Notice: New UK Product Security and Telecommunications Infrastructure (PSTI) Law

LONDON, United Kingdom – April 29, 2024 – At Samsung, we place consumers and product security at the heart of all our operations. We are supportive of the new UK Product Security and Telecommunications Infrastructure (PSTI) legislation that comes into law, effective from today, 29^th April, 2024 and believe it will offer more transparency to customers.

From today, (in summary) in the UK, it will not be legal to sell internet or network connectable products^[1] unless they meet the following three requirements:

1. Products cannot use a universal default password or one that is easy to determine.
2. Manufacturers must provide a public point of contact to report security vulnerabilities in products.
3. Manufacturers must publish the minimum amount of time a product will receive security updates.

We confirm that all Samsung products covered by the new law that were released in the UK in the last three years already comply with these requirements. The public point of contact for reporting security vulnerabilities and the length of software security update support for in-scope Samsung products can be found here: https://securityreport.samsung.com/

Statement of Compliance

In addition to the above three requirements, from 29^th April 2024, all relevant products supplied to end-users in the UK must also be accompanied by a Statement of Compliance confirming that the product fully complies with the above requirements.

Please see below for an example Statement of Compliance that will accompany in-scope Samsung products approved for sale in the UK.

[1] Some exceptions apply, including laptops and Wi-Fi only tablets