This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

UK rolls out new laws to shield consumers from cyber threats

29 April 2024

World-first regulations aimed at strengthening the cybersecurity of internet-connected smart devices come into force today.

From today (29 April), regulations enforcing consumer protections against hacking and cyber-attacks will take effect, 
mandating that internet-connected smart devices will be required by law to meet minimum-security standards. 

Consumer protections against hacking and cyber-attacks will come into force today, as all internet-connected smart devices will be required by law to meet minimum security standards. 

Minister for Cyber, Viscount Camrose said: “As everyday life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater. 

“From today, consumers will have greater peace of mind that their smart devices are protected from cyber criminals, as we introduce world-first laws that will make sure their personal privacy, data and finances are safe. 

“We are committed to making the UK the safest place in the world to be online and these new regulations mark a significant leap towards a more secure digital world.”

Manufacturers will be legally required to protect consumers from hackers and cyber criminals from accessing devices with internet or network connectivity – from smartphones to game consoles and connected fridges – as the UK becomes the first country in the world to introduce these laws. 

Under the new regime, manufacturers will be banned from having weak, easily guessable default passwords like ‘admin’ or ‘12345’ and if there is a common password, the user will be prompted to change it on start-up. 

This will help prevent threats like the damaging Mirai attack in 2016 which saw 300,000 smart products compromised due to weak security features and used to attack major internet platforms and services, leaving much of the US East Coast without internet. 

Since then, similar attacks have occurred on UK banks, including Lloyds and RBS, leading to disruption to customers. 

The move marks a significant step towards boosting the UK’s resilience towards cyber-crime, as recent figures show 99 percent of UK adults own at least one smart device and UK households own an average of nine connected devices. 

The new regime will also help give customers confidence in buying and using products, which will in turn help grow businesses and the economy. 

An investigation conducted by Which? showed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices. 

NCSC Deputy Director for Economy and Society, Sarah Lyons said: “Smart devices have become an important part of our daily lives, improving our connectivity at home and at work; however, we know this dependency also presents an opportunity for cyber criminals. 

“Businesses have a major role to play in protecting the public by ensuring the smart products they manufacture, import or distribute provide ongoing protection against cyberattacks and this landmark Act will help consumers to make informed decisions about the security of products they buy. 

“I encourage all businesses and consumers to read the NCSC’s point of sale leaflet, which explains how the new Product Security and Telecommunications Infrastructure (PSTI) regulation affects them and how smart devices can be used securely.”

With 57 percent of households owning a smart TV, 53 percent owning a voice assistant and 49 percent owning a smartwatch or fitness wristband, this new regime reinforces the Government’s commitment to addressing these threats to society and the economy head-on. 

The laws are coming into force as part of the Product Security and Telecommunications Infrastructure (PSTI) regime, which has been designed to improve the UK’s resilience from cyber-attacks and ensure malign interference does not impact the wider UK and global economy.   

The new measures will also introduce a series of improved security protections to tackle the threat of cybercrime: 
• Common or easily guessable passwords like ‘admin’ or ‘12345’ will be banned to prevent vulnerabilities and hacking 
• Manufacturers will have to publish contact details so bugs and issues can be reported and dealt with 
• Manufacturers and retailers will have to be open with consumers on the minimum time they can expect to receive important security updates 

The UK Government has collaborated with industry leaders to introduce this raft of transformative protections, which also include manufacturers having to publish information on how to report security issues to increase the speed at which they can address these problems.

In addition, consumers and cyber security experts can play an active role in protecting themselves and society from cyber criminals by reporting any products which don’t comply [with] the Office for Product Safety and Standards (OPSS).   

The Government is beginning the legislative process for certain automotive vehicles to be exempt from the product security regulatory regime, as they will be covered by alternative legislation.   

This new regime intends to increase consumer confidence in the security of the products they buy and use. The new laws are part of the Government’s £2.6 billion National Cyber Strategy to protect and promote the UK online.


Print this page | E-mail this page

MinitecBritish Encoder