The UK government is evaluating legislation to enhance cybersecurity for enterprise IoT devices, as it did for consumer devices via its Product Security and Telecommunications Infrastructure (PSTI) Act. This move follows concerns over the vulnerability of industrial and business-critical IoT systems, which are increasingly targeted in cyberattacks.
The UK government announced its “Call for Views on the Cyber Security of Enterprise Connected Devices”, which is open from 12th May 2025 to 7th July 2025. The Call for Views is available here.
The proposal may mandate stricter compliance for manufacturers and vendors, aligning with broader global trends in IoT security regulation. If implemented, it would mark a significant step toward securing critical infrastructure from emerging threats. One option available to government is updating the PSTI Act via primary legislation to broaden the scope of the regime to include both consumer and enterprise connected devices. Alternatively, another legislative vehicle could be used to do this if it is deemed more appropriate.
