PSTI Act Compliance Statement
Security and Transparency Alignment for RELIANOID Load Balancer and Organization
RELIANOID is aligned with the UK Product Security and Telecommunications Infrastructure (PSTI) Act, which came into effect in April 2024. The PSTI Act establishes minimum cybersecurity requirements for consumer-connectable products placed on the UK market, aiming to protect end-users from insecure devices and improve supply chain transparency.
Although RELIANOID products are enterprise-grade rather than consumer IoT devices, our security development practices, vulnerability management, and disclosure processes meet or exceed the requirements defined in the PSTI Act. This ensures that organizations deploying RELIANOID can demonstrate compliance in UK-regulated environments.
What is the PSTI Act?
The PSTI Act introduces legal obligations for manufacturers, importers, and distributors of internet-connectable products sold in the UK. Key requirements include:
- No Default Passwords – Products must not be supplied with universal default credentials.
- Vulnerability Disclosure Policy – Manufacturers must provide a public channel for reporting security issues.
- Transparency on Support Periods – Clear statements on the minimum period for receiving security updates.
Product Scope and Applicability
While primarily targeted at consumer IoT, RELIANOID applies PSTI security principles to all enterprise products:
- Components: Hardware appliances, software platform, and management interfaces (Web UI, CLI, API).
- LTS Lifecycle: Enterprise versions are Long-Term Support. Refer to our End Of Life Plan for more information.
- Operating System: Debian Bookworm.
- Deployment Models: On-premises, cloud, and hybrid.
- Topologies: Standalone, clustered, dual-mode with DR.
Organizational Alignment with PSTI Requirements
RELIANOID voluntarily applies the three primary security provisions of the PSTI Act across our product lifecycle.
No Default Passwords
- All RELIANOID deployments require mandatory credential setup during installation.
- We support role-based access control (RBAC) and integration with corporate identity providers.
Vulnerability Disclosure Policy
- We maintain a public vulnerability disclosure program and accept reports via secure channels.
- All disclosures are managed under Coordinated Vulnerability Disclosure (CVD) best practices.
- Security advisories and patches are published in alignment with our release cycles.
Transparency of Support Periods
- We provide explicit End-of-Life (EOL) and Long-Term Support (LTS) schedules for all major releases.
- Customers receive security patching commitments up to five years for Enterprise editions.
Additional Security and Assurance Measures
To extend beyond PSTI baseline requirements, RELIANOID provides:
- Signed binaries and hash validation for integrity verification.
- Regular third-party vulnerability scanning and penetration testing.
- Public security advisories and deployment hardening guides.
Platform Deployment and UK Market Context
Although RELIANOID is not a consumer product, our security alignment with PSTI ensures suitability for:
- Telecommunications providers operating under UK security regulations.
- Critical infrastructure operators requiring vendor assurance of patching and disclosure processes.
- Government supply chains adopting PSTI-driven procurement standards.
Commitment to PSTI Principles
RELIANOID is committed to:
- Continuously updating products in line with evolving UK regulatory expectations.
- Maintaining transparent support and patch lifecycle documentation.
- Providing open channels for responsible vulnerability disclosure.
- Ensuring enterprise customers can demonstrate compliance when required.
Document Reviews
| Date |
Comment |
| 10th November 2025 |
Initial publication of PSTI Act compliance alignment |
Contact and Assurance
We welcome requests for detailed documentation on RELIANOID’s vulnerability disclosure policy, patch lifecycle, and alignment with PSTI principles.
Contact our Compliance & Security Team
Download Latest Security Report