LinkedIn Post 1: First Distributor Liability

Your FM company installed that IoT sensor in 2015. It's still on your network. It still has the same default password it shipped with.

Under the UK PSTI Act, you are the "first distributor" of that device. That makes you legally liable for its security—even though you didn't manufacture it.

If a regulator finds it non-compliant, enforcement comes after you, not the vendor.

The liability shifts the moment you place the device on the market.

Three things FM companies need to do now:

1. Inventory all networked IoT devices

2. Classify which ones fall under PSTI

3. Eliminate or isolate devices with unchangeable default passwords

Waiting for clarity from the regulator isn't a strategy. It's a liability.

#PSTI #Building #FacilitiesManagement #Cybersecurity