeting widely spread but insufficiently protected Internet of Things (IoT) and consumer products.

Why Bureau Veritas – 7layers?

Based on the unique combination of:

  • expertise in Radio Equipment Directive testing and involvement in standardization (Bureau Veritas – 7layers)
  • combined with expert know-how in cyber security assessments (Bureau Veritas – Secura)
  • and authorization as relevant Notified Body (Bureau Veritas – LCIE)

Bureau Veritas is the perfect choice for the following services:

  • Consulting about the relevant technical cyber security requirements
  • Assessment of conformity e.g. to ETSI EN 303 645
  • EU Type Examination Certificate issued by BV-LCIE as notified body
What happened?

On 2021-10-29 the EU-Commission has adopted a Delegated Act, which activates “dormant” Articles regarding cyber security in the Radio Directive (RED).

Who is affected?

Wireless products capable of communicating over the internet such as mobile phones and tablets; toys and childcare equipment such as baby monitors; as well as a range of wearable equipment such as smartwatches or fitness trackers shall comply to this regulation.

Excluded are devices that are already covered in other (harmonized) regulations and directives, such as Medical devices, In-Vitro Diagnostic Medical Devices, Civil aviation including drones and remote control systems, Motor vehicles and components intended for vehicles, Electronic road toll systems.

What’s next:

End of 2021 after a scrutiny period, where EU-Council and EU-Parliament could raise any objections, the delegated act will come into force.
THEN manufacturers CAN start to demonstrate compliance of their products to these new requirements.

By Mid of 2024 after a 30 month transition period the new requirements become mandatory
THEN manufactures MUST demonstrate compliance of their products.

The EU commission is asking European Standardisation Organisations like ETSI and CEN/CENELC to develop harmonized standards.
By participating in the these development activities, we at Bureau Veritas – 7layers are confident that ETSI EN 303 645 will play a key role in standardization.

How to comply:

Declaration of Conformity based on self-assessment is accepted as soon as harmonized Standards are available.

Alternatively and as long as harmonized standards are not available, manufacturers can prove the conformity of their products by ensuring their assessment by relevant notified bodies.

What is it about?

The newly activated Articles of the Radio Equipment Directive intend to:

  • Improve network resilience (Article 3.3.d):
    Wireless devices and products will have to incorporate features to avoid harming communication networks and prevent the possibility that the devices are used to disrupt website or other services functionality.
  • Better protect consumers’ privacy (Article 3.3.e):
    Wireless devices and products will need to have features to guarantee the protection of personal data. The protection of children’s rights will become an essential element of this legislation. For instance, manufacturers will have to implement new measures to prevent unauthorised access or transmission of personal data.
  • Reduce the risk of monetary fraud (Article 3.3.f):
    Wireless devices and products will have to include features to minimise the risk of fraud when making electronic payments. For example, they will need to ensure better authentication control of the user in order to avoid fraudulent payments.

WEBINAR: Cybersecurity for Industrial Automation – IEC 62443 – In a Nutshell

Cybersecurity for Industrial Automation
IEC 62443 – In a Nutshell

03.11.2021 / 05.11.2021
10:00 am

To demonstrate the “state of the art” in terms of cybersecurity, the IEC 62443 series of standards is suitable for a wide range of applications: From Industrial Plant Control to Transportation, Water and Power Networks to Smart Building and Smart City.

In this webinar, we will provide an overview and introduction to this internationally increasingly relevant series of standards and the corresponding certification process.

Register here for free!