PSTI
The requirements of the Product Security and Telecommunications Infrastructure (PSTI) Act apply from 29 April 2024. The PSTI Act regulates consumer connectable products - like smartphones, smart TVs and internet-connected speakers - so users are protected from cyber harm, like loss of privacy and personal data.
How does it affect me?
As a consumer there’s nothing you need to do. The PSTI legislation applies to manufacturers, importers and distributors of most consumer connectable products - like us - and asks for compliance with certain security requirements.
This will make things safer for you, as a consumer.
How are Vodafone complying with PSTI requirements?
Security vulnerability reports
Spotted a cyber-security issue with your device? We'll show you where to file a vulnerability report
Statements of compliance
We'll show you where to find compliance statements for the devices we make and sell
No universal default passwords
We're getting rid of universal default passwords so devices are more secure
Transparent security updates
We'll let you know how long your Vodafone device is supported with security updates
Find compliance statements, security information and how to report a vulnerability
Start typing the name of your device
Can't see your device listed here? The PSTI legislation may not apply to it. Chat to us to find out more.
Frequently asked questions
The PSTI legislation applies to most consumer connectable products. These are generally devices that use the internet in some capacity.
Examples of consumer connectable products covered by the PSTI legislation include:
smartphones
connected cameras, TVs and speakers
connected children’s toys and baby monitors
connected safety-relevant products such as smoke detectors and door locks
Internet of Things base stations and hubs to which multiple devices connect
wearable connected fitness trackers
outdoor leisure products, such as handheld connected GPS devices that are not wearablesconnected home automation and alarm systems
connected appliances, such as washing machines and fridges
smart home assistants
Please note: some products are excluded from the scope of the PSTI legislation - this includes most computers, laptops and Wi-Fi only tablets.
The PSTI legislation introduces specific requirements relating to the supply of most consumer connectable products.
Where we manufacture Vodafone-branded devices which are covered under the PSTI legislation, we must meet the following requirements from 29 April 2024:
We must ensure that any pre-installed password is unique or otherwise capable of being chosen by the user of the product.
We must inform users as to where they can go to report security issues with their product.
We must provide users with information regarding the minimum length of time during which their product will receive security updates
We must produce and ensure that each product is accompanied by a statement of compliance, which contains prescribed information.
This help page provides information on how we're complying with all of these points.
Thanks for reporting the security vulnerability you spotted in your Vodafone device - this helps keep us all safer from cyber-security harm.
If you provided an email address when you submitted your vulnerability report, then we aim to provide an acknowledgement of your report within two working days.
We'll then send an update every month until we come to a conclusion.
Our device passwords are designed to protect customers from malicious attackers and are unique to each device.
Each default password is created using a secure and industry accepted methodology and cannot be easily guessed or worked out.
For best security practices, we always recommend that you change the default password after you receive your device.