The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) Regulations 2025
These regulations amend the 2023 Product Security and Telecommunications Infrastructure Regulations.
Key changes include clarifying the required information on minimum security update periods for manufacturers and adding exceptions to the definition of 'relevant connectable products' for certain types of vehicles found in Great Britain.
The exemptions mirror existing exceptions for Northern Ireland, reflecting a commitment to regulatory alignment and alignment with international trade obligations.
Arguments For
Improved Clarity on Security Updates: The amendments clarify the requirements for manufacturers to publish minimum security update periods, ensuring consumers have clear expectations about the duration of support for their products.
Harmonization with EU Regulations: The addition of exceptions for motor vehicles, two/three-wheel vehicles, and agricultural vehicles ensures alignment with existing EU regulations, facilitating smoother trade and reducing regulatory burdens.
Enhanced Product Security: By specifying minimum security update periods, manufacturers are incentivized to provide more timely security patches, enhancing the overall security of connectable products.
Transparency and Consumer Protection: The clear stipulation of publication timelines for security update periods promotes transparency and protects consumer interests by providing more information about product security and support.
Arguments Against
Potential Regulatory Burden on Manufacturers: While aiming for increased clarity, the amendment could impose additional administrative burdens on manufacturers regarding the documentation and publication of security update periods.
Limited Scope of Amendments: The amendments focus on specific aspects of the 2023 regulations, neglecting other potential areas for improvement or clarification.
Potential for Overreach: Exemptions for certain vehicle types might unintentionally exclude other product categories that equally benefit from security updates and protection.
Unforeseen Consequences: While aiming to enhance security, the amended regulations might have unforeseen impacts in other areas or lead to unintended consequences for manufacturers and consumers.
- Citation, commencement, extent and interpretation (1) These Regulations may be cited as the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) Regulations 2025. (2) These Regulations come into force on the day after the day on which they are made. (3) These Regulations extend to England and Wales, Scotland and Northern Ireland. (4) In these Regulations, “the 2023 Regulations” means the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.
This section establishes the title, effective date, geographical scope, and defines 'the 2023 Regulations' as a reference point for the amendments.
The regulations come into effect the day after they are made, applying across the UK.
- Amendment of the 2023 Regulations The 2023 Regulations are amended in accordance with regulations 3 and 4.
This section states that the following regulations (3 and 4) amend the 2023 Product Security and Telecommunications Infrastructure Regulations.
- Amendment to Schedule 1 In Schedule 1 to the 2023 Regulations (security requirements for manufacturers), in paragraph 3(3) (information on minimum security update periods) before “must” insert “period”.
This regulation amends Schedule 1 of the 2023 regulations.
Specifically, it adds the word "period" before "must" in paragraph 3(3), clarifying the timeframe for providing security updates.
- Amendment to Schedule 3 In Schedule 3 to the 2023 Regulations (excepted connectable products), after paragraph 5 insert— “Motor vehicles
- Products are excepted in Great Britain under this paragraph if they are products to which Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles applies. Two- or three-wheel vehicles and quadricycles
- Products are excepted in Great Britain under this paragraph if they are products to which Regulation (EU) No 168/2013 of the European Parliament and of the Council of 15 January 2013 on the approval and market surveillance of two- or three-wheel vehicles and quadricycles applies. Agricultural and forestry vehicles
- Products are excepted in Great Britain under this paragraph if they are products to which Regulation (EU) No 167/2013 of the European Parliament and of the Council of 5 February 2013 on the approval and market surveillance of agricultural and forestry vehicles applies.”
This regulation adds three new exceptions to Schedule 3 to the 2023 Regulations which list products exempt from the regulations.
The added exceptions cover motor vehicles, two- or three-wheel vehicles, and agricultural and forestry vehicles in Great Britain.
These products are already exempt in Northern Ireland under similar EU regulations.
Explanatory Note (This note is not part of the Regulations) These Regulations amend the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (S.I. 2023/1007) (“the 2023 Regulations”). Regulation 3 amends paragraph 3 (information on minimum security update periods) of Schedule 1 to the 2023 Regulations to make it clear that, where a manufacturer of relevant connectable products extends the minimum length of time for which security updates relating to such products will be provided, the new minimum length of time must be published as soon as is practicable. Schedule 3 to the 2023 Regulations lists products that are excepted from being considered relevant connectable products for the purposes of section 4 (relevant connectable products) of the Product Security and Telecommunications Infrastructure Act 2022 (“the 2022 Act”). Regulation 4 inserts three new exceptions. This creates equivalent exceptions in Great Britain to the exceptions that apply in relation to the supply in Northern Ireland of products to which the following legislation applies—Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles;Regulation (EU) No 168/2013 of the European Parliament and of the Council of 15 January 2013 on the approval and market surveillance of two- or three-wheel vehicles and quadricycles; orRegulation (EU) No 167/2013 of the European Parliament and of the Council of 5 February 2013 on the approval and market surveillance of agricultural and forestry vehicles.The exceptions created by regulation 4 are in line with the policy position previously notified to the World Trade Organisation in accordance with the United Kingdom’s obligations under the Technical Barriers to Trade Agreement (notification G/TBT/N/GBR/62) and to the EU Commission under the Technical Standards and Regulations Directive (notification 2023/7004/XI).A full impact assessment has not been prepared for this instrument. The impact assessment for the 2023 Regulations was undertaken as if the amendments made by regulations 3 and 4 were already implemented. Copies of the impact assessment for the 2023 Regulations are available upon request to the Department for Science, Innovation and Technology, 100 Parliament Street, London, SW1A 2BQ. That impact assessment is also accessible at https://www.legislation.gov.uk/uksi/2023/1007/impacts.An Explanatory Memorandum is published alongside this instrument at https://www.legislation.gov.uk.
The Explanatory Note summarizes the amendments: clarifying the publication timeline for extended security update periods and adding exceptions for certain vehicle types to match Northern Ireland's exemptions.
It confirms the amendments' alignment with international trade obligations and provides access to the impact assessment for the broader 2023 regulations.