Product Security and Telecommunications Infrastructure Act 2022
The Product Security and Telecommunications Infrastructure Act 2022 (‘the Act’), which comes into effect on 29 April 2024, requires manufacturers, importers and distributors of UK consumer connectable products to comply with minimum security requirements based on the UK’s Code of Practice for Consumer IoT Security.
The Act affects numerous items which are connected to the internet or network, including such items as mobile phones and laptops.
John Veale of Kangs Solicitors comments upon Part 1 of the Act which focuses on ‘Product Security’.
The award-winning Team at Kangs Solicitors is nationally recognised for its work in Regulatory, Civil and Criminal Proceedings of every nature and is led by Hamraj Kang, a leading expert in the field of criminal law ranked in the ‘Top Tier’ by both leading directories Chambers and Partners and The Legal 500.
If you find yourself under Investigation by Ofcom or any Regulatory Body or need guidance in regard to any regulatory matter or proceedings of any nature, please feel free to call us for an initial no obligation confidential discussion:
- 020 7936 6396 London
- 0121 449 9888 Birmingham
- 0161 817 5020 Manchester
The Overriding Intent | Kangs Regulatory Solicitors
The Act enables the making of Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations (‘the Regulations’). A second draft of the Regulations was placed before Parliament in July 2023 and, subject to Parliamentary approval, the Regulations are due to come into force on 29 April 2024.
The Regulations are intended to ensure that all businesses in the relevant supply chain are made responsible for preventing insecure consumer products from being sold to UK businesses and consumers.
The proposal is to introduce a system of fines for those businesses that fail to comply with the Regulations coupled with criminal liability for individuals within businesses who fail in their duties as set out by the Regulations.
The system may be administered by Ofcom or such other Regulatory Bodies designated by the Secretary of State.
Specific Provisions of the Act | Kangs Product Security Offences Defence Solicitors
The Act contains the following sections:
‘7 Relevant persons
(2) “Relevant person”, in relation to a relevant connectable product, means any of the following—
(a) a manufacturer of the product
(b) an importer of the product
(c) a distributor of the product.’
The security requirements imposed on these ‘relevant persons’ are extensive and include:
- compliance with security requirements,
- provision of a Statement of Compliance with all products supplied in the UK that is in compliance with and contains such information as specified in the Regulations,
- a duty upon importers and distributors not to supply products where there has been a compliance failure,
- a duty to investigate and take action in relation to compliance failures,
- a duty to maintain records/records of investigations regarding compliance failures.
‘ Enforcement
26 (1)The person responsible for enforcing the provisions of this Part, and of regulations made under it, is the Secretary of State
27 (1)The Secretary of State may by regulations authorise any person to exercise any enforcement function of the Secretary of State.’
The Regulations can be enforced by:
- Compliance notices (s.28}
- Stop notices (s.29}
- Recall Notices, (s.30}
- Variation or revocation of enforcement notices (s. 31)
Failure to comply with an enforcement notice can be a criminal offence, summary conviction for which, before a Magistrates’ Court can result in a fine (s.32).
An appeal against an enforcement notice may be made and, if successful, compensation may be awarded (s.33 and s.34).
Other Means of Enforcement | Kangs Criminal Defence Solicitors
The Act contains sections dealing with:
- S 36 – financial penalties may be imposed if a person/body corporate on the balance of probabilities has failed to comply with a relevant duty.
- S 37, 38, 39, 40 & 41 – the amount, calculation of maximum amount, penalty, enforcement and appeals.
- S 42 – forfeiture of a product that is not compliant,
- S 45 – the public can be informed of compliance failures,
- S 46 – details of enforcement action taken against relevant persons can be published.
- S 47- power for products be recalled.
Additional matters of note:
- Liability can extend to authorised representatives where a manufacturer is not established in the UK
- Where an offence has been committed by a body corporate and has been committed with consent, connivance of or attributable to negligence of a director, manager, secretary or similar officer or person purporting to act in such a capacity, that person as well as the body corporate is guilty of the offence and is liable to be proceeded against and punished accordingly.
- The maximum penalty is the greater of £10 million or 4% of the person’s/body corporate’s qualifying worldwide revenue for the most recent accounting period.
- The penalty is recoverable as if it were payable under the High Court.
- A penalty notice should be issued first against which representations can be made.
- The penalty itself can be appealed.
How Can We Help? | Kangs National Criminal Defence Team
It is clear that the Act will have far reaching and potentially damaging financial repercussions for non-compliance.
If you are subjected to any form of investigation by any Regulatory or other Prosecuting body, you should seek immediate expert legal advice and assistance to ensure that any defence or mitigation which is, or may be, available is exercised without delay.
The Team at Kangs Solicitors offers a wealth of experience and would be delighted to assist you. Please do not hesitate to contact us as follows.
Tim Thompson
Partner