Clause 1 - Power to specify security requirements

Part of Product Security and Telecommunications Infrastructure Bill – in a Public Bill Committee at 11:45 am on 17 March 2022.

Alert me about debates like this

Photo of Julia Lopez Julia Lopez Parliamentary Secretary (Cabinet Office), Minister of State 11:45, 17 March 2022

I thank the hon. Member for Cardiff West for his contribution and his kind comments. I will have to get back to him on the precise figures that he identified in the impact assessment. However, in relation to the breadth of the impact assessment, he will know from this legislation that we are taking a broad range of powers. As we debated earlier, that is very deliberate because this is a fast-moving area. Technology is developing faster than Parliament can regulate it, which is a major challenge for Governments around the world. The Bill will help us to be nimble and agile in how regulate that technology.

A lot of the issues that the hon. Gentleman has concerns about will be something for secondary legislation, which we will be developing hand in glove with businesses so that we understand what is changing in the technological world and what impact that will have on matters such as the disposal of devices. I share his concerns about the environmental impacts if we get the regulations on that wrong—none of us wants to see a lot of technology become redundant.

We are trying to help consumers have more information so that if someone buys a device, they do not necessarily have to dispose of it simply because the period for which the manufacturer says it is covered has expired. It will be up to the consumer to decide whether to keep that device if they think it is less secure than it otherwise might be. It has been controversial to take these broad powers. We understand the concerns that any Parliament would have about the level of scrutiny it will have. However, the Government think that this is right because, as I say, we have to maintain that agility.

The hon. Member for Cardiff West referenced the points raised by Dr Carr. As I said earlier, I share those concerns. What we are trying to do is raise the level of security overall; we want to help consumers and manufacturers to understand this as an issue. This was initially a voluntary code, which did not do enough to make manufacturers take the cyber obligations seriously. There was an interesting discussion on the panels earlier this week when one contributor—I cannot remember who it was exactly—said that the legislation will give boards the spark or impetus to discuss and get funding for these kinds of cyber-security requirements for their products. If it is voluntary, it is very hard for anybody to make the case within their company that they need to take cyber-security seriously.

We hope that the secondary legislation will allay some of Dr Carr’s concerns. We will never have 100% security, but we hope that these provisions will raise the bar overall and help to raise consumer and manufacturer awareness of cyber as a whole. I hope that those comments will reassure the hon. Gentleman. I also assure him that we will look at how to get the balance right in the secondary legislation, and we will be in close contact with businesses as we do so.