- Draft legislation
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025
You are here:
- UK Draft Statutory Instruments
- ISBN 978-0-348-27538-4
- Whole Instrument
- Previous
- Next
What Version
Opening Options
More Resources
Draft Legislation:
This is a draft item of legislation. This draft has since been made as a UK Statutory Instrument: The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025 No. 1267
Draft Regulations laid before Parliament under sections 3(3), 9(9) and 77(5) of the Product Security and Telecommunications Infrastructure Act 2022 (c. 46), for approval by resolution of each House of Parliament.
Draft Statutory Instruments
2025 No.
CONSUMER PROTECTION
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025
Made
***
Coming into force
The Secretary of State makes these Regulations in exercise of the powers conferred by sections 3(1), 3(2)(a), 9(7) and 77(2)(a) of the Product Security and Telecommunications Infrastructure Act 2022(1) (“the 2022 Act”).
A draft of these Regulations has been laid before, and approved by, both Houses of Parliament in accordance with sections 3(3), 9(9) and 77(5) of the 2022 Act.
Citation, commencement, extent and interpretation
1.—(1) These Regulations may be cited as the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025.
(2) These Regulations come into force on the day after the day on which they are made.
(3) These Regulations extend to England and Wales, Scotland and Northern Ireland.
(4) In these Regulations, “the 2023 Regulations” means the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023(2).
Amendment to the 2023 Regulations
2. The 2023 Regulations are amended in accordance with regulations 3 to 8.
Amendment to regulation 2
3. In regulation 2 (interpretation) in paragraph (1), at the appropriate places insert—
““Japan JC-STAR STAR-1” means the Labeling Scheme based on Japan Cyber-Security Technical Assessment Requirements (JC-STAR) STAR-1 Conformance Requirements and Assessment Methods published by the Information-technology Promotion Agency, Japan (JST-CR-01-01-2024R1, December 2024)(3);”;
““Singapore Cybersecurity Labelling Scheme” means the Cybersecurity Labelling Scheme published by the Cyber Security Agency of Singapore, the specifications for which are in document CCC SP-151-2 CLS(IoT) Scheme Specifications (version 1.4, April 2025)(4).”.
Insertion of regulation 4A
4. After regulation 4, insert—
Deemed compliance with the requirement to have a relevant connectable product accompanied by a statement of compliance
4A. Schedule 2A specifies the conditions under which a manufacturer is to be treated as having complied with the requirement to have a relevant connectable product accompanied by a statement of compliance for the purposes of section 9 (statements of compliance).”.
Amendments to Schedule 2
5.—(1) Paragraph 1 of Schedule 2 (conditions for deemed compliance with security requirements) to the 2023 Regulations is amended according to paragraphs (2) to (4).
(2) In paragraph 1(1), for “the condition in sub-paragraph (2) is” substitute “any of the conditions in sub-paragraphs (2) to (4) are”.
(3) In paragraph 1(2), for “The condition is that” substitute “Condition A is that”.
(4) After paragraph 1(2), insert—
“(3) Condition B is that the relevant connectable product, of which they are the manufacturer, is currently assigned a conformance label under the Japan JC-STAR STAR-1 as an indicator of compliance with the requirements set out in JC-STAR STAR-1, and that label has not expired.
(4) Condition C is that the relevant connectable product, of which they are the manufacturer, is currently awarded a label under any level of the Singapore Cybersecurity Labelling Scheme as an indicator of compliance with the requirements set out in that scheme, and that label has not expired.”.
6.—(1) Paragraph 2 of Schedule 2 (conditions for deemed compliance with security requirements) to the 2023 Regulations is amended according to paragraphs (2) to (4).
(2) In paragraph 2(1), for “the condition in sub-paragraph (2) is” substitute “any of the conditions in sub-paragraphs (2) to (2B) are”.
(3) In paragraph 2(2), for “The condition is that” substitute “Condition A is that”.
(4) After paragraph 2(2), insert—
“(2A) Condition B is that the relevant connectable product, of which they are the manufacturer, is currently assigned a conformance label under the Japan JC-STAR STAR-1 as an indicator of compliance with the requirements set out in JC-STAR STAR-1, and that label has not expired.
(2B) Condition C is that the relevant connectable product, of which they are the manufacturer, is currently awarded a label under any level of the Singapore Cybersecurity Labelling Scheme as an indicator of compliance with the requirements set out in that scheme, and that label has not expired.”.
7.—(1) Paragraph 3 of Schedule 2 (conditions for deemed compliance with security requirements) to the 2023 Regulations is amended according to paragraphs (2) to (4).
(2) In paragraph 3(1), for “the condition in sub-paragraph (2) is” substitute “any of the conditions in sub-paragraphs (2) to (2B) are”.
(3) In paragraph 3(2), for “The condition is that” substitute “Condition A is that”.
(4) After paragraph 3(2), insert—
“(2A) Condition B is that the relevant connectable product, of which they are the manufacturer, is currently assigned a conformance label under the Japan JC-STAR STAR-1 as an indicator of compliance with the requirements set out in JC-STAR STAR-1, and that label has not expired.
(2B) Condition C is that the relevant connectable product, of which they are the manufacturer, is currently awarded a label under any level of the Singapore Cybersecurity Labelling Scheme as an indicator of compliance with the requirements set out in that scheme, and that label has not expired.”.
Insertion of Schedule 2A
8. After Schedule 2 (conditions for deemed compliance with security requirements), insert—
Regulation 4A
“Schedule 2AConditions for deemed compliance with the requirement to have a relevant connectable product accompanied by a statement of compliance
1. A manufacturer is treated as having complied with the requirement at section 9(2) (statements of compliance) if any of the conditions in paragraphs 2 and 3 are met.
2. Condition A is that the relevant connectable product, of which they are the manufacturer, is currently assigned a conformance label under Japan JC-STAR STAR-1 as an indicator of compliance with the requirements set out in JC-STAR STAR-1, and that label has not expired.
3. Condition B is that the relevant connectable product, of which they are the manufacturer, is currently awarded a label under any level of the Singapore Cybersecurity Labelling Scheme as an indicator of compliance with the requirements set out in that scheme, and that label has not expired.”.
Name
Minister
Department for Science, Innovation and Technology
Explanatory Note
(This note is not part of the Regulations)
These Regulations amend the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (S.I. 2023/1007) (“the 2023 Regulations”).
Part 1 of the Product Security and Telecommunications Act 2022 (“the 2022 Act”) contains provisions that require manufacturers of relevant connectable products to, among other things, ensure they meet the relevant security requirements (set out in Schedule 1 to the 2023 Regulations) and ensure their products are accompanied by statements of compliance (see sections 8 and 9 of the 2022 Act). The 2022 Act also contain provisions that allow the Secretary of State to specify conditions which, if met, can allow a manufacturer to be treated as having complied with the requirements at sections 8 and 9 of the 2022 Act.
These Regulations specify conditions which, if met, allow manufacturers of a relevant connectable product to be treated as having complied with the security requirements and the requirement to have a product accompanied by a statement of compliance.
Regulation 3 inserts into the 2023 Regulations definitions setting out cybersecurity standards from both Japan and Singapore, which relate to the conditions for deemed compliance inserted into the 2023 Regulations by these Regulations.
Regulations 4 and 8 insert into the 2023 Regulations provisions setting out conditions, which, if met, will allow a manufacturer to be treated as having complied with the requirement to have a relevant connectable product accompanied by a statement of compliance.
Regulations 5 to 7 insert into the 2023 Regulations provisions setting out conditions, which, if met, will allow a manufacturer to be treated as having complied with the relevant security requirements.
An Explanatory Memorandum is published alongside this instrument at https://www.legislation.gov.uk.
(1)
2022 c. 46. See sections 3(4) and 9(8) for the definition of “specified”.
(2)
S.I. 2023/1007, amended by S.I. 2025/211.
(3)
The Labeling Scheme based on Japan Cyber-Security Technical Assessment Requirements (JC-STAR) STAR-1 Conformance Requirements and Assessment Methods (JST-CR-01-01-2024R1, December 2024) is the standard set by the Information-technology Promotion Agency, Japan, to indicate that an internet of things product has achieved the minimum level of security functionality required. The standard is available free of charge at https://www.ipa.go.jp/en/security/jc-star/tekigou-kizyun-guide/label1/s6ckaf000000ggej-att/STAR-1_Conformance_Requirements_and_Assessment_Methods.pdf. A copy can also be inspected free of charge by appointment by contacting the Office for Product Safety and Standards at Stanton Avenue, Teddington, Middlesex, TW11 0JZ or by email at OPSS.enquiries@businessandtrade.gov.uk.
(4)
The Singapore Cybersecurity Labelling Scheme, the specifications for which are in document CCC SP-151-2 CLS(IoT) (version 1.4, April 2025), is the standard set by the Cyber Security Agency of Singapore to provide an indication of the level of security in the network-connected smart devices. The specifications for the standard are available free of charge at https://isomer-user-content.by.gov.sg/36/186ab950-9b72-4856-9d62-172dae018777/CCC%20SP-151-2%20CLS%28IoT%29%20Scheme%20Specifications%20v1.4.pdf. A copy can also be inspected free of charge by appointment by contacting the Office for Product Safety and Standards at Stanton Avenue, Teddington, Middlesex, TW11 0JZ or by email at OPSS.enquiries@businessandtrade.gov.uk.
Options/Help
Print Options
PrintThe Whole Instrument
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
Opening Options
Different options to open legislation in order to view more content on screen at once
Draft Explanatory Memorandum
Draft Explanatory Memorandum sets out a brief statement of the purpose of a Draft Statutory Instrument and provides information about its policy objective and policy implications. They aim to make the Draft Statutory Instrument accessible to readers who are not legally qualified and accompany any Statutory Instrument or Draft Statutory Instrument laid before Parliament from June 2004 onwards.
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as enacted version that was used for the print copy
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as made version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.