UK recognises Japan and Singapore IoT security labels

From 4 December 2025, the UK now recognises Japan’s JC‑STAR STAR‑1 and Singapore’s Cybersecurity Labelling Scheme (CLS) as proof that a smart device meets the country’s baseline IoT security rules - and even counts for the UK “statement of compliance”. The regulations were made on 3 December 2025 and apply across England, Wales, Scotland and Northern Ireland, according to legislation.gov.uk.

Let’s anchor the basics. Under the Product Security and Telecommunications Infrastructure Act 2022 and the 2023 Regulations, makers of “relevant connectable products” - think smart speakers, cameras, toys, routers and similar - must meet three essentials: no easy default passwords, a clear route to report security bugs, and a promise about how long security updates will be provided. Oversight involves the Office for Product Safety and Standards, working with the Department for Science, Innovation and Technology.

What changed this week is a shortcut called “deemed compliance”. If your product carries an in‑date JC‑STAR STAR‑1 label from Japan’s Information‑technology Promotion Agency, or any level of Singapore’s CLS from the Cyber Security Agency of Singapore, you are treated as having met the UK security requirements set out in the 2023 Regulations. The label must still be current and matched to the right product.

The rules also cover the paperwork. UK law expects every product to travel with a “statement of compliance” under section 9 - a formal declaration that the model meets the security requirements. The new Schedule 2A says that the same two labels, when valid and tied to the specific device, mean a manufacturer is treated as having provided that statement. In plain terms, the label doubles as your UK compliance declaration.

Two definitions are now written into the 2023 Regulations so everyone is talking about the same thing. JC‑STAR STAR‑1 is Japan’s baseline conformance label for consumer IoT security. Singapore’s CLS is a tiered label with multiple levels; for UK purposes any level will do for deemed compliance. Both schemes are named in the Explanatory Note and in the instrument published by legislation.gov.uk.

If you’re learning this for class, a “relevant connectable product” simply means an everyday internet‑connected device sold to consumers. The UK baseline is basic hygiene: stop guessable passwords, make it easy to report vulnerabilities, and tell buyers how long security updates will last. This is about transparency and raising the floor for everyone.

What this means for manufacturers: if you already certify for Japan or Singapore, you can sell the same model in the UK relying on that label instead of drafting a separate UK statement. You should still keep technical records, make sure the label clearly applies to your exact model and version, and watch expiry dates. If the label lapses, the deemed‑compliance route disappears and the ordinary UK duties apply in full.

What this means for retailers and importers: you can treat a product with an in‑date JC‑STAR STAR‑1 or Singapore CLS label as meeting the UK baseline and the statement‑of‑compliance duty. It’s wise to check the label against the SKU you list, keep evidence on file, and make sure your product page tells customers the minimum security update period promised by the manufacturer.

What this means for buyers: you may start seeing Japanese or Singaporean security marks on boxes or online listings. In the UK, any level of Singapore’s CLS will count for compliance, but higher levels usually reflect stronger testing. Still look for the promised update period - UK law requires that promise to be clear - because that affects how long your device stays protected.

The instrument is the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025, SI 2025/1267. It was signed by the Parliamentary Under‑Secretary of State, Lloyd of Effra, on 3 December 2025 and came into force on 4 December 2025. The full text and its Explanatory Memorandum are available from legislation.gov.uk.