The UK has implemented new cybersecurity regulations aimed at shielding consumers and businesses from hacking and cyber-attacks. Under these British laws, manufacturers of smart devices, such as Apple, are obligated to uphold minimum security standards to protect internet-connected devices from cybercriminals. Failure to comply with these standards may result in substantial penalties.
Dubbed the Product Security and Telecommunications Infrastructure (PSTI) Act, this legislation introduces a set of stringent measures and enhanced security protocols. These measures are designed to raise the bar for cybercriminals seeking access to private networks and attempting to pilfer personal information.
The British cybersecurity legislation takes direct aim at existing security shortcomings, mandating three key changes to combat the threat of cybercrime:
- Prohibition of Common or Easily Guessable Passwords: The use of easily compromised passwords like ‘admin’ or ‘12345‘ will be forbidden to mitigate vulnerabilities and thwart hacking attempts.
- Requirement for Manufacturers to Publish Contact Details: Manufacturers must publicly disclose contact information to facilitate the reporting and resolution of bugs and security issues.
- Transparency on Security Update Timelines: Manufacturers and retailers are obligated to inform consumers about the minimum timeframe within which they can expect to receive crucial security updates.
These cybersecurity laws in the UK extend to all companies involved in the manufacture or sale of smartphones, televisions, smart doorbells, and other internet-connected devices within the country.
Specifically addressing Apple, the new regulation necessitates a thorough review of how its products align with these heightened standards. While Apple devices typically don’t utilize default passwords, the company is required to ensure that all connected devices sold in the UK clearly indicate the duration for which security support updates will be provided to customers. Moreover, impacted companies, including Apple, must establish or enhance their communication channels for reporting security concerns.
Moving forward, Apple store retailers are mandated to furnish customers with point-of-sale information regarding the relevant cybersecurity measures applicable to the devices they purchase. Non-compliance with these requirements outlined in the PSTI Act can lead to severe penalties and fines, potentially reaching up to £10 million (approximately $12.5 million USD) or 4% of the company’s global turnover.
It appears that this year demands significant adjustments from Apple, particularly concerning its operating systems and App Store policies. Recently, notable alterations have been made to iOS and the App Store, including the introduction of support for third-party marketplaces and the rollout of several EU-exclusive features. Moreover, the EU has designated iPadOS as a pivotal digital gatekeeper, prompting Apple to undertake substantial overhauls to mitigate the risk of facing a sizable lawsuit.
