The requirements of the Product Security and Telecommunications Infrastructure (PSTI) Act apply from 29 April 2024. The PSTI Act regulates consumer connectable products - like smartphones, smart TVs and internet-connected speakers - so users are protected from cyber harm, like loss of privacy and personal data.  

How does it affect me?

As a consumer there’s nothing you need to do. The PSTI legislation applies to manufacturers, importers and distributors of most consumer connectable products - like us - and asks for compliance with certain security requirements.

This will make things safer for you, as a consumer.

How are Vodafone complying with PSTI requirements?

Security vulnerability reports

Spotted a cyber-security issue with your device? We'll show you where to file a vulnerability report

Statements of compliance

We'll show you where to find compliance statements for the devices we make and sell

No universal default passwords

We're getting rid of universal default passwords so devices are more secure

Transparent security updates

We'll let you know how long your Vodafone device is supported with security updates

Find compliance statements, security information and how to report a vulnerability

Start typing the name of your device

    Can't see your device listed here? The PSTI legislation may not apply to it. Chat to us to find out more.

    Frequently asked questions

    The PSTI legislation applies to most consumer connectable products. These are generally devices that use the internet in some capacity.

    Examples of consumer connectable products covered by the PSTI legislation include:

    • smartphones 

    • connected cameras, TVs and speakers 

    • connected children’s toys and baby monitors 

    • connected safety-relevant products such as smoke detectors and door locks 

    • Internet of Things base stations and hubs to which multiple devices connect 

    • wearable connected fitness trackers 
      outdoor leisure products, such as handheld connected GPS devices that are not wearables 

    • connected home automation and alarm systems 

    • connected appliances, such as washing machines and fridges 

    • smart home assistants 

    Please note: some products are excluded from the scope of the PSTI legislation - this includes most computers, laptops and Wi-Fi only tablets.

    The PSTI legislation introduces specific requirements relating to the supply of most consumer connectable products.

    Where we manufacture Vodafone-branded devices which are covered under the PSTI legislation, we must meet the following requirements from 29 April 2024:

    • We must ensure that any pre-installed password is unique or otherwise capable of being chosen by the user of the product.

    • We must inform users as to where they can go to report security issues with their product.

    • We must provide users with information regarding the minimum length of time during which their product will receive security updates

    • We must produce and ensure that each product is accompanied by a statement of compliance, which contains prescribed information.

    This help page provides information on how we're complying with all of these points.

    Thanks for reporting the security vulnerability you spotted in your Vodafone device - this helps keep us all safer from cyber-security harm.

    If you provided an email address when you submitted your vulnerability report, then we aim to provide an acknowledgement of your report within two working days.

    We'll then send an update every month until we come to a conclusion.

    Our device passwords are designed to protect customers from malicious attackers and are unique to each device.

    Each default password is created using a secure and industry accepted methodology and cannot be easily guessed or worked out.

    For best security practices, we always recommend that you change the default password after you receive your device.