Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, whether she has made an assessment of the adequacy of technical support offered by technology companies to people who report cyber crime incidents affecting their products.

The Product Security and Telecommunications Infrastructure Act (2022) places a legal obligation on the manufacturers of internet-connected devices to offer a vulnerability reporting process. This means anyone - including users, security researchers and cyber crime victims - must have a clear, secure way to report vulnerabilities to device manufacturers. The Act also places a legal obligation on device manufacturers to support their products with software and security updates for a defined period.

Technical support for cyber crime victims is not regulated under the Act. Victims should report cyber crimes to the police via the Action Fraud website or phone line.