Product Security and Telecommunications Infrastructure Bill - Second Reading

Part of the debate – in the House of Lords at 5:23 pm on 6th June 2022.

Alert me about debates like this

Photo of Lord Parkinson of Whitley Bay Lord Parkinson of Whitley Bay Lord in Waiting (HM Household) (Whip), The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport 5:23 pm, 6th June 2022

Certainly. I pointed out that the time that has elapsed since 2017 has perhaps not given us as much real data as we would have had, were it not for the pandemic, but of course we will be influenced by what have seen as we scrutinise the Bill in Committee and later.

We have heard a range of views on multiple dwelling units. The Government are aware of calls from parts of the industry for greater automatic rights to upgrade existing infrastructure in multiple dwelling units. The Government are not convinced that granting those rights is proportionate, because we must strike the right balance between private property rights and public benefits. There are other ways that operators can arrange to upgrade equipment in multiple dwelling units. They can ask for those rights and if landlords fail to reply, they will be able to use the process created through the Telecoms Infrastructure (Leasehold Property) Act 2021. If landlords refuse, operators can ask the courts to impose additional rights to upgrade existing equipment if their agreement with the landlord does not already provide them with those rights.

Other measures in the Bill encourage the use of alternative dispute resolution to support more collaborative negotiations. The Government are also considering further changes through regulations to help code disputes be dealt with more quickly. Finally, it is important to stress that there is no consensus from the industry on this issue, just as there was no consensus in our debate today. In fact, many operators have opposed the proposal on the grounds that it would create an unfair advantage for operators who already have equipment inside buildings and could therefore have anti-competitive effects.

My noble friend Lady Harding of Winscombe asked about telegraph poles. It is important that any automatic rights in relation to apparatus on, under or over private land strike a fair balance between any interference with private property rights and any public benefits that can be delivered. We think that the measures in this Bill on rights to upgrade and share apparatus under land achieve that balance. However, we have seen some evidence that further public benefits might be achieved if telecommunications poles sited on private land could be upgraded and shared more easily. Operators already have statutory rights to fly wires between these poles and it is obviously important that the legislative framework supports the effective use of these rights; we are looking into this matter closely.

A number of noble Lords touched on what is and is not in scope of Part 1 of the Bill. The Bill sets out what types of products should be treated as “consumer connectable”. This includes products that can be connected to the internet, such as routers, smart TVs, smart home products and connectable toys. I can tell my noble friend Lord Arbuthnot of Edrom that toasters are indeed in scope, although the idea of an internet-connected toaster makes me think of Wallace and Gromit. I share his bafflement at why people might want to do it, but they are in scope.

The powers in the Bill will allow the Government to update products that are in scope where changes to the wider regulatory, technological or threat landscape render this appropriate. The Government also intend to remove some products from scope where their inclusion would subject them to double regulation or where that would be disproportionate to the level of security risk. An example of such an exception is automotive vehicles, which I can tell my noble friend Lord Vaizey of Didcot include e-scooters; other examples are medical devices and smart charging points.

My noble friend Lord Arbuthnot talked about the vulnerability disclosure process. Of course, manufacturers will not see every vulnerability in their own products. Increasingly, the people best placed to spot them are everyday users and designated security researchers; but the potential point of failure here is the process for reporting those vulnerabilities to the manufacturer, which is often difficult to navigate. The security requirement will mandate a clear point of contact and the policy for the manufacturer to receive such reports and take meaningful action to address them. That is an important step forward, which, I am pleased to say, has widespread industry and expert support.

The noble Lords, Lord Clement-Jones and Lord Bassam of Brighton, the noble Baroness, Lady Merron, and others asked about future-proofing. There is a common notion that Governments are behind the curve when it comes to regulating technology, but not in this case. As well as setting the stage to introduce the regulations to which we have already committed, this Bill establishes a flexible and future-proof regulatory framework so the Government can be agile and proactive in amending and introducing security requirements in step with technological innovation. That is exactly why we have not included the three security requirements on the face of the Bill. By design, the Bill not only addresses the current problem but looks beyond it to ensure that UK consumers can be protected no matter how technologies and threats change and emerge.

My noble friend Lord Holmes of Richmond asked about the Computer Misuse Act. Colleagues at the Home Office are currently taking forward work to identify whether the proposals made in response to the review of that Act, which was launched in May last year, will assist in helping to protect the UK from cybercrime, or whether they are addressed under other programmes of work. We will provide an update to your Lordships’ House in due course, but this Bill will enhance protection for consumers and networks from the range of harms associated with cyberattacks. It equips the Government with the necessary powers to set and update security requirements within a fast-growing area of emerging technologies.