PSTI Compliance

Last updated: [27th Jan, 2026]
Applies to: Repenic Zigbee 3.0 Smart Dimmers, Repenic Wi-Fi Smart Thermostats

Repenic is committed to ensuring that consumer connectable products supplied to the UK market comply with the requirements of the Product Security and Telecommunications Infrastructure Act 2022 (PSTI) and the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.

This page describes how Repenic smart products are designed, supported, and maintained in line with these requirements.

1. Scope of Products

This statement applies to the following Repenic products supplied to UK consumers, trade partners, designers, and distribution channels:

• Zigbee 3.0 Smart Dimmers

• Wi-Fi Smart Thermostats (Tuya platform–compatible)

These products are consumer connectable products under UK PSTI legislation.

2. Passwords and Authentication

2.1 Default Passwords

Repenic products do not contain any default usernames or default passwords.

• Zigbee smart dimmers do not expose any local user accounts, login interfaces, or password-based access mechanisms.

• Wi-Fi smart thermostats do not implement device-level default credentials.

This design complies with the PSTI requirement prohibiting universal or default passwords.

2.2 User Authentication via Third-Party Platforms

Repenic does not operate its own smart home control platform, cloud service, or gateway.

• Remote control of Repenic smart products is performed via third-party platforms and mobile applications selected by the end user (for example, Zigbee hubs or Tuya-compatible applications).

• Any user account registration, authentication requirements, password policies, or credential management are implemented and enforced by the relevant third-party platform provider.

Repenic selects and supports platform integrations that require user account registration and authentication as part of their normal operation, and monitors relevant platform changes where they may impact product security.

3. Connectivity and Control

Repenic smart products support:

• Remote control via compatible mobile applications, through hubs or cloud services chosen by the user.

• Local manual control, allowing essential functionality to remain available independently of remote access.

Repenic devices do not provide unsecured local network interfaces such as open web interfaces or default-access services.

4. Security Updates and Support Period

4.1 Security Update Commitment

For the products listed on this page, Repenic provides security updates for a minimum of five (5) years from the date the product is first placed on the UK market (1st Nov, 2025).

Security updates may include:

• Firmware updates addressing identified security vulnerabilities

• Mitigation measures or configuration guidance where appropriate

4.2 Update Delivery

Zigbee 3.0 Smart Dimmers

Firmware updates are delivered using a Repenic-provided firmware update utility application.

• The application connects to the device locally via Bluetooth after the user manually places the device into pairing mode.

• The application does not require user account registration, does not use passwords, and does not provide remote access, cloud services, or ongoing device control.

• The application is used solely for the purpose of installing firmware updates.

Wi-Fi Smart Thermostats

Firmware updates are delivered via Tuya-compatible mobile applications and update infrastructure.

The availability and installation of updates may depend on the user’s chosen platform, device connectivity, and network configuration.

5. Vulnerability Disclosure Policy

Repenic supports responsible disclosure of security vulnerabilities.

5.1 Reporting a Vulnerability

Security vulnerabilities may be reported to:

Email:
security@repenic.co.uk

Please include, where possible:

• Product model and version

• Description of the issue

• Any relevant information to assist investigation

5.2 Our Response

• Repenic will acknowledge receipt of vulnerability reports within a reasonable time.

• Where appropriate, Repenic will assess reported issues and provide:

  • A firmware update, or

  • Mitigation guidance or other corrective actions.

6. Roles and Responsibilities

Repenic acts as the manufacturer of the physical hardware products described on this page.

Third-party mobile applications, cloud services, gateways, and platform infrastructure used to operate Repenic products are provided and managed independently by their respective providers. Repenic does not control the internal security architecture, account management, or authentication policies of these third-party services.

Repenic monitors relevant changes to supported platform security requirements and assesses their potential impact on product security compliance.

7. Compliance Statement

Based on the design, implementation, and support measures described above, Repenic considers the products listed on this page to be compliant with the applicable security requirements of UK PSTI legislation at the time of supply.

This statement is provided in support of Repenic’s obligations under UK product security law.

8. Contact

For security-related enquiries or questions regarding this statement:

Email: security@repenic.co.uk