Message 701
Communication from the Commission - TRIS/(2023) 01211
Procedure for the provision of information EC - United Kingdom in respect of Northern Ireland
Notificación - Oznámení - Notifikation - Notifizierung - Teavitamine - Γνωστοποίηση - Notification - Notification - Notifica - Pieteikums - Pranešimas - Bejelentés - Notifika - Kennisgeving - Zawiadomienie - Notificação - Hlásenie-Obvestilo - Ilmoitus - Anmälan - Нотификация : 2023/7004/XI - Notificare.
No abre el plazo - Nezahajuje odklady - Fristerne indledes ikke - Kein Fristbeginn - Viivituste perioodi ei avata - Καμμία έναρξη προθεσμίας - Does not open the delays - N'ouvre pas de délais - Non fa decorrere la mora - Neietekmē atlikšanu - Atidėjimai nepradedami - Nem nyitja meg a késéseket - Ma’ jiftaħx il-perijodi ta’ dawmien - Geen termijnbegin - Nie otwiera opóźnień - Não inicia o prazo - Neotvorí oneskorenia - Ne uvaja zamud - Määräaika ei ala tästä - Inleder ingen frist - Не се предвижда период на прекъсване - Nu deschide perioadele de stagnare - Nu deschide perioadele de stagnare.
(MSG: 202301211.EN)
1. MSG 701 IND 2023 7004 XI EN 03-05-2023 XI NOTIF
2. XI
3A. Department for Business Energy and Industrial Strategy
Trade Cooperation and the Union Directorate
1 Victoria Street
London SW1H 0ET
Email: technicalregulations@beis.gov.uk
3B. Department for Science Innovation and Technology
100 Parliament Street
London
SW1A 2BQ
4. 2023/7004/XI - B00
5. The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023
6. Consumer Connectable Products
7. -
8. The draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 supplement Part 1 of the Product Security and Telecommunications Infrastructure Act 2022. The draft Regulations will introduce security requirements for manufacturers of UK consumer connectable products. The draft Regulations also include a list of excepted products and administrative provisions related to statements of compliance which are required to be provided alongside products.
9. Consumer connectable products (also known as consumer Internet of Things (IoT)) are becoming commonplace in millions of homes around the world and uptake of these products increased further as a result of the COVID-19 pandemic.
Many of these products on the market today still have basic flaws, such as universal default passwords, which leave them vulnerable to cyberattacks such as DDoS (Distributed Denial of Service) attacks. Cyber criminals are increasingly targeting these products.
Similarly, the proportion of manufacturers selling connectable products who maintain a coordinated vulnerability disclosure programme increased from 9.7% in 2018 to 18.9% in 2020 to 21.6 % in 2021, but this is still unacceptably low and represents an inability to properly respond to vulnerabilities that can have real world consequences.
The UK government’s Product Security and Telecommunications Infrastructure Act 2022, taken alongside the draft of the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations, represent widely recognised good practice, and regulation was strongly supported in a 2019 consultation on regulatory options.
Since 2018, the UK government has worked in partnership with international organisations including ETSI (European Telecommunications Standards Institute), to develop Technical Specification 103 645 in February 2019, and European Standard (EN) 303 645 v2.1.1 in June 2020. These outputs are the product of intense feedback from representatives from up to 65 countries. The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations will mandate requirements based on paragraphs 5.1-1, 5.1-2, 5.2-1 and 5.3-13 of European Standard (EN) 303 645 v2.1.1.
The UK government gave notice under the 2015/1535 procedure for the Product Security and Telecommunications Infrastructure Bill on 25 November 2021 (ref 2021/7014/XI). This further notification covers the secondary legislation drafted to enable implementation of this new law.
Paragraph 1 of Schedule 3 to the draft regulations creates an exception for products which are made available for supply in Northern Ireland and which are already regulated by legislation listed in Annex 2 of the Windsor Framework, where that legislation contains a free movement article as defined within the paragraph. This ensures compliance with the Windsor Framework and free movements of goods between Northern Ireland and Great Britain.
10. References of the Basic Texts: The latest version of the draft of the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 is attached as a PDF document.
References to other relevant documents were submitted on 25 November 2021 alongside notification 2021/7014/XI.
11. No
12. -
13. No
14. No
15. Yes
16. TBT aspect
Yes
SPS aspect
No - The draft is not a sanitary or phytosanitary measure
**********
European Commission
Contact point Directive (EU) 2015/1535
Fax: +32 229 98043
email: grow-dir2015-1535-central@ec.europa.eu