The UK government introduced The Product Security and Telecommunications Infrastructure Bill. The bill is divided into two parts: product security measures and telecommunications Infrastructure measures.
The first part of the bill (product security measures) aims to ensure the following: (1) consumer connected products are secured against cyber-attacks, (2) individual privacy and security are protected; (3) manufacturers, importers, and distributors will comply with new security requirements; (4) there will be an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market.
The bill will:
(1) Require manufacturers, importers, and distributors to ensure that minimum security requirements are met concerning connected consumer products available to consumers. The security requirements, to be set out in regulations, will be the following: (a) Ban default passwords, (b) Require products to have a vulnerability disclosure policy; (c) Require transparency about the length of time for which the product will receive essential security updates.
(2) Provide a robust regulatory framework that enables ministers with powers to specify and amend minimum security requirements concerning connectable consumer products and provide capabilities to allow breaches of these duties to be enforced. The government will provide at least 12 months' notice to enable manufacturers, importers, and distributors to adjust their business.
The second part of the bill (telecommunications infrastructure measures) aims to: (1) make changes to the Electronic Communications Code, providing the necessary legal reforms to support the government's plans to rollout gigabit-capable broadband and 5G networks; (2) encourage collaborative negotiations for agreements by introducing a requirement for telecoms operators to consider the use of Alternative Dispute Resolution ('ADR'); (3) introduce provisions ensuring expired agreements are renewed consistently, and (4) introduce new provisions to enable operators to obtain Code rights over certain types of land quickly in circumstances where a landowner does not respond to repeated requests for Code rights.
The telecommunications infrastructure measures will apply to all parties involved in requests and agreements relating to rights regulated by the Electronic Communications Code. This will include telecommunications operators, infrastructure providers, landowners and occupiers, and professionals such as land agents and legal representatives.