Search Legislation

The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023

 Help about what version

What Version

  • Latest available (Revised)
  • Original (As made)

Status:

This is the original version (as it was originally made). This item of legislation is currently only available in its original format.

Regulation 4

Schedule 2Conditions for Deemed Compliance with Security Requirements

This schedule has no associated Explanatory Memorandum

Passwords

1.—(1) A manufacturer is to be treated as complying with the security requirement at paragraph 1 of Schedule 1 where the condition in sub-paragraph (2) is met.

(2) The condition is that the manufacturer complies with provision 5.1-1 of ETSI EN 303 645 and, where relevant, provision 5.1-2 of ETSI EN 303 645 as if those provisions apply to the categories of hardware and software specified in paragraph 1(1) of Schedule 1.

Information on how to report security issues

2.—(1) A manufacturer is to be treated as complying with the security requirement at paragraph 2 of Schedule 1 where the condition in sub-paragraph (2) is met.

(2) The condition is that the manufacturer complies with—

(a)provision 5.2-1 of ETSI EN 303 645; or

(b)subject to sub-paragraphs (3) and (4), the following paragraphs of ISO/IEC 29147—

(i)paragraph 6.2.2;

(ii)paragraph 6.2.5; and

(iii)paragraph 6.5

as if the provision of ETSI EN 303 645 or the paragraphs of ISO/IEC29147 apply to the categories of hardware and software specified in paragraph 2(1) of Schedule 1.

(3) A manufacturer is required to publish information as to—

(a)how a person may access the mechanism for the manufacturer to receive reports described in paragraph 6.2.2 of ISO/IEC 29147;

(b)when a person making a vulnerability report will receive an acknowledgement of receipt of a report described in paragraph 6.2.5 of ISO/IEC 29147; and

(c)when a person making a vulnerability report will receive ongoing communication as described in paragraph 6.5 of ISO/IEC 29147

(4) The information at sub-paragraph (3) must be accessible, clear and transparent, and must be made available to a person (“P”)—

(a)without prior request for such information being made;

(b)in English;

(c)free of charge; and

(d)without requesting the provision of P’s personal information.

Information on minimum security update periods

3.—(1) A manufacturer is to be treated as complying with the security requirement at paragraph 3 of Schedule 1 where the condition in sub-paragraph (2) is met.

(2) The condition is that, subject to sub-paragraphs (3), (5) and (6) of paragraph 3 of Schedule 1 and to sub-paragraphs (3) and (4), the manufacturer complies with provision 5.3-13 of ETSI EN 303 645 as if that provision applies to the categories of hardware and software specified in paragraph 3(1) of Schedule 1.

(3) References at provision 5.3-13 of ETSI EN 303 645 to “defined support period” are to be construed in accordance with the definition in regulation 2.

(4) Reference at provision 5.3-13 of ETSI EN 303 645 to the information being published in an accessible way that is clear and transparent includes making the information available to a person (“P”)—

(a)without prior request for such information being made;

(b)in English;

(c)free of charge;

(d)without requesting the provision of P’s personal information; and

(e)in such a way that is understandable by a reader without prior technical knowledge.

Back to top

Options/Help

Print Options

Close

Legislation is available in different versions:

Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.

Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.

Close

Opening Options

Different options to open legislation in order to view more content on screen at once

Close

Explanatory Memorandum

Explanatory Memorandum sets out a brief statement of the purpose of a Statutory Instrument and provides information about its policy objective and policy implications. They aim to make the Statutory Instrument accessible to readers who are not legally qualified and accompany any Statutory Instrument or Draft Statutory Instrument laid before Parliament from June 2004 onwards.

Close

More Resources

Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as enacted version that was used for the print copy
  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • correction slips
  • links to related legislation and further information resources
Close

Impact Assessments

Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:

  • Why the government is proposing to intervene;
  • The main options the government is considering, and which one is preferred;
  • How and to what extent new policies may impact on them; and,
  • The estimated costs and benefits of proposed measures.
Close

More Resources

Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as made version that was used for the print copy
  • correction slips

Click 'View More' or select 'More Resources' tab for additional information including:

  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • links to related legislation and further information resources