http://www.legislation.gov.uk/id/ukpga/2022/46

PART 1Product security

CHAPTER 1Security requirements

Security requirements relating to products

2Further provision about regulations under section 1

(1)

A security requirement may relate to (among other things) all the relevant connectable products of—

(a)

a relevant person, or

(b)

a relevant person of a particular description.

(2)

For the purposes of subsection (1), the relevant connectable products of a relevant person are—

(a)

in the case of a person who is a manufacturer, any relevant connectable products in respect of which the person is a manufacturer;

(b)

in the case of a person who is an importer, any relevant connectable products in respect of which the person is an importer;

(c)

in the case of a person who is a distributor, any relevant connectable products in respect of which the person is a distributor.

(3)

A security requirement may be described by reference to (among other things)—

(a)

any software used for the purposes of, or in connection with, the operation of a relevant connectable product;

(b)

any software used by a person in the course of, or in connection with, using a relevant connectable product;

(c)

any software used for the purposes of providing a service to a person by means of a relevant connectable product;

and for these purposes it does not matter whether the software is installed on the product or whether the software or service is provided by a manufacturer of the product.

(4)

A security requirement may (among other things) require a relevant person to do something in relation to a relevant connectable product, including in relation to times after a relevant connectable product has been made available in the United Kingdom.

(5)

Regulations under section 1 are subject to the negative resolution procedure if the only provision they make under that section is provision—

(a)

varying any description of—

(i)

products to which a security requirement relates, or

(ii)

software by reference to which a security requirement is described, or

(b)

otherwise altering any term used in describing a security requirement without altering the effect of the security requirement or the extent to which it applies in any case.

(6)

Except as provided by subsection (5), regulations under section 1 are subject to the affirmative resolution procedure.