I beg to move,
That the Committee has considered the draft Nuclear Industries Security (Amendment) Regulations 2017.
It is a delight, Mr Pritchard, to serve under your chairmanship.
I will give some background information on the draft regulations and explain why we are making the amendments. The UK takes civil nuclear security issues seriously, including with regard to regulation. Since 1980, this country has been a signatory to the convention on the physical protection of nuclear material, or CPPNM. The convention requires its signatories to have in place a robust legislative and regulatory regime to ensure the security of civil nuclear materials that are stored or in transit. The UK also complies with international guidance on best practice in the field produced by international bodies, in particular the International Atomic Energy Agency.
The Nuclear Industries Security Regulations 2003 represent the cornerstone of the United Kingdom’s regulatory regime for civil nuclear security. They place significant obligations on the operators of civil licensed nuclear sites with regard both to physical security measures for their facilities for nuclear material and to the security of sensitive nuclear information. They also cover the movement of nuclear material by air, road and rail within the UK and globally in UK-flagged vessels. The legislation requires all civil nuclear operators to produce and implement robust nuclear site security plans and it requires the transporters of nuclear materials to produce transport security statements.
The draft amendments being considered in Committee will update the regulations in four key areas. The overarching aim is to enhance still further civil nuclear security arrangements and to ensure that the United Kingdom’s regulatory regime remains up to date, comprehensive and robust. That will help to ensure that this country continues to give full effect to its obligations under the CPPNM. The amendments will increase accountability for producing nuclear site security plans, strengthen information and cyber-security arrangements, and better reflect the remit of the Office for Nuclear Regulation in the area of personnel security. I will provide further detail on each amendment.
The first amendment is to regulation 4(1) of the 2003 regulations. It will require that a nuclear site security plan approved by the ONR is in place for each nuclear site. At present, the security regulations do not specify on whom that obligation is placed. The amendment will make it the responsibility of the designated responsible person for the nuclear site, as defined in the security regulations, to ensure that an approved security plan is in place at all times. In tandem, a related amendment to regulation 25 will make it a criminal offence for the responsible person to fail to meet the obligations under regulation 4(1) as amended. The creation of such an offence underlines the security imperative placed by the Government on nuclear operators to maintain up-to-date security plans that have the approval of the independent regulator.
In combination, those amendments will add clarity to the regulatory regime by making the responsible person accountable for ensuring that the site has approved nuclear security measures in place at all times. I should add that the implications of creating a new criminal offence have been fully considered and the Ministry of Justice has approved the measure.
We will also amend regulations 4(3)(d) and 16(3)(c). Those amendments are aimed at further enhancing industry information security and preparedness for cyber-related incidents. The amendments will make it a requirement for nuclear site security plans and transport security statements to set out the steps to be taken in the event of the loss, theft or unauthorised access to sensitive nuclear information. Requiring duty holders to outline those contingencies will help to ensure that risks associated with information security and cyber-attacks are identified as early as possible and managed effectively using measures approved by the ONR.
We are also making amendments to regulations 9, 17(3) and 22(7), which relate to personnel security. Ensuring robust measures are in place to combat the potential threat that insiders pose or may pose to the civil nuclear industry is a key priority for the Government and the regulator. The amendments are intended to provide the ONR with greater flexibility for determining whether nuclear premises’ “relevant personnel” are suitable in security terms. Instead of solely approving all such relevant personnel itself, the ONR will be able to assess and approve the industry’s broader personnel security arrangements—for example, by examining the effectiveness of review and aftercare arrangements for personnel working in the sector.
The amendments will also allow the ONR to approve processes to be used by duty holders to determine whether relevant personnel are suitable in security terms. That will involve consideration by the ONR of whether the measures used by duty holders are in accordance with Her Majesty’s Government’s personnel security policy or not. We are also making an amendment to regulation 22(5)(a) to remove a reference to guidance published by the ONR or security classifications that have become obsolete.
The amendments have been developed in consultation with the Office for Nuclear Regulation, and the Department for Business, Energy and Industrial Strategy conducted an industry consultation on them between 24 June and 22 July 2016. In total, 19 responses to that consultation were received from a range of industry stakeholders. On the basis of those responses, economists at the Department have forecast one-off administrative costs to the civil nuclear industry of less than £100,000 arising from the changes. That assessment has been approved by the regulatory policy committee. I consider the security benefits arising from the changes to outweigh that cost by far.
In parallel with the amendments, the ONR intends to issue revised security guidelines to the civil nuclear industry. These guidelines, known as the Security Assessment Principles—SyAPS—are closely aligned to emerging threats to nuclear security, especially in relation to cyber-security and information assurance. The amendments I have outlined will complement the revised guidelines.
I am grateful for the questions that have been asked so far. I thank the hon. Members for Kilmarnock and Loudoun (Alan Brown) and for Southampton, Test (Dr Whitehead) for their helpful and supportive comments. I am grateful for their support for the amendments. Their overarching aim is to further enhance, as the hon. Gentlemen recognise, civil nuclear security by ensuring that the UK's regulatory regime remains up to date, comprehensive and robust. As I have outlined, they will strengthen accountability at civil nuclear sites for the production and maintenance of security plans that have the approval of the Office for Nuclear Regulation; improve the civil nuclear industry’s information security and preparedness for cyber-related incidents; and provide the ONR with greater flexibility in determining whether “relevant personnel” are suitable in security terms, to help ensure that robust measures are in place to combat the potential threat that insiders pose to the civil nuclear industry. The changes, as I hope colleagues agree, will reinforce the regulatory regime for civil nuclear security and help to ensure that the UK continues to give effect to its international obligations under the convention.
May I comment on all the issues that were raised? Our nuclear security will not be affected at all by the decision to leave Euratom, which does not have a role in setting security standards, regulation or inspection of UK civil nuclear security arrangements. As for the wider impact, the UK complies with its obligations and follows international best practice, as I have described with regard to the convention on the physical protection of nuclear material, and on a continuing basis through the membership of the International Atomic Energy Agency. These are not Euratom institutions or constructs, and are not affected by the UK’s decision to leave Euratom. We are separate signatories to the convention, in response to the question raised by the shadow Minister, so we are not affected by the decision to leave Euratom. As the Committee will know, we are very much persuaded of the importance of Euratom, and wish to continue to have the closest possible relationship with it and its members after Brexit.
To respond to the other questions asked by the shadow Minister, the regulations are, as he suggested, part of a continuing process of reform and improvement, and were not introduced in response to any specific emergency or concern. They are in line with safety guidance that has been issued. As for regulation 4, it was not previous practice that no one should be responsible, but it has not been a guaranteed process of responsibility tied to individuals. The regulation cleans up that potential gap—different sites have different practices, and part of the purpose of the regulations is to raise the bar for all of them so that a common security standard is applied in each case. From that point of view, the hon. Gentleman should not, as he suggested, have any concerns. I therefore commend these regulations to the Committee.
Question put and agreed to.