Regulatory updates in the UK

01 nov. 2023

Extension of recognition of the CE mark and new cyber security regulation keep the UK top of mind.

There seems to be new information on the topic of UKCA coming out constantly. Most recently, in the beginning of August 2023, the UK Department Business and Trade announced their decision to extend recognition of the CE mark for placing most goods on the market in Great Britain indefinitely. So, the old deadline for acceptance of the CE mark in Great Britain of 31 December 2024 is no longer valid.

The decision to extend the recognition of the CE marking and declaration has been made in an effort to make life easier and save costs for both UK and EU manufacturers and applies to the following 18 regulations under the UK Department for Business and Trade:

toys
pyrotechnics
recreational craft and personal watercraft
simple pressure vessels
electromagnetic compatibility
non-automatic weighing instruments
measuring instruments
measuring container bottles
lifts
equipment for potentially explosive atmospheres (UKEX)
radio equipment
pressure equipment
personal protective equipment (PPE)
gas appliances
machinery
equipment for use outdoor
aerosol dispensers
low voltage electrical equipment

Please bear in mind, though, that your electrical product may fall under other UK sector-specific legislation which may still require the UKCA mark and a declaration of conformity to enter the UK market. These sector-specific legislations include:

medical devices
rail products
construction products
civil explosives
marine equipment
cableways
ecodesign
transportable pressure equipment
hazardous substances (RoHS).

In addition, for all electrical products to be placed on the UK market, it is still required that either the importer is located in the UK, or has an authorised representative located there. So, if you are placing a CE-marked product on the UK market, I strongly recommend that you include the name and address of either of these economic operators in your product documentation.

Cyber Security in the UK market

The second regulatory update for the UK concerns cyber security, a hot topic in the EU as well, with the 2022 Cyber Resilience Act and the upcoming cyber security requirements in the EU Radio Equipment Directive.

On April 29, 2024, the UK consumer connectable product security regime will come into effect. This legislation is based on the UK Code of Practice for Consumer IoT security and the ETSI EN standard 303 645 and, in summary, will include the following requirements:

Password protection. Software pre-installed or installed by the user must be protected with a unique password or a password specified by the user. The legislation also includes detailed requirements for the password. It should, for example, not be easy to guess.

Information on how to report security issues. Manufacturers must appoint at least one point of contact to allow for feedback on security issues related to software.

Information on minimum security update periods. The manufacturer must publish a defined period for free-of-charge software support.

The three requirements above can be fulfilled by complying with clause 5.1-1 (2) of ETSI EN 203 645 with regards to passwords and by complying with clause 5.2-1 of the same standard with regards to the reporting of security issues. If a manufacturer complies with the requirements in clause 5.3-13 of ETSI EN 303 645 they will also fulfill the requirement for minimum security updates.

Fredrik Wennersten is Electrical Product Certification Manager at Intertek SEMKO AB, with more then 25 years within the Conformity Assessment industry. He is active globally within the IECEE CB scheme as both Convener of CMC Working Group 29 and Co-Chair of the Policy and strategy committee, as well as Vice President-elect of the European Certification organization ETICS.

Regulatory updates in the UK

01 nov. 2023

Extension of recognition of the CE mark and new cyber security regulation keep the UK top of mind.

Further reading