(1)A security requirement may relate to (among other things) all the relevant connectable products of—
(a)a relevant person, or
(b)a relevant person of a particular description.
(2)For the purposes of subsection (1), the relevant connectable products of a relevant person are—
(a)in the case of a person who is a manufacturer, any relevant connectable products in respect of which the person is a manufacturer;
(b)in the case of a person who is an importer, any relevant connectable products in respect of which the person is an importer;
(c)in the case of a person who is a distributor, any relevant connectable products in respect of which the person is a distributor.
(3)A security requirement may be described by reference to (among other things)—
(a)any software used for the purposes of, or in connection with, the operation of a relevant connectable product;
(b)any software used by a person in the course of, or in connection with, using a relevant connectable product;
(c)any software used for the purposes of providing a service to a person by means of a relevant connectable product;
and for these purposes it does not matter whether the software is installed on the product or whether the software or service is provided by a manufacturer of the product.
(4)A security requirement may (among other things) require a relevant person to do something in relation to a relevant connectable product, including in relation to times after a relevant connectable product has been made available in the United Kingdom.
(5)Regulations under section 1 are subject to the negative resolution procedure if the only provision they make under that section is provision—
(a)varying any description of—
(i)products to which a security requirement relates, or
(ii)software by reference to which a security requirement is described, or
(b)otherwise altering any term used in describing a security requirement without altering the effect of the security requirement or the extent to which it applies in any case.
(6)Except as provided by subsection (5), regulations under section 1 are subject to the affirmative resolution procedure.
Commencement Information
I1S. 2 not in force at Royal Assent, see s. 79(2)
I2S. 2 in force at 29.4.2024 by S.I. 2023/469, reg. 3