Product Security and Telecommunications Infrastructure Act 2022| Kangs Product Security Regulations Solicitors


The Product Security and Telecommunications Infrastructure Act 2022 (‘the Act’), which comes into effect on 29 April 2024, requires manufacturers, importers and distributors of UK consumer connectable products to comply with minimum security requirements based on the UK’s Code of Practice for Consumer IoT Security.

The Act affects numerous items which are connected to the internet or network, including such items as mobile phones and laptops.

John Veale of Kangs Solicitors comments upon Part 1 of the Act which focuses on ‘Product Security’.

The award-winning Team at Kangs Solicitors is nationally recognised for its work in Regulatory, Civil and Criminal Proceedings of every nature and is led by Hamraj Kang, a leading expert in the field of criminal law ranked in the ‘Top Tier’ by both leading directories Chambers and Partners and The Legal 500.

If you find yourself under Investigation by Ofcom or any Regulatory Body or need guidance in regard to any regulatory matter or proceedings of any nature, please feel free to call us for an initial no obligation confidential discussion:

The Overriding Intent | Kangs Regulatory Solicitors

The Act enables the making of Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations (‘the Regulations’). A second draft of the Regulations was placed before Parliament in July 2023 and, subject to Parliamentary approval, the Regulations are due to come into force on 29 April 2024.

The Regulations are intended to ensure that all businesses in the relevant supply chain are made responsible for preventing insecure consumer products from being sold to UK businesses and consumers.

The proposal is to introduce a system of fines for those businesses that fail to comply with the Regulations coupled with criminal liability for individuals within businesses who fail in their duties as set out by the Regulations.

The system may be administered by Ofcom or such other Regulatory Bodies designated by the Secretary of State.

Specific Provisions of the Act | Kangs Product Security Offences Defence Solicitors

The Act contains the following sections:

‘7 Relevant persons

(2) “Relevant person”, in relation to a relevant connectable product, means any of the following—

(a) a manufacturer of the product

(b) an importer of the product

(c) a distributor of the product.’

The security requirements imposed on these ‘relevant persons’ are extensive and include:

  • compliance with security requirements,
  • provision of a Statement of Compliance with all products supplied in the UK that is in compliance with and contains such information as specified in the Regulations,
  • a duty upon importers and distributors not to supply products where there has been a compliance failure,
  • a duty to investigate and take action in relation to compliance failures,
  • a duty to maintain records/records of investigations regarding compliance failures.

‘ Enforcement

26 (1)The person responsible for enforcing the provisions of this Part, and of regulations made under it, is the Secretary of State

27 (1)The Secretary of State may by regulations authorise any person to exercise any enforcement function of the Secretary of State.’

The Regulations can be enforced by:

  • Compliance notices (s.28}
  • Stop notices (s.29}
  • Recall Notices, (s.30}
  • Variation or revocation of enforcement notices (s. 31)

Failure to comply with an enforcement notice can be a criminal offence, summary conviction for which, before a Magistrates’ Court can result in a fine (s.32).

An appeal against an enforcement notice may be made and, if successful, compensation may be awarded (s.33 and s.34).

Other Means of Enforcement | Kangs Criminal Defence Solicitors

The Act contains sections dealing with:

  • S 36 – financial penalties may be imposed if a person/body corporate on the balance of probabilities has failed to comply with a relevant duty.
  • S 37, 38, 39, 40 & 41 – the amount, calculation of maximum amount, penalty, enforcement and appeals.
  • S 42 – forfeiture of a product that is not compliant,
  • S 45 – the public can be informed of compliance failures,
  • S 46 – details of enforcement action taken against relevant persons can be published.
  • S 47- power for products be recalled.

Additional matters of note:

  • Liability can extend to authorised representatives where a manufacturer is not established in the UK
  • Where an offence has been committed by a body corporate and has been committed with consent, connivance of or attributable to negligence of a director, manager, secretary or similar officer or person purporting to act in such a capacity, that person as well as the body corporate is guilty of the offence and is liable to be proceeded against and punished accordingly.
  • The maximum penalty is the greater of £10 million or 4% of the person’s/body corporate’s qualifying worldwide revenue for the most recent accounting period.
  • The penalty is recoverable as if it were payable under the High Court.
  • A penalty notice should be issued first against which representations can be made.
  • The penalty itself can be appealed.

How Can We Help? | Kangs National Criminal Defence Team

It is clear that the Act will have far reaching and potentially damaging financial repercussions for non-compliance.

If you are subjected to any form of investigation by any Regulatory or other Prosecuting body, you should seek immediate expert legal advice and assistance to ensure that any defence or mitigation which is, or may be, available is exercised without delay.

The Team at Kangs Solicitors offers a wealth of experience and would be delighted to assist you. Please do not hesitate to contact us as follows.

Hamraj Kang

Email Hamraj

07976 258171

020 7936 6396

0121 449 9888

Tim Thompson

Tim Thompson

Email Tim

0333 370 4333

John Veale

Email John

0121 449 9888

020 7936 6396

0161 817 5020

A Tree Preservation Order (‘a Preservation Order’) is made by a Local Planning Authority (‘the Planning Authority’) for the purpose of protecting specific trees or woodlands from: without the Planning Authority’s consent, in order to protect against wilful damage and destruction. Part VIII of the Town & Country Planning Act 1990 (‘the Act’),and The Town […]
In a previous article posted to this site entitled Online Safety Bill | Kangs Online Safety Regulations Solicitors we examined The Online Safety Bill (‘the Bill’) designed ‘to make provision for and in connection with the regulation by OFCOM of certain internet services; for and in connection with communications offences; and for connected purposes.’ The […]
ICO & Data Protection Investigations, Regulatory
The Online Safety Bill (‘the Bill’) formally entitled: ‘A Bill to make provision for and in connection with the regulation by OFCOM of certain internet services; for and in connection with communications offences; and for connected purposes’ has now successfully passed through the House of Lords and proposed amendments are now being considered prior to […]

Get in touch