(2 years, 9 months ago)
Public Bill CommitteesIt is a pleasure to serve under your chairmanship, Mr Stringer.
This important legislation establishes, through regulations, three core security requirements for “connectable products”. The requirements derive from the voluntary 2018 “Secure by Design” code introduced by the Department for Digital, Culture, Media and Sport. The inclusion of these three requirements is, without doubt, a step that the Opposition welcome. However, we believe that the legislation can be improved, and that the three security requirements, rather than being defined in future regulations at the discretion of the Secretary of State, should be expressly set out in the Bill. That would be beneficial for two reasons. First, it would give manufacturers and distributors a greater understanding of the legal obligations that they face, thus speeding up the entire process. Secondly, it would ensure that the consumer was better protected, which I am sure we all agree would be a good thing. The consumer rights group Which? emphasised that when it gave oral evidence on Tuesday.
New clause 3 would require the Secretary of State to publish a report on the security risks to UK connectable products. On Tuesday, Madeline Carr, professor of global politics and cyber-security at University College London, said that she does not have an Alexa in her house because of the security risks that those devices, and others like them, pose. Tellingly, she also said that the Bill as constituted would not give her sufficient confidence to purchase one. Given that, and given the tragic scenes unfolding following Russia’s invasion of Ukraine, and the willingness of that rogue regime to engage in state-sponsored cyber-warfare, the Opposition believe it is in the public and national interest to understand how secure our connected products really are. We are becoming more reliant on smart devices in our daily life, both professionally and personally. It is imperative that the security of these devices is routinely monitored and reported on.
As I stated on Second Reading, the Opposition support the Bill, but believe it can be strengthened. Amendment 6 and new clause 3 would ensure that consumers were better protected and more aware of the threats facing their connected devices. As such, I believe that all Committee colleagues should support amendment 6 and new clause 3.
It is a pleasure to serve under your chairmanship, Mr Stringer. I apologise for giving you a dilemma about the advice on jelly babies. I will start with a few words about the importance of the Bill. As we heard from our panels of witnesses this week, and as we know from our increasing dependence on technology, improving protection for consumers and networks from a range of harms associated with cyber-attacks is incredibly important. In the first half of last year, there were 1.5 billion attempted compromises of internet of things devices—double the 2020 figure for the same period. Voluntary standards, such as the 2018 code of practice for consumer IOT security, are not being adopted quickly or consistently enough. That is why we need legislation to progress security in the design of consumer connectable products.
Before turning to amendment 6, I thank the hon. Member for Ogmore for the constructive and helpful way that he has approached the legislation and for the Opposition’s broad support of it. As this is the first Bill that I am taking through the House in its entirety, I am particularly grateful for that constructive approach. It may reassure him that the Government are committed to introducing security requirements based on the first three guidelines through regulations at the earliest appropriate opportunity. We have consulted on those security requirements and have communicated them extensively.
We have not been vague on the matter. In April 2021, we published our response to the call for views on consumer connectable product security legislation. We stated in detail how the three security requirements would work. When the Bill was announced by Her Majesty at the start of the Session, we repeated that commitment. Indeed, as hon. Members will see in the Bill’s explanatory notes, we have again committed to those three requirements. We made that clear from the start for an important reason: we need industry to act and prepare for implementation. We do not want surprises for manufacturers, importers or distributors. They know what they have to do.
Amendment 6 is unnecessary, but might also be dangerous. We are keen to ensure that the legislation retains flexibility, so that it can adapt to and reflect the changing threat landscape, and the security requirements needed to address it. What might seem like a no-brainer security requirement today might become a security threat or barrier to security innovation in years to come.
Amendment 6 reaches back to 2018, when our code of practice was first published. Security requirements have developed since then. When the Bill is implemented, we do not think it should be constrained by what was appropriate five years ago. The requirements we will introduce are based on the first three guidelines in the code of practice, but they also contain necessary improvements. They are up to date, more detailed and have been translated into practical requirements that businesses can implement to get the right security outcomes without unnecessary burden. Stakeholder engagement and impact assessment work conducted since 2018 ensures that the guidelines are nuanced, and are in a robust and enforceable statutory framework that delivers optimal security outcomes.
Finally, hon. Members may not be aware that because this new legislation will impact on manufacturers globally, we have given notice of the Bill to the World Trade Organisation. We invited comments on our proposals two years ago, and when the Bill was introduced to Parliament, we gave notice again. We have worked to ensure that all manufacturers understand our intentions. Amendment 6, if accepted, would cause confusion by taking us back to 2018, and away from the more developed position we have reached on the three principles. That would cause market confusion, require new notification to the WTO, and potentially delay this vital regime from coming into force. With those reassurances, I hope the hon. Member will feel able to withdraw his amendment.
Clause 1 is needed to provide the Government with the necessary powers to specify and mandate security requirements, through secondary legislation, that businesses must comply with. There is a common notion that Governments are behind the curve when it comes to regulating technology. not in this case. By establishing a flexible and futureproof regulatory framework in this way, the Government can be agile and proactive in amending and introducing security requirements through regulations, in lockstep with tech innovation. Parliament will be able to scrutinise any future security requirements designated through the secondary legislation process and, as new threats emerge and international standards develop, we can act and set new security requirements, keeping consumer connectable product security up to date and fit for the future.
The purpose of clause 2 is to provide further detail about how the Secretary of State’s power to specify security requirements can be used. Clause 3 is essential because it provides the Secretary of State with powers to specify circumstances in which a person is deemed to have complied with the security requirements. The clause, when exercised, would provide more than one route to compliance and would provide the necessary flexibility to accommodate and recognise international standards and mutual recognition agreements where appropriate.
I turn to new clause 3. In practice, it would commit the Government to reporting on a fixed basis on the security risks posed by products affected by the Bill. Those reports would be laid before Parliament. Cyber-security is definitely not an area where the Government hold back on publishing information. If we are to raise the cyber-resilience of the nation, we need to ensure that everyone is clear about the threat. In December, we published our national cyber strategy. The Government will continue to publish regular reports on our progress on that strategy, as we did with regard to the previous strategy. The Government also publish an annual report that surveys cyber-breaches across the economy. This report, together with others, forms a key part of the evidence base used to inform organisations about action to take to raise security standards. Indeed, the breaches survey meets the quality threshold to be managed as a set of official statistics.
Our National Cyber Security Centre is also a model of transparency. It is there to advise businesses, and guide them towards better managing cyber-threats. It publishes an annual report, and for those who want to focus on consumer connectable products, it provides specific advice on those, too. Parliament is already regularly kept informed of cyber-security matters; our regular publications are placed in the Library. Our national strategy, implemented with £2.6 billion of investment, is overseen by the Public Accounts Committee. The Intelligence and Security Committee and the Joint Committee on the National Security Strategy provide further oversight. Also, there are mechanisms for holding the Government to account in the manner intended by the provision, such as regular parliamentary debates and questions.
Cyber-security is a fast-moving and sensitive topic. A fixed-period reporting clause that imposes an obligation to report on security risks may duplicate existing activity. Such a system would also lack the agility necessary to enable us to report quickly when threats are identified. It may reassure the hon. Gentleman to know that the Secretary of State will be required to review the effectiveness of the Bill’s enforcement regime; they, or the designated enforcing authority, will be required to report on that to the relevant departmental Select Committee after Royal Assent. The enforcement authority will also report its activity and findings, where appropriate. The measures already in place will likely meet the intention behind new clause 3. For the reasons that I have set out, I do not accept the need for the new clause.
I turn to the points that the hon. Gentleman raised about Dr Carr’s concerns about Alexa, which I also found eye-catching. A lot of secondary legislation comes with this Bill, and that will hopefully reassure Dr Carr. I also note the comment made by a lot of our witnesses: we can never have 100% security with those devices. I therefore commend clauses 1 to 3 to the Committee.
Good morning, everybody. Happy St Patrick’s day to everyone. I congratulate the Minister on her first Bill. I have been through the process many times, and it is an exciting and proud moment to lead on a Bill for the Government for the first time. When I did it, my father, who was from West Cork, said, “Not bad for someone from the peat bogs of West Cork.” I am sure that the Minister’s family are equally proud of her achievement.
I want to raise a couple of general issues, as we are debating the first three quarters of the Bill in this grouping. I congratulate the Minister for providing such a comprehensive impact assessment on the Bill. I was slightly confused by the figure for the cost of business, which is set at net present value, and is put at “£1,246.9.9” million. That figure looks like a typo. I wondered what the correct figure was, and if the Minister could provide it. I suggest it is just the one “point nine”.
This is a very significant piece of legislation, given the impact it will have on consumers and business. It is very technical. Page 8 of the impact assessment details the Government’s key assumptions about how the Bill will impact on businesses. Businesses will have to dispose of devices that no longer satisfy the criteria that the Minister is likely to set. The impact assessment’s optimistic assessment of what percentage of devices will have to be disposed of is 5%. Its working assessment is 45%. The figure it is using, however, for the impact on business is that 10% of devices will have to be disposed of by businesses.
I thank the hon. Member for Cardiff West for his contribution and his kind comments. I will have to get back to him on the precise figures that he identified in the impact assessment. However, in relation to the breadth of the impact assessment, he will know from this legislation that we are taking a broad range of powers. As we debated earlier, that is very deliberate because this is a fast-moving area. Technology is developing faster than Parliament can regulate it, which is a major challenge for Governments around the world. The Bill will help us to be nimble and agile in how regulate that technology.
A lot of the issues that the hon. Gentleman has concerns about will be something for secondary legislation, which we will be developing hand in glove with businesses so that we understand what is changing in the technological world and what impact that will have on matters such as the disposal of devices. I share his concerns about the environmental impacts if we get the regulations on that wrong—none of us wants to see a lot of technology become redundant.
We are trying to help consumers have more information so that if someone buys a device, they do not necessarily have to dispose of it simply because the period for which the manufacturer says it is covered has expired. It will be up to the consumer to decide whether to keep that device if they think it is less secure than it otherwise might be. It has been controversial to take these broad powers. We understand the concerns that any Parliament would have about the level of scrutiny it will have. However, the Government think that this is right because, as I say, we have to maintain that agility.
The hon. Member for Cardiff West referenced the points raised by Dr Carr. As I said earlier, I share those concerns. What we are trying to do is raise the level of security overall; we want to help consumers and manufacturers to understand this as an issue. This was initially a voluntary code, which did not do enough to make manufacturers take the cyber obligations seriously. There was an interesting discussion on the panels earlier this week when one contributor—I cannot remember who it was exactly—said that the legislation will give boards the spark or impetus to discuss and get funding for these kinds of cyber-security requirements for their products. If it is voluntary, it is very hard for anybody to make the case within their company that they need to take cyber-security seriously.
We hope that the secondary legislation will allay some of Dr Carr’s concerns. We will never have 100% security, but we hope that these provisions will raise the bar overall and help to raise consumer and manufacturer awareness of cyber as a whole. I hope that those comments will reassure the hon. Gentleman. I also assure him that we will look at how to get the balance right in the secondary legislation, and we will be in close contact with businesses as we do so.
I listened to what the Minister had to say, in particular in relation to amendment 6. I take her at her word; it is a probing amendment, so I will withdraw it on the basis that she will bring forward secondary legislation in relatively short order. As she mentioned, cyber-security is a fast-paced and changing environment, so it is important that we do not wait a number of years for additional improvements to legislative competence.
On the basis of what the Minister said, I am also happy not to move new clause 3. However, I wonder whether she could write to me setting out the reporting periods that she mentioned, particularly in terms of the DCMS Committee, following Royal Assent—assuming that the Bill gets Royal Assent, which I am sure it will—as well as the other reporting obligations that she says the Secretary of State or reporting officer will have. The new clause seeks to place a requirement on the Secretary of State specifically in this new legislation. If the Minister feels that those things are already in train or are part of the reporting process, that is fine, and I am happy not to move the new clause. However, it would be good to have that list for future understanding—particularly if reporting does not take place, in which case the Opposition will hold the Government to account.
I am happy to write to the hon. Gentleman and offer those assurances. A new body will also be set up, which will probably have its own reporting requirements in relation to this legislation. These things will be developing, but I am happy to offer him the assurances he requested.
I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Clauses 1 to 3 ordered to stand part of the Bill.
Clause 4
Relevant connectable products
Question proposed, That the clause stand part of the Bill.
Clauses 4 to 6 define the products to which the new regulatory regime will apply. Clause 4 introduces the terms “internet-connectable product”, “network-connectable product” and “excepted product”. Clause 5 defines the terms “internet-connectable” and “network-connectable”. It is a pivotal clause in capturing the necessary products that make up a huge part of the internet of things threat landscape. Any network is only as secure as its weakest link, and that could be a single consumer connectable product.
Focusing on a product’s capabilities—instead of attempting to exhaustively list all consumer connectable products—is part of our agile, future-proof approach. We are ensuring that the Bill will remain relevant and effective by capturing new consumer technologies that come to market, based on their capabilities and the risks they present.
Many products captured by the Bill are capable of connecting to the internet, exposing them to remote access and attack. Those are “internet-connectable products”, such as routers, smartphones and certain smart appliances. Some products captured by the Bill are not able to connect to the internet directly, but can connect to other products. In doing so, they can form, and contribute to the formation of, networks, meaning that vulnerabilities in those products can open the door to cyber-attack. Those are “network-connectable products”, such as certain smart lightbulbs, smart home products, and headphones.
Clause 6 defines the term “excepted product”. It allows the Secretary of State to except products from the scope of the Bill via regulations. The Government intend to except products from the scope of the Bill where inclusion would subject them to double regulation or be disproportionate to their risk profile. The Government have consulted on that approach. Products such as electric vehicles, medical devices and smart meters will be excepted from scope because they are already, or soon will be, covered by alternative regulation. I therefore commend clauses 4 through 6 to the Committee.
Question put and agreed to.
Clause 4 accordingly ordered to stand part of the Bill.
Clauses 5 and 6 ordered to stand part of the Bill.
Clause 7
Relevant persons
I beg to move amendment 7, in clause 7, page 5, line 24, at end insert—
“(5A) A person who provides an online facility through which a distributor makes a product available in the United Kingdom is also a distributor.”
This amendment would ensure that online marketplaces are considered to be distributors and are thus subject to the security requirements of the Bill.
I thank the hon. Members for Ogmore and for Cardiff West, and I am happy to address their concerns. The Bill covers obligations on manufacturers, importers and distributors, but I will provide a bit more detail.
Clause 7 specifies which relevant persons will be responsible for ensuring that the security requirements are properly complied with. In that regard, a “relevant person” is defined as a manufacturer, importer or distributor of a relevant connectable product. As a result, amendment 7 is wrong to suggest that online marketplaces are exempt from this new legislation. Online marketplaces do not just offer products on behalf of third parties, but are often acting as the retailer, so in those cases the full security requirements apply. I accept that there may be instances in which the online marketplace is not the distributor. None the less, it is necessary for the third party operating in the marketplace to comply with the security requirements, and it is not just that one party who carries liability under the Bill: the manufacturer and importer also have responsibility. We think we have taken a belt-and-braces approach in that regard.
We have also worked closely with industry to make sure the regulation is proportionate and fits the wider regulatory environment for product safety. Manufacturers care a great deal about these regulatory requirements. On Tuesday, we heard from a representative of Google, who described how it works to comply with requirements in many different jurisdictions. Over the past three years, hundreds of manufacturers have engaged with my Department through the many public consultations and industry discussions we have had. The hon. Member for Ogmore gives the impression that amendment 7 would provide consumers with a vital line of defence, but that is not the case: there are already multiple lines of defence in this Bill.
It is also worth noting that consumers can never be 100% protected by regulation—a point that we have already discussed this morning. We need to have a broader approach to raising national cyber-resilience, which is why in December we published our national cyber strategy. The Cyber Aware campaign is ongoing—hon. Members may have seen the advertisements last weekend, or the ones on the radio and online this week. We also have a range of school programmes designed to reach parents and teachers in order to raise cyber-security awareness, and the Home Office, the police and the NCSC run regular campaigns at a local level in every region of the country. In relation to the comments made about Ukraine, the point is even more important because of the context in which we are operating.
Just to be clear, if, for example, I purchased a connectable baby monitor online through Amazon, but it came from a third-party supplier—which is quite common when customers are given that list of products to buy—how would the Bill impact on that device and its availability in the UK?
As I say, we are putting requirements on not just manufacturers, but the importer. The importer would be under an obligation to check whether the product fulfilled some of the requirements we would have for it, as would the distributor. I would hope that, along the chain, that product would have been checked several times to make sure it complies.
We have done a lot of work on general cyber-resilience. I will take this opportunity to add that it is also important that we as Members of Parliament try to make our constituents aware of the increasing challenges we face with cyber-resilience, and that we all need to have our own cyber-hygiene in that regard.
The amendment is well intentioned—we understand where the hon. Member for Ogmore is coming from—but it is drafted in a way that would have a much broader reach than just online marketplaces. It would impose security requirements on businesses that cannot comply with them, such as advertising platforms and website hosting services. Distributors use many online facilities offering a vast array of cloud services to support e-commerce to make their products available. As drafted, the amendment would extend duties beyond what is intended.
The Government have carefully considered the amendment. It is clear that our intention is to secure consumer connectable products in the most effective and proportionate manner, without hindering business growth and the online retail facilities enjoyed by consumers. For the reasons I have set out, I am not able to accept the amendment. I hope the hon. Gentleman will consider withdrawing it.
I turn now to chapter 2 of the Bill and clauses 8 to 25. These clauses place duties on businesses in the supply chain of a consumer connectable product to comply with security requirements. Compliance is fundamental to the operation of the regulatory regime. Under these clauses, manufacturers, distributors and importers must prepare, or ensure the presence of, a document to accompany the product that states that, in the opinion of the manufacturer, it has complied with the security requirements, before that product is made available in the UK. I note the point that was made about baby monitors. I hope that, in that process, there would be clear information and a record provided with the product that stated compliance.
The clauses in chapter 2 also require that businesses take all reasonable steps to investigate a compliance failure or potential compliance failure. That is vital to hold businesses accountable for complying with their security requirements and to mandate investigation of potential compliance failures. If compliance failure has occurred, businesses in the supply chain must take all reasonable steps to prevent the product from reaching UK customers and remedy the compliance failure. The measure is needed to ensure that insecure products do not remain on the market and that those that have not yet reached UK customers are prevented from doing so.
Finally, the clauses in chapter 2 require manufacturers and importers to retain records of compliance failures and investigations for at least 10 years. The Secretary of State is able to request this information to investigate and to enforce the legislation. These duties encourage ongoing compliance and accountability. The records will allow a clear audit of the importer’s and manufacturer’s activities, so that we can have effective enforcement.
I have listened to the Minister. The Opposition are not in any way suggesting that the Government do not do an awful lot on cyber awareness-raising. All Governments could do more—that is the nature of teaching and learning and of being able to get our constituents to understand the cyber-security space and the impact that it can have on their homes.
In response to my hon. Friend the Member for Cardiff West, the Minister mentioned the belt-and-braces approach. However, organisations such as Which? say that there is an exemption for online marketplaces such as Amazon and eBay. The Online Safety Bill has of course been published today, and there are economic crime impacts linked to this. If this is a belt-and-braces approach, as the Minister says, surely another level of protection would be to include the online marketplaces. She says there are three stages that could be protected—importer, product design and distribution—but there is this gap through which some products could come. Therefore, I am not minded to withdraw the amendment and would ask the Committee for a decision.
Question put, That the amendment be made.
Clause 26 gives the Secretary of State responsibility for enforcing the product security provisions in the Bill, and clauses 27 to 52 create the regime. This allows the Secretary of State to authorise another person, and pay them, to carry out enforcement functions. The provisions provide powers to issue enforcement notices—including compliance notices, stop notices and recall notices—as well as powers to forfeit products and issue monetary penalties.
Additional enforcement powers include the power to seize and detain products, publish information about compliance failures and the details of the enforcement action taken, recall products, and disclose information as necessary to conduct enforcement activity. The Bill includes two offences—the offence of failure to comply with an enforcement notice and the offence of purporting to act as authorised to exercise enforcement function—as well as adopting within the PSTI regulatory regime the offences found in schedule 5 to the Consumer Rights Act 2015. I commend the clauses to the Committee.
Question put and agreed to.
Clause 26 accordingly ordered to stand part of the Bill.
Clauses 27 to 52 ordered to stand part of the Bill.
Clause 53
Guidance
Question proposed, That the clause stand part of the Bill.
Clauses 53 to 56 cover guidance and interpretation of the Bill. They allow for guidance to be issued to support relevant operators to meet their obligations. They also set out the technical terms and interpretations of the commonly used terms throughout the Bill. I commend the clauses to the Committee.
Question put and agreed to.
Clause 53 accordingly ordered to stand part of the Bill.
Clauses 54 to 56 ordered to stand part of the Bill.
Clause 57
Meaning of “occupier” in relation to land occupied by an operator
Question proposed, That the clause stand part of the Bill.
It is crucial that, where telecoms operators have apparatus installed on land, they can request new or additional code rights, allowing them to maintain, expand and improve their existing networks, improving service and connectivity, to the direct benefit of consumers. I hope we all wish to see that. At present, this is not always possible. There are some specific scenarios in which operators with apparatus already installed on land, such that they occupy the land, are unable to obtain new code rights or follow an existing statutory process to have an agreement that has run its course replaced by a new agreement, which I will refer to today as a renewal agreement.
For example, in some cases the parties might have an existing agreement that, for whatever reason, proceeds on a more informal basis and is not set out in writing, or otherwise does not meet the necessary criteria for it to be renewed under an existing statutory process. The operator is therefore still authorised under the existing agreement to keep their apparatus on the land, but under the current legislative framework cannot pursue a renewal agreement through an existing statutory process.
The Minister says that the Government might revisit the clause, perhaps in the other place. If somebody who is operating equipment on the land is potentially deemed legally to be the occupier, under the provisions in the clause would the person who would then be asked to consult about further extending any arrangements be the landowner? Is that the assumption in the clause, in most instances?
As I said, this is a very complex and technical area. I do not want to provide the hon. Member with an incorrect answer, because this is one of the issues on which we are still in discussions with industry to ensure that we get it right. I believe that is the intention, but I will have to get back to him.
Some inspiration might come to the Minister during the course of the debate. It seems to me quite an important question. I thought that what she meant was that, in an instance where somebody is deemed to be the operator on the land, because they have the equipment there, they obviously cannot grant themselves an extension of permission, and so it would be sensible for there to be a way to go to the landowner in order to achieve that further agreement. If that is not the case, that is quite important, because who will they go to in that instance? She said that if the landowner or interested party could not be identified, it would be people with a principal interest. What sorts of people would that be? Would it be the local community, or neighbours of the land involved? Even if she cannot offer an explanation now, it is quite important that the Committee at least has a grasp of what is intended by the clause.
This is tricky, because I wish I could provide greater clarity, but I cannot, which is obviously an unsatisfactory position to be in. In this case, I think the court would be approached to make a decision if the landowner was not in a position to grant those rights and they could not get a position out of the landowner. The intention, I think, would be for it to be decided at a legal level. I apologise that I cannot provide clarity.
Without the clause, there is a gap in the legislation that prevents operators who need code rights from being able to obtain them. This has potentially adverse consequences for consumers and businesses, with the risk of service disruptions and unnecessary delays in the delivery of improved capacity and enhanced services. As we all increasingly rely on digital services, it is important to address this situation. This is an area of active discussion, because we want to make sure we get it right. I believe it would be the case that, if the landowner were not in a position to offer the rights, the operator would go to the court to seek redress.
I understand the difficulty the Minister faces, but it would be helpful if there was official support for her at times when technical questions are asked. It is important that the Committee gets a full explanation before agreeing to a clause. The sensible thing to do in this instance would be for the Government to revisit the clause—possibly on Report. It would certainly be of help if, by then, a clearer view as to the intention could be given to Members of the Committee and people interested in the Bill. I am sure there is a fairly straightforward answer to the question, so we should make note of the fact that it needs to be dealt with at some point.
I acknowledge that this is legally a very complex area. It is something that we have not entirely settled on, and it is under active consideration. We will come back to the Committee if we believe we have not got the policy intention correct. I am sorry that I was unable to address the hon. Member’s point in greater detail, but I am reluctant to provide information that might not be correct.
Question put and agreed to.
Clause 57 accordingly ordered to stand part of the Bill.
Clause 58
Rights under the electronic communications code to share apparatus
I beg to move amendment 1, in clause 58, page 41, line 25, at end insert—
‘(4A) In paragraph 13 (access to land)—
(a) in sub-paragraph (1)(a), for “paragraph 3” substitute “paragraph 3(1)”;
(b) in sub-paragraph (2), for “paragraph 3” substitute “paragraph 3(1)”.
(4B) In paragraph 38 (right of landowner or occupier of neighbouring land to require removal of electronic communications apparatus), in sub-paragraph (3), for “paragraph 3(h)” substitute “paragraph 3(1)(h)”.’
This amendment is consequential on the amendment made by clause 58(2)(a) to paragraph 3 of the electronic communications code.
Clause 58 deals with the sharing of telecommunications apparatus between operators within the electronic communications code. It inserts a right to share apparatus into paragraph 3 of the code, which sets out a list of rights that are statutory “code rights.” The code rights in paragraph 3 must be conferred on an operator by an occupier or imposed by a tribunal. The 2017 code reforms introduced paragraph 17 automatic rights, allowing operators to upgrade or share their apparatus without the need for an agreement. Those automatic rights are separate from the paragraph 3 code rights and are subject to strict limitations.
Since their introduction, there has been confusion about the interaction between the paragraph 17 automatic rights and the paragraph 3 code rights. In particular, while “upgrading” is a paragraph 3 code right, sharing is not. Clause 58 addresses this by making apparatus sharing a paragraph 3 code right that an operator—the “first operator”—can request to be included in an agreement to which the code applies. Clause 58 also amends the statutory purposes in paragraph 4 of the code to include sharing activities.
Apparatus sharing is a cost-effective way for operators to extend their networks without having to build extensive infrastructure themselves, helping to deliver greater coverage, capacity and consumer choice, while reducing impacts on the environment and disruption caused by installation works. As with the other code rights, if agreement on rights to share cannot be reached consensually, an operator may ask a tribunal to impose the requested rights. In those circumstances, the tribunal will apply the public benefit test and the statutory valuation regime, as it already does for other code rights.
If the right to share is a statutory code right, the factors that a tribunal will consider in deciding whether such a right should be imposed—and if so, on what terms—will be the same as those for all other code rights. Including a right to share apparatus in the paragraph 3 code rights will therefore provide greater certainty for all parties and support smoother negotiations.
Code rights can only be obtained in relation to land. Consequently, the new right to share apparatus can be requested only by the first operator that is keeping apparatus installed on, under or over land. A second operator that wishes to share the use of that apparatus will not be able to request from an occupier a paragraph 3 right permitting them to do so. Instead, once the occupier has conferred such a sharing right on the first operator, the second operator will need to negotiate the sharing of the apparatus with the first operator.
The first operator’s right to share their apparatus will, like other code rights, be exercisable only in accordance with the wider terms of the agreement. It will therefore be important for the first operator to consider carefully any terms that it may need included in its agreement with an occupier, such as additional access rights, to enable any subsequent sharing of the apparatus with other operators. To that end, clause 58 inserts corresponding code rights for the first operator to enter and carry out works on the land for the purpose of such apparatus sharing.
Finally, it should be emphasised that the new right to share introduced by clause 58 is entirely separate from the automatic rights to share that are currently available under paragraph 17 of the code, and to the rights introduced by clauses 59 and 60. Those are automatic rights—subject to specific conditions—that do not need to be agreed with a landowner or imposed by the courts. The rights in clause 58 cover situations where the operator wants rights to share over and above those automatic rights.
Government amendment 1 is a consequential amendment that reflects the restructuring of paragraph 3 provided for by clause 58(2)(a) of the Bill. It replaces cross-references to paragraph 3 of the code with cross-references to sub-paragraph 3(1).
Clause 58 introduces rights to share apparatus to the menu of code rights that is currently set out in paragraph 3 of the code. In doing so, new sub-paragraph 3(2) will be inserted into the code, setting out who can obtain a right to share apparatus. The current paragraph 3 will therefore become sub-paragraph 3(1) of the code. As there are references to paragraph 3 in other parts of the code, consequential amendments are necessary so that anyone reading the code is referred instead to the new sub-paragraph 3(1).
Amendment 1 agreed to.
Clause 58, as amended, ordered to stand part of the Bill.
Clause 59
Upgrading and sharing of apparatus: subsisting agreements
I beg to move amendment 9, in clause 59, page 41, line 42, after “agreement” insert
“other than with a private landlord”.
This amendment, together with Amendments 10, 11 and 12, would apply a different regime under the Electronic Communications Code to private landlords, giving automatic upgrade rights for operators to properties owned by private landlords subject to the condition that the upgrading imposes no additional burden on the other party to the agreement.
I thank the hon. Member for tabling these amendments. I represent an urban constituency and, as the Minister for digital connectivity, I am very alive to any concerns about the digital divide. I have tested the legislation to make sure that we are not exacerbating that. The amendments relate to circumstances in which an operator can upgrade or share the use of their apparatus without specific permission from a landowner or a court order. Crucially, the amendments relate to rights that the Bill grants retrospectively to agreements that are already in place. The amendment seeks to expand those rights in circumstances where apparatus is situated on, under or over land owned by private landlords.
Retrospective legislation must take particular care to strike a balance between impacts on individual rights and any public benefit that the legislation aims to deliver. The Government believe at this time that expanding retrospective upgrading and sharing rights in the way these amendments suggest would not be justified. Upgrading and sharing electronic communications apparatus offers a wide range of substantial benefits. Those are benefits that the Government specifically recognised in their 2017 reforms, when limited automatic rights were introduced for operators to upgrade and share their apparatus. The exercise of the new upgrading and sharing rights was made subject to certain conditions. Those conditions were intended to strike the right balance between the rights of individual landowners hosting apparatus and the public benefits delivered by operators upgrading and sharing their apparatus.
The changes made in the 2017 reforms therefore permit upgrading and sharing to take place without a landowner’s specific consent only where any impacts on that individual will be limited. However, it was recognised that any use of those rights could have some impact, albeit very limited, on individual landowners.
I remind the Committee of the declaration of interest that I made: I have worked for a number of providers, including BT and techUK, that will be affected by the legislation, and I carried out cyber-security consulting for MHR last year. I agree with the Minister about the need to seek a balance between the rights of landowners and the rights of operators. However, we cannot lose sight of the fact—this is a point she has been making powerfully—that we must get behind upgrading our digital infrastructure as fast as is practicably possible.
I am aware that we are about to debate amendment 8, which would make it more expensive for operators to access land, and put them at a disadvantage compared with other utility companies. Does the Minister agree that adopting amendments 9 to 12—and then 8—would risk sending a mixed signal to the market? On the one hand we are making it more expensive and difficult for our operators to access land, but on the other hand we are rolling back the scrutiny that they have to access private property at the moment.
Before I call the Minister, I will take this opportunity to say that interventions should be relatively short and to the point. It will not be difficult for hon. Members to catch my eye to make points in a debate if they wish to.
I thank my hon. Friend for her intervention. I know that she has considerable expertise in this field. It is a difficult balance to strike, ensuring that we are protecting landowner rights while making sure we are giving telecoms operators the powers they need to make sure all of our constituents have the digital connectivity that they demand—and will increasingly need—going forward.
For the reasons I have set out and will be setting out in further detail, I do not think the amendments will have the desired effect. It was interesting to hear the oral evidence this week, because there was no consensus among the telecoms operators about what powers are required. We have to ensure that we do not give commercial advantage to one player or the other, as that would also trample over some landowner rights.
The changes made in the 2017 reforms permit upgrading and sharing to take place without a landowner’s specific consent only where any impacts on that individual will be limited. However, it was recognised that any use of those rights could have some impact—albeit a very limited one—on individual landowners. The new rights were not applied retrospectively and had no effect on landowners who had entered into agreements before the legislation was passed. The key difference is that agreements made after that date would be completed in the knowledge that the upgrading and sharing rights would apply. Since the 2017 reforms, however, the public need for robust and up-to-date digital services has continued to grow, and was thrown into sharp relief by the recent pandemic, when many of us were reliant on access to those services at unprecedented levels.
Upgrading and sharing apparatus has a more important role to play than ever before. In the light of this and other market developments, we have revisited the position on upgrading and sharing where the rights introduced by the 2017 reforms do not apply. Introducing specific upgrading and sharing rights for such equipment can play an important role in improving coverage and capacity, and amendment 9 appears to agree with that conclusion. However, we need to ensure that the rights of individual landowners are adequately protected. As I said, agreements after the 2017 reforms will have been concluded in the knowledge that they will give rise to automatic rights for apparatus to be upgraded or shared. That is not true of apparatus that is not covered by an agreement concluded after the 2017 reforms. As such, it is only right that any automatic rights to upgrade and share those types of apparatus should be subject to different conditions.
The amendments suggest introducing specific conditions for retrospective upgrading and sharing rights where private landlords are concerned, and those conditions partly reflect those contained in the rights established by the 2017 reforms and those set out in the Bill. However, the conditions in the new rights that we are proposing have been carefully developed to work as a whole; they are intentionally more restrictive and give rise to more limited rights than those available for agreements reached before the 2017 reforms. Taken together, the conditions mean that the operator will have automatic rights only to carry out upgrading and sharing activity that will have no adverse impact on the land or that will put no burden on a relevant individual, but this will still allow activities, such as crucial upgrading work, to be undertaken in relation to historical copper cables installed underneath land.
I wonder if the Minister could provide some clarity. Underneath the ground, there are ducts that operators can run cables through. We heard in this week’s evidence session about telegraph poles. Operators can go to the bottom of the telegraph pole, but will the Minister provide some welcome clarity on whether they can go up to the top and across? It is really important that they can use existing infrastructure and not have to pay to go around because they cannot use the overhead.
We are looking at rights that will provide easier access to underground and over, but not on. These are very techy points. If my hon. Friend feels that that does not answer her question precisely enough, I would be happy to ask officials to get in touch with her.
The measures in the Bill as drafted ensure that apparatus installed under agreements concluded prior to 2017 can be upgraded and shared quickly and cost-effectively. At the same time, the specific conditions that we are introducing will ensure that the right balance is maintained between the interests of private individuals and the wider public benefit, which is a difficult balance to strike. We are concerned that the amendments would not maintain that balance. I hope that gives the hon. Member for Ogmore assurance that the provisions in the Bill regarding retrospective rights to upgrade and share represent a balanced approach, and I ask him to withdraw his amendment.
Clauses 59 and 60 are vital clauses that support and encourage greater upgrading and sharing of existing apparatus. The 2017 code reforms provided operators with limited automatic rights to upgrade and share their apparatus, subject to certain conditions. However, the 2017 changes did not introduce paragraph 17 upgrading and sharing rights for subsisting agreements, which are agreements completed before the 2017 reforms came into force. This means that a significant proportion of the UK’s existing networks cannot be upgraded or shared without specific permission, despite the fact that apparatus can be upgraded and shared in many situations with no adverse impacts on any individual or private land.
Clause 59 therefore inserts new paragraph 5A into schedule 2 to the Digital Economy Act 2017 in order to introduce rights for operators to upgrade and share apparatus installed under a subsisting agreement. These rights differ from those contained in paragraph 17. They are available in more limited circumstances and will be subject to stricter conditions and specific notice requirements. Taken together, the measures in the clause will ensure that apparatus installed under a subsisting agreement can be upgraded and shared quickly and cost-efficiently, and do so in a way that takes into account both the interests of individuals and the wider public benefit.
Clause 60 deals with the same issue of upgrading and sharing apparatus, but in this case in relation to apparatus installed before 29 December 2003 where there is neither a subsisting agreement nor an agreement concluded after the 2017 reforms. It is right that upgrading and sharing rights should be available for all apparatus installed before the 2017 reforms came into effect. Clause 60 therefore inserts proposed new paragraph 17A into the code, conferring rights to upgrade and share apparatus installed under land before 29 December 2003, where the operator who owns that apparatus is not a party to an agreement under part 2 of the code.
I have listened carefully to the Minister and I do not agree with the Government’s position on rejecting the amendment. She is right that large swathes of the Bill are about the difficult balancing act between private property rights and the public interest. It seems to me, in the case put forward by my hon. Friend the Member for Ogmore in support of the group of amendments, that this is an instance where the public interest is overwhelmingly clear, while the private property interest that the Minister defended in her response is not.
My hon. Friend put forward the problem that has been received by the Committee in evidence, which is that many blocks of flats are not updated with their internet connections and so on. There is a huge public policy interest in the digital divide, which we all know about across the country, and in ensuring that the people who live in those kinds of premises have excellent access—as good as someone living with the best infrastructure available in an urban setting. He mentioned the rural-urban divide, but I am talking specifically about the case he made about blocks of flats.
I think what the Minister was saying was that because what is being proposed represents a retrospective change, a higher standard should apply to protecting those private property interests than would apply in the case, for example, of equipment that was installed post 2017. That, however, does not make a jot of difference to a poor child living in a block of flats who does not have good internet access to do their homework. That is a pretty clear judgment for the Government to make, because they have made no real or clear case that any compelling property rights are being imperilled, or that there is any compelling cost—other than minor inconvenience, perhaps—to the landowners who might be affected by the amendment.
There is, however, an overwhelming public policy case for wanting to do everything possible to assist children living in such block of flats. There is an overwhelming public policy case that a child in that block of flats with pre-2017 infrastructure should not be treated any less equally or favourably than a child who lives in a neighbouring block of flats that happens to have equipment that was installed post 2017. I urge the Minister and the Government to rethink their position for those reasons, unless I have misunderstood their case.
I reassure the hon. Gentleman that we do not disagree with the ambition. We all want children in such blocks of flats and other difficult-to-reach premises to have excellent digital infrastructure. As the Member for an urban constituency, I certainly want that. We have been testing this extensively, from legal team to legal team of operators. Some operators tell us that the additional rights are not necessary to be able to access buildings in the way that they hope; others say that they are. As I say, we have been testing this. Some of the suggestions would give greater legal access to property than law enforcement has. We have to get the right balance and we have to test whether this proposal will ultimately speed up the roll-out.
That seems to be rather a weak argument. If law enforcement were entering someone’s property, it would probably be to search it, make an arrest or something like that. A telecoms operator entering a property to install some cable is a very different proposition, is it not?
It is a difficult balance to get right, between having a roll-out and ensuring that somebody’s property rights are respected. If we are considering giving greater powers to an operator than to law enforcement, we have to ask whether that is necessary. Operators have told us that that is not necessary to get access and to increase roll-out. On balance, therefore, we are not minded to support the amendment.