From 4 December 2025, device makers can use Japan’s JC-STAR STAR-1 or Singapore’s Cybersecurity Labelling Scheme to meet UK IoT security rules. The change comes via a statutory instrument made on 3 December and published on legislation.gov.uk by the Department for Science, Innovation and Technology, applying across England, Scotland, Wales and Northern Ireland.

In plain terms, a product bearing a current JC-STAR STAR-1 label or any level of Singapore’s CLS label may be treated as compliant with the “relevant security requirements” set in the 2023 PSTI Regulations and with the duty to provide a statement of compliance. The labels must be valid and unexpired; expired or withdrawn marks do not qualify.

The instrument adds formal definitions for both foreign schemes and inserts a new Schedule 2A, which sets out when a manufacturer is treated as having met the statement of compliance requirement. It also updates the existing deemed-compliance routes in Schedule 2 so that Conditions A, B and C now include JC-STAR STAR-1 and Singapore CLS as acceptable pathways alongside the original route under the UK rules themselves. The legal text names the JC-STAR STAR-1 conformance specification JST-CR-01-01-2024R1 (December 2024) and the CLS(IoT) Scheme Specifications CCC SP-151-2, version 1.4 (April 2025).

For manufacturers, this is a pragmatic way to avoid duplicating tests across markets. If a smart camera, thermostat or lighting hub already carries JC-STAR STAR-1 for Japan, or CLS at any level for Singapore, the same evidence can now underpin UK market entry under PSTI. It will not remove the need for robust technical files, but it reduces friction by allowing one recognised label to satisfy two UK obligations at once.

Importers and retailers gain a clearer due‑diligence path. A valid JC-STAR or CLS label can support supplier onboarding and product assurance checks tied to PSTI security requirements and the statement of compliance. Buyers should still verify that labels are current, store copies of certificates, and ensure product variants match the certified models before placing goods on shelves or websites.

Scope matters. The rules apply to “relevant connectable products” covered by the 2023 PSTI Regulations-consumer‑facing IoT where connectivity is part of normal use. Industrial gear or purely professional equipment may fall outside that scope. Where in doubt, businesses should map SKUs against PSTI definitions before relying on deemed compliance routes.

This is recognition, not a free pass. UK product safety, data, radio and electrical rules remain separate regimes. The Office for Product Safety and Standards will still expect coherent documentation, a UK statement of compliance supplied with the product, and a manufacturer contact point able to act on security issues. The new instrument simply confirms that certain foreign labels count as sufficient proof for PSTI’s security and paperwork duties when they are valid.

Consider a UK SME importing smart doorbells already sold in Singapore at CLS Level 2. Under the amended rules, the importer can treat that label as meeting the UK security baseline and the statement of compliance duty, provided the label remains valid and the UK paperwork reflects the certified model and firmware. That streamlines listings for peak‑season sales without re‑testing onshore.

For global brands, the cost‑benefit question is straightforward. If Japan or Singapore is on the roadmap, aligning with JC-STAR STAR-1 or CLS creates multi‑market leverage: a single certification supporting Japan/Singapore sales and UK PSTI compliance. If neither market is targeted, firms should compare certification fees and timelines against doing a UK‑only compliance package; the decision will hinge on portfolio breadth, release cadence and where volume will land in 2026.

The amendment is signed by Lloyd of Effra, Parliamentary Under‑Secretary at DSIT, and was approved by both Houses before coming into force the next day. An explanatory memorandum on legislation.gov.uk confirms the intent: to codify conditions that, when met, allow manufacturers to be treated as compliant with PSTI security requirements and with the duty to accompany products with a statement of compliance. For investors and operators, this is a small but useful piece of regulatory alignment that could pull forward UK launch dates for connected devices.