Apple will provide a minimum of five years of iPhone security updates

The UK's Product Security and Telecommunications Infrastructure (PSTI) Act imposes several requirements on companies selling internet-connected products. The main obligations under the Act include:

1. Security Requirements: The Act requires companies to comply with specific security requirements for their products. These requirements are aimed at ensuring the security of internet-connected devices and protecting consumers from potential cyber threats.

2. Defined Support Period: Companies are mandated to define the minimum length of time they will provide security updates for a product. This information must be made available to consumers, allowing them to make informed decisions about the security of the products they purchase.

3. Statement of Compliance: Companies must provide a statement of compliance confirming that their products meet the security requirements set out in the Act. This statement must accompany the product and be easily accessible to consumers.

4. Retailer Obligations: Retailers have obligations under the Act, such as not supplying products if they are aware of non-compliance with security requirements and informing the relevant manufacturer and authorities in case of compliance failures.

5. Excepted Products: The Act provides a list of products that are excepted from the scope of the regulatory regime. These include electric vehicle smart charge points, medical devices, and smart meters, among others.

The PSTI Act aims to ensure that internet-connected products sold in the UK meet robust security standards, protecting consumers and businesses from potential cyber threats.