Cybersecurity: RED, PSTI, and CRA

Overview

The white paper discusses the evolving landscape of cyber security legislation aimed at enhancing the security of connected products. It highlights three key pieces of legislation: the UK’s Product Security and Telecommunications Infrastructure Act (PSTI Act) and its accompanying regulations, the EU’s Delegated Regulation under the Radio Equipment Directive (RED), and the Cyber Resilience Act (CRA).

The PSTI Act, enacted in 2022, and the PSTI Regulations, introduced in 2024, establish a framework for manufacturers to ensure their products are secure against cyber threats. The EU’s RED, effective from August 1, 2025, mandates compliance with new cyber security requirements, while the CRA, set to come into force in stages from September 2026 to December 2027, introduces mandatory reporting obligations for manufacturers regarding vulnerabilities.

The paper outlines the types of cyberattacks that these regulations aim to mitigate, including unauthorized access to secure networks, the formation of botnets using IoT devices, and the theft of personal data through connected devices. It emphasizes the importance of designing products with security in mind, ensuring they are free from known vulnerabilities, and providing mechanisms for updates and secure data handling.

To assist manufacturers in navigating these complex requirements, the paper details the services offered by Element, including advisory services for compliance strategy, cyber security testing, and certification against relevant standards. Element’s expertise aims to simplify the compliance process, ensuring that manufacturers can effectively meet the new legislative demands.

Overall, the white paper serves as a crucial resource for manufacturers, outlining the legislative landscape, the importance of cyber security in product design, and the support available to achieve compliance in an increasingly regulated environment.