BSI Group Japan (British Standards Institution), Panasonic Corporation, to Kurashi Appliances, Inc. UK PSTI Act (Cyber Security Requirements for Consumer IoT Devices) Cyber Security Requirements for Consumer IoT Devices Certificate of Conformity to the UK PSTI Act (Cyber Security Requirements for Consumer IoT Devices)

BSI Group Japan K.K. (located in Minatomirai, Nishi-ku, Yokohama; Masaki Urushihara, President & CEO; hereinafter "BSI Japan") has announced that it has signed an agreement with Panasonic Corporation's Kurashi Appliance Company (located in Nishi-Gotanda, Shinagawa-ku, Tokyo; Shigeru Dono, President; hereinafter "Kurashi Appliance Company"), to provide a comprehensive cyber security solution for consumer IoT products. (Headquarters: Tokyo, Japan; President: Shigeru Dono; hereinafter "Kurashi Appliances") to comply with the UK PSTI Act (Product Security and Telecommunications Infrastructure Act) (*2), which is part of EN 303 645 (*1) (Cyber Security for Consumer Internet of Things), a cybersecurity standard for consumer IoT products. Infrastructure Act) (*2), which is part of EN 303 645 (*1) (Cyber Security for Consumer Internet of Things).

At the certification award ceremony held on April 10, 2024

From left: Mr. Fumitaka Ogasawara, Technical Manager, Cooking Equipment Business Unit, Kitchen Space Division, Kurashi Appliance Company, Panasonic Corporation; Mr. Masaki Urushihara, President, BSI Group Japan K.K.

Recently, many consumer products are equipped with communication connectivity functions, whether wired or wireless, and are used as IoT devices in all kinds of situations, and the number of such devices is dramatically increasing. While such consumer IoT devices offer many conveniences to our daily lives, they also pose cybersecurity risks. The UK PSTI Act is a UK law that requires compliance with a portion of the ETSI EN 303 645 standard, which will take effect on April 29 of this year, and has attracted a surge of attention as customers rush to comply with this law.

BSI, the UK headquarters of the BSI Group, has established a cybersecurity testing and certification scheme to demonstrate that your IoT devices are safe and secure by meeting the legal requirements set forth by the UK PSTI Act. This scheme allows us to prove that your IoT devices meet the legal requirements set forth by the UK PSTI Act, which strongly supports smooth business in the UK. Certification through testing through a trusted independent certification body means that you can clearly demonstrate and guarantee your digital trust offering to the market and consumers in a world connected by digital and IoT devices.

- Note -.

(*1) About EN 303 645:

https://www.bsigroup.com/ja-JP/industries-sectors/internet-of-things-iot/iot-assurance-services/EN303645/

(*2) About the UK PSTI Act:

https://www.bsigroup.com/ja-JP/industries-sectors/internet-of-things-iot/iot-assurance-services/uk-product-cybersecurity-act-psti/

Comments from Kurashi Appliances, Inc.

- Purpose of PSTI compliance testing and certification

When we launched the first convection oven equipped with a LAN port for the UK market, our microwave oven business did not have any knowledge of cyber security.

As the Cyber Resilience Act is being promoted throughout Europe, we believe that deepening our understanding of cyber security and increasing our resilience is essential for the development of our business as we continue to be involved in the development of products that utilize networks. We took the PSTI Act as a first step to acquire certification to deepen our knowledge.

- Challenges we faced in taking on the challenge, and things we are glad we did

While we had a very difficult time because our interpretations were repeatedly rejected, we are glad that we were able to deepen our knowledge because we took on the challenge. It was a very sad Christmas for us as we failed the first certification audit as the mass production schedule was approaching. Because of the difficulties we faced, we were able to learn that we need to be more specific and detailed in terms of security, and that we need to take into account considerations that are easy for end users to understand, and we were able to deepen our knowledge for future certification applications. Since the requirements of the PSTI Act had not yet been fully adjusted, there were discrepancies between BSI and our company in the interpretation of laws and regulations, and it was very difficult to reconcile these ideas and to derive the consideration of issues for the future.

Although we were pressed for time to respond to this challenge at such short notice and so close to mass production, we were able to understand the entire concept of the PSTI law and gained very useful knowledge for the next and subsequent phases of the project.

- Reasons for choosing BSI for certification, and impressions after undergoing testing and certification

Reason: The PSTI Act is a new law, and although it had not yet become mandatory, we were concerned about customs risks, so we thought that BSI, the British Standards Institution, was the most familiar with this law. We were very reassured by the fact that we could work through BSI Group Japan to obtain the certification.

Impression: Normally, it takes a long time to obtain certification, but since we were also on a mass production schedule, it was very reassuring and gratifying that you were able to coordinate and support us as much as possible regarding the schedule for testing and certification to meet the deadline while maintaining a neutral position as a standards association.

- Expected benefits and further challenges in the future

Using the PSTI Act certification as a foothold, we will work to satisfy cybersecurity requirements in the development of cooking equipment for more advanced information and communication, and to respond quickly to European cyber resilience requirements.

We will continue to work closely with BSI to bring the PSTI Act, which has only been in effect for a short period of time and tends to be conservative in its requirements, closer to the proper form it should be in.

About BSI (British Standards Institution) and BSI Group Japan

BSI (British Standards Institution) is an organization that promotes business improvement and standardization. For more than a century since its founding, it has had a positive impact on organizations and society, building trust and improving people's lives. Today, BSI works with a 15,000 strong global community of professionals, trade associations, consumer groups, organizations, and government agencies in more than 190 countries and territories, and with over 80,000 customers. BSI has made it our Purpose to help our clients achieve their Purpose by leveraging our extensive expertise across key industry sectors such as automotive, aerospace, built environment, food, retail, and healthcare. From climate change to building trust in digital transformation, BSI works hand-in-hand with a wide range of organizations to tackle all critical social issues, helping them grow with confidence and accelerate the realization of a better society and a sustainable world.

BSI Group Japan is the Japanese subsidiary of BSI, established in 1999. Its main business is the provision of management system and information security services, certification services for medical devices, product testing and certification services, and training services, as well as a wide range of standards-related services, including support for standards development.

URL: https://www.bsigroup.com/ja-JP/