United Kingdom: Entry into force with grace period of Product Security and Telecommunications Infrastructure Act 2022

On 6 December 2022, the Product Security and Telecommunications Infrastructure Act 2022 entered into force with a grace period after receiving Royal Assent. The Bill introduces new security requirements for "internet-connectable products" and "network-connectable products" and outlines new measures to support the deployment of gigabit-capable connections and 5G networks. The Bill is divided into two parts, product security and telecommunications infrastructure. Regarding product security, the Bill introduces cybersecurity standards to ensure that connectable products, defined as products able to connect to the internet or capable of sending and receiving data through electrical or electromagnetic energy, are secure and can protect individual privacy. Furthermore, the Bill introduces requirements that will apply to all the entities in the supply chain, distributors, importers and manufacturers. Finally, in case of non-compliance, those entities can be held liable. Regarding telecommunications infrastructure, the Bill amends the Electronic Communications Code to support the development of gigabit-capable connections and 5G networks and outlines the legal framework to be used for renewal agreements. The new measures will apply to infrastructure providers, telecommunications operators, legal professionals and landowners. The Secretary of State is required under the Act to issue regulations implementing the obligations outlined in the Act.