Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025
Debate between Lord Addington and Lord Hunt of Wirral(2 days, 11 hours ago)
Grand CommitteeRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Addington (LD)
My Lords, I have some sympathy for the Minister, with this being her first time going into something like this. This is not an area that I usually cover. Acronym hell may not be here, but you can see it from the edge of this debate.
Basically, we are talking about something that makes trade easier and compatible. The instrument talks about making sure that things are safer in the current digital age. That is all to the good, but I have a couple of questions. How are we doing ongoing equivalence and oversight? How are we looking to make sure that we stay in touch with the regimes? How much are foreign regimes being monitored to make sure that this is all ongoing and happening?
Also, what about the economic quantification? That is an important way of asking how practical it is, especially for smaller users and consumers in this field. Are we doing anything to make sure that it is practical and will work if you are an SME? That is very important because we may have made a wonderful thing that looks great on paper and in theory—probably on a computer screen, in this case—but how will it work in practice? How are we going to monitor that on the way through?
Of course, a degree of congratulation is in order to any Government who make trade easier. How will this measure be used to make trade easier? Can the Minister give an example of how trade will be done more easily? I am struggling for the right word, but how will we make our regime more compatible with other regimes? Our biggest trading partner is still the European Union. How will our regime be more compatible with the EU’s? These are just a few things I hope the Minister will clarify when she responds.
Lord Hunt of Wirral (Con)
My Lords, I join the noble Lord, Lord Addington, in welcoming the Minister to her first appearance in Grand Committee. What better example could she have of the way in which things can develop in this place where there is agreement on all sides? She may have felt on Monday that it was not possible to reach agreement on the matters before us then, when she played a prominent part. Although the House of Lords has expressed its views strongly, I still think there is room for agreement, which I very much hope will follow. Having said that, perhaps I may set an example of what can be done and say that I approach this statutory instrument in a constructive spirit because we support cybersecurity protections for consumers.
The UK consumer device security regime, which was introduced under the previous Government, set an important international benchmark. As more of our daily lives depend on connected devices, it is vital that products are secure by design and that consumers are protected from avoidable vulnerabilities. These regulations provide a practical amendment to the existing framework through recognising Singapore’s cybersecurity labelling scheme and Japan’s Japan JC-STAR STAR-1 as equivalent to our baseline. They remove unnecessary duplication for manufacturers, while at the same time maintaining consumer safety. Where trusted partners meet high standards—rooted, as the noble Baroness has just pointed out, in the same ETSI framework underpinning the UK regime—it is reasonable to avoid repeat testing and reduce barriers to trade. Therefore, we do not oppose the SI but, rather like the noble Lord, Lord Addington, I have a number of questions. I hope the Minister will be able to clarify a few points.
My first question is similar to that of the noble Lord, Lord Addington. How will the Government monitor ongoing equivalence? The Singaporean and Japanese schemes may evolve. If their requirements then diverge from the UK’s baseline, what mechanism will be used to reassess or revoke recognition? If they move too far in the wrong direction, what will we do? As the noble Lord pointed out, this is particularly important for small and medium-sized enterprises that need some certainty about the way in which these regulations will be enforced. Secondly, on enforcement, where a product enters the UK market with a foreign label, will our regulators have access to the evidence underpinning that certification? What steps will be taken if a certified product is later found to contain vulnerabilities? Finally, while the impact is assessed as below the threshold for a full assessment, can the Minister share any indicative estimates of the expected benefits to business, whether in reduced compliance costs or faster access to market?
In summary, international co-operation on cyber standards is vital and these regulations represent a sensible step in that direction. We support the intention to streamline compliance while upholding robust protections for UK consumers. However, continued oversight and clarity from the Government will be essential to ensure confidence in the system as it develops. I look forward to hearing the Minister’s response.