The UK is cementing its position as a global leader in cyber security, with a number of countries set to follow and adopt Britain’s minimum protections for connected devices - delivering robust protections for consumers, as part of our plan for national renewal.

In a major agreement struck as part of Singapore International Cyber Week (23 October), the UK and Singapore will work together to deliver seamless protections for both sets of citizens, showing how partnership can build a Britain built for all.

As part of this agreement, devices which meet Singapore cyber security standards for devices will now be protected under the UK’s own Product Security and Telecommunications Infrastructure (PSTI) regime. This was the first piece of legislation anywhere in the world to introduce minimum cyber security requirements for consumer devices such as smartphones, games consoles and smart doorbells.

This includes everything from the banning of default passwords commonly used like ‘admin’ or ‘12345’ to greater transparency over how long devices will receive vital software updates for. This will not only create a shared baseline to protect consumers, but cut excessive red tape to get safe and secure products in their hands faster than ever.

More and more countries are now using the standard used by the UK’s PSTI Regime (EN 303 645) to inform their own approaches to securing consumer devices. Capitalising on this, international partners including the:

UK

Singapore

Brunei

Australia

Germany

Finland

Republic of Korea

Japan

Hungary

have launched the new Global Cyber Security Labelling Initiative.

In simple terms, this will mean devices which share common safety standards - like the approach set out by the UK and Singapore - will be accepted by more and more international markets - lowering costs for business, speeding up access to safer products, and raising the floor on device security without additional red tape.

Earlier this week (Monday 20 October), Australia became the latest country to follow in the trail already blazed by the UK - setting out a voluntary code of practice for app stores and developers. This has been designed to closely mirror the UK’s own Code of Practice for App Store operators and app developers, giving industry consistent steps to make apps secure. These include better reporting of software vulnerabilities to developers and more transparency for users on the security and privacy of apps. Taken together, these moves give app stores and developers a simpler, clearer rulebook across borders while better protecting consumers.

Cyber Security Minister Liz Lloyd said:

Cyber threats are a shared challenge so seeing more and more countries following the example we’ve set in the UK to protect consumers will mean they’re better protected and also give certainty to developers with a single baseline to build to, fewer retests, and clear rules on updates and reporting. This is about safer products for people, clearer rules for business and less duplication across borders. By moving in step with allies and setting clear standards at home, we are backing business, securing our economy and keeping people safer online to build a better Britain for all.

At home meanwhile, the Good Business Charter - an independent accreditation for responsible business - has now added cyber risks to its core framework. By signposting to government and NCSC guidance such as the Cyber Governance Code of Practice and Cyber Essentials, the Charter sends a clear signal to firms to treat cyber security as a critical business issue. With 1,000 accredited organisations across sectors, this change will help normalise good cyber governance and strengthen resilience in light of recent attacks on UK firms.

It follows a recent letter from government ministers including the Technology Secretary, Chancellor and Business Secretary to business leaders and FTSE 350 firms, urging them to beef up their cyber defences to face down the growing range of threats targeting the UK’s leading organisations. The Cyber Security and Resilience Bill, which is to be introduced to Parliament, will also strengthen protections for essential and digital services, and help improve cyber resilience for organisations across the UK economy.

This package highlights how UK’s leadership in cyber will drive growth and deliver on the government’s Plan for Change - giving developers more certainty and consumers more confidence in the devices they use.