This time last year we saw changes to the Electronic Communications Code in Schedule 3A to the Communications Act 2003 (as amended by Digital Economy Act 2017) (“the Code”) as a result of the provisions in the Product Security and Telecommunications Infrastructure Act 2022 Act (“the Act”). Those changes had a positive impact on the deployment of telecommunications infrastructure. From 1 April 2024 we will see further changes to the Act imposing cybersecurity requirements on businesses involved with internet enabled consumer products (commonly known “smart devices”).
What is the Product Security and Telecommunications Infrastructure Act 2022?
The Act has two Parts:
- Part 1: Product Security
These are regulations to make “smart” products more secure against cyber-attacks by setting minimum security requirements for such products.
- Part 2: Telecommunications Infrastructure
These are provisions intended to speed up the deployment and expansion of telecommunication infrastructure in the UK.
Primarily the Act was introduced to improve connectivity and broadband for UK consumers.
Part 1 of the Act aims to improve the current regulatory framework for such “smart” products in the UK by imposing security requirements for those producing them. These new regulations will affect manufacturers, importers and distributors of such consumer products. Businesses may be impacted by increased costs associated with complying with the new security requirements and potentially the penalties for non-compliance with the same.
Part 2 of the Act implemented changes to the Code which were intended to assist negotiations between landowners and operators to speed up the deployment of telecommunications equipment. It appears that Part 2 of the Act has helped landowners accept the need for telecommunications infrastructure and the rights operators have been granted in the Code.
What is the cybersecurity risk to users?
The improved connectivity, resulting from the changes to the Code (introduced in 2017 and 2023) which has facilitated a speedier deployment of infrastructure, means we are more reliant on internet enabled consumer products e.g. smart speakers, TVs, watches etc. The increased usage of such products has unfortunately resulted in a much higher cybersecurity risk level for users due to our dependency on such products.
The telecoms operators are all too familiar with the cybersecurity risks for those using their networks. The security of the infrastructure that facilitates the growth of UK connectivity is vital for its users.
The new regulations that amend the Act do not require products made in NI to comply with the enhanced security requirements. However it is a clear indication of how internet enabled products will be regulated in the UK going forward as we all become more reliant on telecommunications in our everyday life. It is likely these changes may apply to NI once the “Protocol”/”Windsor Framework” issue is resolved.
While the enhanced security requirements protect everyday users, it will inevitably create challenges for businesses involved in the supply chain of internet enabled products, especially those imported from outside the UK.
If you would like to seek further information about any of the issues raised in this article, please contact our Commercial Real Estate team at Cleaver Fulton Rankin.
This article has been produced for general information purposes and further advice should be sought from a professional advisor.
How can we help you?
Call us on the Belfast number below or send us a message and one of our team will be in touch.
028 9024 3141Send us a Message