Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, how much paid civil service time did it take to create The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025.

The UK is the most targeted country in Europe for cyber-attacks and with most connected products used here manufactured abroad, so developing these Regulations required collaboration with international partners to reduce complexity for manufacturers and consumers.

The process of developing any legislation is inherently complex and time-consuming, involving extensive consultation, drafting, and scrutiny. Development of the draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025 was no different and involved a collaborative effort between DSIT policy officials and legal experts, as well as discussing the appropriate terminology used in the draft Regulations with our counterparts in Japan and Singapore.

We do not have figures for the exact amount of civil service time involved but can confirm that developing this Statutory Instrument was part of the work of the Cyber Security & Digital Identity Directorate within DSIT.

We have worked closely with global partners to develop the internationally recognised European Standard for Cyber Security in Consumer Internet of Things devices ETSI EN 303 645. This standard is the foundation for nearly every major consumer product security regime worldwide and we are engaging with international partners to encourage its uptake in their connected devices regimes.