UK launches cybersecurity law for smart devices to prevent hacking

Starting today, the UK is implementing consumer protection laws targeting cyber-attacks and hacking vulnerabilities in smart devices. This legislation, part of the Product Security and Telecommunications Infrastructure (PSTI) regime, mandates that all internet-connected devices—from smartphones to gaming consoles and smart fridges—adhere to strict security standards.

Manufacturers must eliminate weak default passwords like ‘admin’ or ‘12345’ and prompt users to change them upon device setup. The legal move aims to enhance the UK’s cyber-resilience, reflecting that 99% of UK adults now own at least one smart device, with the average household possessing nine.

Other key elements of the new legislation include banning common weak passwords, requiring manufacturers to provide clear contact information for reporting security issues and ensuring transparency about the duration of product security updates. By implementing these standards, the UK seeks to enhance consumer confidence, stimulate economic growth, and position itself as a leader in online safety.

Why does it matter?

The legislation responds to vulnerabilities exposed by significant cyber incidents, such as the 2016 Mirai attack, which compromised 300,000 smart products and disrupted internet services across the US East Coast. Similar incidents have since affected major UK banks such as Lloyds and RBS, which prompted the government to work on robust cybersecurity measures.