Part of Product Security and Telecommunications Infrastructure Bill – in a Public Bill Committee at 12:00 pm on 17 March 2022.
I thank the hon. Members for Ogmore and for Cardiff West, and I am happy to address their concerns. The Bill covers obligations on manufacturers, importers and distributors, but I will provide a bit more detail.
Clause 7 specifies which relevant persons will be responsible for ensuring that the security requirements are properly complied with. In that regard, a “relevant person” is defined as a manufacturer, importer or distributor of a relevant connectable product. As a result, amendment 7 is wrong to suggest that online marketplaces are exempt from this new legislation. Online marketplaces do not just offer products on behalf of third parties, but are often acting as the retailer, so in those cases the full security requirements apply. I accept that there may be instances in which the online marketplace is not the distributor. None the less, it is necessary for the third party operating in the marketplace to comply with the security requirements, and it is not just that one party who carries liability under the Bill: the manufacturer and importer also have responsibility. We think we have taken a belt-and-braces approach in that regard.
We have also worked closely with industry to make sure the regulation is proportionate and fits the wider regulatory environment for product safety. Manufacturers care a great deal about these regulatory requirements. On Tuesday, we heard from a representative of Google, who described how it works to comply with requirements in many different jurisdictions. Over the past three years, hundreds of manufacturers have engaged with my Department through the many public consultations and industry discussions we have had. The hon. Member for Ogmore gives the impression that amendment 7 would provide consumers with a vital line of defence, but that is not the case: there are already multiple lines of defence in this Bill.
It is also worth noting that consumers can never be 100% protected by regulation—a point that we have already discussed this morning. We need to have a broader approach to raising national cyber-resilience, which is why in December we published our national cyber strategy. The Cyber Aware campaign is ongoing—hon. Members may have seen the advertisements last weekend, or the ones on the radio and online this week. We also have a range of school programmes designed to reach parents and teachers in order to raise cyber-security awareness, and the Home Office, the police and the NCSC run regular campaigns at a local level in every region of the country. In relation to the comments made about Ukraine, the point is even more important because of the context in which we are operating.