Home > News & Blog > PSTI Bill Explained

What is the PSTI Bill?

An overview of the Product Security and Telecommunications Infrastructure Bill

The UK Product Security and Telecommunications Infrastructure Bill applies to any consumer product that connects to the internet or a network available to consumers in the UK. Based on ETSI standard 303 645, the bill focuses on three key requirements that manufacturers must comply with.

1. Unique Passwords

The first key requirement is for products to have unique passwords. Manufacturers need to consider where product passwords are stored, ensuring they are not only unique but also secure. Unique encrypted identification is the foundation of security. EPS Global offers high-volume secure provisioning, enabling manufacturers to provision unique encrypted passwords using Hardware Security Modules (HSMs) into their microcontrollers.

2. Vulnerability Disclosure Policy

The second key requirement is having a vulnerability disclosure policy, which demonstrates that a company takes security seriously. Security research and ethical hacking are growing as customers want assurance that their connected products are safe. It's now a legal requirement to have a disclosure policy, and when a security risk is identified, it must be fixed to maintain compliance. EPS Global's services for firmware encryption, key and certificate generation, and secure embedded provisioning are essential for demonstrating a commitment to security.

3. Commitment to Update Products

The third key requirement is for companies to commit to a specific length of time during which they will update their products in the field. To keep products safe and mitigate the risk of being hacked, they must be securely updated. Manufacturers must ensure their products have the capability to securely receive firmware updates and protect themselves from malicious use. With secure passwords, keys, and firmware securely provisioned, secure updates can be implemented efficiently and safely.

Partnering with IAR Systems for a Complete Embedded Security Solution

EPS Global, in partnership with IAR Systems, offers a complete embedded security solution that enables manufacturers to comply with the new legislation. The solution includes a low-cost, easy-to-use encryption system compatible with a wide range of microcontrollers that encrypts microcontroller code and data using Public Key Infrastructure (PKI) security techniques, authenticates microcontrollers and firmware, manages and generates required security certificates, and provides software libraries to enable cryptography in microcontrollers. Additionally, it's linked to a high-security module that generates keys and signs certificates, allowing manufacturers to retrofit existing code.

EPS Global also offers high-volume production capacity, supporting a wide range of microcontrollers and packages, with production-ready capabilities in 22 global locations. Each site has access to IAR HSMs installed directly on EPS Global programming machines, ensuring that only encrypted firmware is released from the OEM for maximum security. With automotive-grade quality performance and a full range of value-added services, such as IC Programming and Tape & Reeling, EPS Global is well-equipped to help manufacturers meet their security needs and comply with the UK Product Security and Telecoms Bill.

For more information or to discuss your specific security needs, please get in touch with us.

Do you have semiconductors you need programmed?

Outsource your IC programming to EPS Global and remove the complexity and considerable time burden of programming from in-circuit test. This will allow you to introduce increased efficiencies on your production line and cost savings to your organization.

We are strategically located in all major automotive electronic clusters worldwide. Our state-of-the-art, fully automated systems will program, 3D coplanarity check, laser mark and tape & reel your product and we can guarantee rapid delivery to help you meet your production deadlines.


Related Posts