Global IT Outage

Lord Clement-Jones Excerpts
Thursday 25th July 2024

(4 months, 3 weeks ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Baroness Twycross Portrait Baroness Twycross (Lab)
- View Speech - Hansard - - - Excerpts

I think we all have huge sympathy for those affected. As the noble Lord rightly says, thousands of people were affected on the day. However, compensation is a matter for the individual operators and subject to consumer rules, which would cover any entitlement to compensation or refunds.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, in the light of recent events, we are clearly talking not just about bad actors. Does the Minister agree that there needs to be a rethink about critical national infrastructure and our dependence on a few overly dominant major tech companies for cloud services and software, which are now effectively essential public utilities? Will the Government reconsider how we are wholesale replacing reliable analogue communications with digital systems without any back-up?

Baroness Twycross Portrait Baroness Twycross (Lab)
- View Speech - Hansard - - - Excerpts

The noble Lord raises critical issues, a number of which will be covered by the cybersecurity and resilience Bill. I would welcome the opportunity to discuss these issues with him further.

Ministers: Legal Costs

Lord Clement-Jones Excerpts
Tuesday 12th March 2024

(9 months, 1 week ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Asked by
Lord Clement-Jones Portrait Lord Clement-Jones
- View Speech - Hansard - -

To ask His Majesty’s Government what assessment they have made of taxpayer-funded legal costs incurred by Government Ministers, following the recent libel settlement funded by the Department for Science, Innovation and Technology.

Baroness Neville-Rolfe Portrait The Minister of State, Cabinet Office (Baroness Neville- Rolfe) (Con)
- View Speech - Hansard - - - Excerpts

My Lords, in line with established practice under multiple Administrations of all political colours, Ministers are provided with legal support and representation where matters relate to their conduct and responsibilities as a Minister. As set out in Chapter 6 of the Cabinet Manual, Ministers are

“indemnified by the Crown for any actions taken against them for things done or decisions made in the course of their ministerial duties. The indemnity will cover the cost of defending the proceedings, as well as any costs or damages awarded against the minister”.

--- Later in debate ---
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, I thank the Minister for that reply. The Prime Minister put it rather differently. He said

“it is a long-standing convention stretching back many years … that the government will fund those legal disputes when it relates to government ministers doing their work”.

How can making party-political libel posts on X on Friday at midnight constitute “Ministers doing their work”? Why should this settlement come out of the public purse? Is this not a breach of the Ministerial Code, after all?

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- View Speech - Hansard - - - Excerpts

As I said, it is long-standing practice. Indeed, the Secretary of State concerned made a statement this morning at the Lords Science and Technology Committee and explained the circumstances in full, including how she was engaged in official work and got support from officials on the disputed letter.

--- Later in debate ---
Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- View Speech - Hansard - - - Excerpts

I do not see it that way. The Secretary of State gave evidence this morning to the Lords Science and Technology Committee. There was a brief discussion of this matter. They then moved on to discuss important points about science, which she and this Government are extremely supportive of and have done so much to make sure that the UK is one of the leaders in the world in science and technology matters.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, is this not another case of the Government marking their own homework? What is the Government’s ethics adviser saying about this? Have the Government taken a proper view from the ethics adviser?

Digital Government (Disclosure of Information) (Identity Verification Services) Regulations 2023

Lord Clement-Jones Excerpts
Monday 20th November 2023

(1 year, 1 month ago)

Grand Committee
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Baroness Neville-Rolfe Portrait The Minister of State, Cabinet Office (Baroness Neville-Rolfe) (Con)
- Hansard - - - Excerpts

My Lords, I am glad to see the noble Lord, Lord Stevenson of Balmacara, and others, and I echo what he said about our constructive discussions in 2014-16. I am also pleased to see my noble friend Lord Camrose championing intellectual property, as we try to do, and to see him accompanied by my noble friend Lord Evans of Rainow in his new position as Cabinet Office Whip.

The Digital Government (Disclosure of Information) (Identity Verification Services) Regulations 2023 are an important part of this Government’s commitment to strengthen the use of data and information across the public sector. We are bringing these forward so we can deliver better and more joined-up services and, in turn, improve outcomes for our citizens.

The regulations aim to allow information sharing between named bodies for the specific purpose of supporting cross-government identity checking when it is needed. Verifying a user’s identity—ensuring that a person is who they say they are—is a key part of delivering many government services. The draft regulations enable this by establishing a new data-sharing objective under Section 35 of the Digital Economy Act 2017 and by setting out which public bodies may use the new objective. This will create a legislative gateway, enabling us to use existing data sets, which public bodies already hold, to help as many people as possible to access the government services that they need online. It is therefore central to the development of more inclusive and accessible systems.

Specifically, the proposed objective would unlock the full benefits of the new cross-government digital system known as GOV.UK One Login. This is now live; users are able to set up an account, log in and prove their identity in order to access an initial set of 24 government services, with more being added all the time. However, at the moment, users must have photographic documentation, such as a passport or driving licence. This will change following the introduction of the new objective, as it will unlock new ways for people without photo ID to prove who they are, opening up the system to more users.

The delivery of One Login is a step change in simple joined-up access to government services online. This, in turn, delivers substantial cost and time savings for the Government and users by reducing duplication and providing enhanced capability to identify and stop fraudsters. In summary, the proposed objective will, first, enable checks against existing government-held information, such as PAYE and benefits data, to build confidence in the user’s identity, which will be particularly key where service users do not have a passport or driving licence. Secondly, it will provide a specific legal framework for checks against documents currently used in identity verification, such as driving licences. Thirdly, it will enable the sharing of the results of identity checks performed by one named body with another, so that users need to prove their identity only once.

The draft regulations set out which of the bodies already listed in Schedule 4 to the Digital Economy Act can use the new identity-verification data-sharing power, such as HM Revenue & Customs and the Department for Work and Pensions. They also add four new public bodies to the schedule that will be able to use the power: the Cabinet Office, the Department for Transport, the Department for Environment, Food and Rural Affairs and the Disclosure and Barring Service.

The public bodies listed in the regulations are either bodies that hold information that could be used in support of proving that someone is whom they say they are or those that own and manage services that people need to access, which they therefore need to receive the results of identity checks. Of course, some public bodies do both.

The territorial extent of the draft regulations is England, Wales and Scotland. The Information Commissioner’s Office and the devolved Administrations support the draft regulations, and indeed the Scottish and Welsh Administrations have requested that certain Scottish and Welsh bodies be included in the draft regulations to enable them to use the new data-sharing power—so it is devolved friendly.

I am sure noble Lords will be pleased to know that these draft regulations have been subject to the standard rigorous processes of internal and external review. In the first instance, the objective has been subject to scrutiny by the Public Service Delivery Review Board, as set out in the underpinning code of practice on public service delivery, debt and fraud of the Digital Economy Act 2017. The board recommended that Ministers take forward these draft regulations since they meet the required criteria of supporting the improvement, or targeting, of public services to individuals in order to enhance their well-being.

Furthermore, the objective has been subject to a public consultation, which received more than 66,000 responses. Some respondents recognised the benefits to individuals of improved and more inclusive services. Some mistakenly expressed concern that this was a back-door route to identity cards. Therefore, in response to the consultation, the Government confirmed that they have no plans to introduce mandatory digital ID or identity cards. We also published additional information on how GOV.UK One Login will operate within these regulations and within the overall data protection framework. We extended the time between the regulations being approved and coming into force, and we amended some of the wording to reflect that of the Act. Of course, the Government understand that people want to protect their personal information and this is central to our approach. The draft regulations relate to using data only for the purpose of identity verification.

Part 5 of the 2017 Act gives the Government powers to share personal information across organisational boundaries to improve public services. It lays down what data can be shared and for which purposes. Data sharing must also have regard to the accompanying statutory code of practice on public service delivery, debt and fraud, which sets out how the power must be operated, including how any data shared must be processed lawfully, securely and proportionately in compliance with data protection legislation and UK GDPR.

The Digital Economy Act statutory code of practice on public service delivery, debt and fraud also requires information-sharing agreements to be listed on a public register of information-sharing activity under the powers. The framework for data sharing under the DEA provides a supportive background to help organisations to share data in ways that benefit the public, as confirmed by the Information Commissioner’s Office in its recent review. It includes robust safeguards that ensure that organisations share data responsibly and in alignment with data protection principles, while also safeguarding people’s rights.

I think these regulations are relatively straightforward and important, and I hope that colleagues will join me in supporting them.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

My Lords, it is good to see the Minister move seamlessly from intellectual property to digital and data, but both can sometimes create their own questions. Since this is the first time we have debated One Login in the Lords, I hope that the Minister will not mind if she gets a large number of questions about the scheme. As I understand it, the goal of the One Login programme is to create a log-in database owned by the Government and containing the verified names, addresses, dates of birth, phone numbers and email addresses of everyone who uses—eventually—all Government-owned digital services, which is likely to be everyone in the country.

Perhaps unfairly, I have always thought of One Login with some scepticism, as the son or daughter of Verify, and not in a good way. The cost of the failed Verify scheme was over £200 million. It would be very useful as part of this debate to hear the cost of OneLogin so far and how much more is budgeted to be spent on its rollout. It does seem strange that the Government are having another crack at a single verification system, given the many other trustworthy existing systems that could be adopted.

First, I think it worth mentioning what the Secondary Legislation Scrutiny Committee said in its 55th report in October. I think it was rather baffled and scathing at the same time:

“This is a classic example of an Explanatory Memorandum … with too narrow a focus”.


I think it felt it was being bounced to some extent, without the context in which One Login was going to be designed to work. It said:

“We therefore request that the Cabinet Office revises its”


Explanatory Memorandum

“to include sufficient background information to enable any reader to understand the legislation’s practical effects”.

I suppose I am lucky in that I followed the gory progress of Verify through to One Login and the current date. I have some idea of the purpose behind One Login. As I understand it, the principal effect of these regulations is to allow the Government to share data for the purposes of identification. The SI does not restrict those flows of data; data can flow into the Cabinet Office as envisaged but identity data can also flow from the Cabinet Office to any other listed department. I hope that the Minister will be able to confirm that.

Will the Government allow population databases to be copied, whether openly or not? The revised Explanatory Memorandum is silent on this, and it is unclear if this assurance from the Government’s consultation response will be delivered. The response said:

“In particular, information will set out which departmental services are using identity verification services to support delivery and which will provide data to help departments establish who a person is”.


Will that actually happen? Will there be that level of transparency? There are apparently no safeguards on sharing bulk data if the Government want to share for this purpose across government. What transparency will there be if and when this takes place?

There is then the question of for whose benefit One Login really is. Is this a “better login to government” project, which many people might applaud, or is it a “one identity to government” project? The answer at the moment appears to be the latter. I say this because medConfidential, which I thank for its briefing, reports that a

“meeting held during the consultation was told that the Government’s intent is to actively prevent individuals from having multiple login accounts. A person may be able to have multiple email addresses— indeed, they may already do—but Government would attach them to a single ‘identity’. This regulation allows that database to be shared in bulk”.

Not to put too fine a point on it, that turns One Login into a tool of a centralising state—with implications for the privacy of the citizen—which the Government have previously assured us many times they were not building. I would therefore be extremely grateful if the Minister described the reality of One Login, as well as its purpose and operation.

At a roundtable on the consultation, the Government Digital Service apparently said that the regulation’s “first use is One Login”, which suggests there will be a second use. It is unclear to us to what extent the DWP will embrace One Login for government, for universal credit, for HMRC’s services, or indeed for the MoJ’s digital courts. What commitment from government departments and agencies is there? I can see that they are all listed, but Verify fell down precisely because of the lack of commitment from many government departments. What about the identities, too, of public servants? Will they be able to have multiple identities as both citizen and employee? What is the reality of that?

--- Later in debate ---
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

Let me understand this. In effect, data is being shared across departments so it is not simply a way of having a wallet, if you like, within the Cabinet Office that then gives you a clear identity for the purposes of accessing government services across government; it is a question of sharing that identity data across government departments. It is data sharing in bulk across government departments.

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

It is data sharing for the purposes of digital identity. Ultimately, by April 2025, we hope to have approximately 145 central government services that can be accessed via One Login. It is a mistake to think that this is somehow going to be used in the bulk way that the noble Lord describes. It is about identity checking, not collecting huge amounts of data for use in a Big Brother sort of way; the noble Lord may have misunderstood this. Users can delete their account at any time. I think that the noble Lord’s concern is perhaps misplaced.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

That is exactly the assurance that I am seeking.

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

While I am on the subject of benefits to the individual, there is an example that I would like to share with the committee; it reflects a question that I asked. Sometimes, married women have two different names. I am in that lucky, or unfortunate, position. We understand that some users will need or want to use multiple accounts, so users can already set up multiple accounts on One Login using different email addresses that can relate to different names. From next year, we plan to allow users to link accounts under the same verified identity. The noble Baroness, Lady Chapman, asked us to look through the eyes of the individual. This is one of the things we have been trying to do in this programme, learning from the past.

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

The difference is that, at the moment, you tend to have to provide a passport. It is difficult to log in to some of these services without a passport or a driving licence. In future, as I made clear in my introductory remarks, it will be possible to use different sorts of identity data and to have a system within government that allows us to do that. That will have the effect of making it easier for more people who are finding establishing their identity difficult without encouraging a lot of identity fraud, which is obviously another concern that one has to take account of in putting these systems together.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

I entirely appreciate the Minister taking the trouble to talk us through this. The question is: for whose benefit is this? Is this so that government departments can identify somebody right across the board, so that you can have only one identity in government and so that the Home Office will share data with universal credit and every other department that interfaces with an individual? Is that the idea of this One Login? Or is it possible to have more than one digital identity?

--- Later in debate ---
Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

One obvious benefit is that more and more government departments are using digital. The technology is transforming our lives, after all. Once you have this single digital identity, you will then be able to use it to access services and opportunities from other government departments as well. That is the point: the digital identity will be used across the board. That is helpful to individuals. I should add that a document is published on GOV.UK outlining what data is being used by One Login. I think it is worth noble Lords looking at that.

The noble Lord, Lord Clement-Jones, rightly asked a question about cost—something we always used to ask about in our previous debates. The One Login programme’s total budget for 2022-23 to 2024-25 is £305.4 million. Of this, the programme forecasts expenditure of £132.7 million on the development and rollout of the system by the end of the current financial year.

The noble Lord mentioned the Explanatory Memorandum. We did indeed make some changes, as he acknowledged, to the Explanatory Memorandum, which was made available to the SLSC, to provide a clearer explanation of which part of the law the instrument is changing and why. He mentioned that the revised Explanatory Memorandum was laid on 2 November, and provided more contextual information. In particular, it explained that the SI provides the statutory basis for specified public bodies to share data in order to verify an individual’s identity in a safe and secure way so that they can access public services online, and that duplicative systems are being replaced with a single account. This is an obvious benefit.

The SI will also enable the GOV.UK One Login to draw on a broader range of government-held data sources when users need to verify their identity. That is an important point, because it is difficult for people who do not have a passport or a driving licence under the current system.

We are committed to being open and transparent by making information about data shared under the Digital Economy Act easily available for all to find and understand in the public register of data-sharing agreements. That was one of the safeguards laid down in that Act, so we have obviously taken that on board. That is an important point of transparency.

This is also underpinned by a robust code of practice—I have read it—which was created by Section 43 of the DEA. That sets out how the power must be operated, and includes setting out how any data shared under this power must be processed lawfully, securely and proportionately, in line with data protection legislation. We therefore have the DEA and data protection legislation coming together to allow us to implement this, hopefully life-changing, bit of technology in a way that protects the citizen. Obviously, the Cabinet Office is responsible for maintaining that register, and the Public Service Delivery Review Board is overseeing strategic consistency.

We have not seen that many regulations made under this Act—I think there was one on social care before—but we can see the value of the Act and the safeguards that Parliament added to it coming through.

On voter registration, the noble Baroness, Lady Chapman, raised a very good point, to my mind. I will have to follow up in writing. Fundamentally, as she said, these regulations will enhance the user experience. Despite many improvements over the last few years, today’s experience of interacting with government is too fragmented. We have multiple logins, and we are repeatedly asked the same information, which sometimes one has recorded on the phone—and sometimes recorded wrongly, as I know from my own experience. This is the same for everyone trying to access government. One Login will replace this with one system; we are used to this on our phones and so on, and there is a lot to be said for this new arrangement. We will have better data sharing to help those people without traditional forms of ID to access the services online that they need.

I hope noble Lords, having heard the benefits of the regulation—

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

My Lords, I am sorry to interrupt the Minister as she comes to the final furlong, but the question of oversight raised by the noble Baroness, Lady Chapman, and by me, and the standards that will apply to this system, are extremely important.

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

Given the time, I will take that away, along with the voting point, if I may. I drew attention to the code of practice and the parent Act; we have every intention of following the principles, but the point about review and oversight is well made by the noble Lord, as always. I will come back to him on that point.

I am sorry that I have not been able to answer every question on the login area. I can introduce noble Lords to my honourable friend in the other place, Alex Burghart, who has spent a great deal of time developing these regulations. The point is that these narrow regulations before us today are a necessary enabler for this major change for the citizen. I hope that noble Lords, having heard the benefits, will join me in supporting the draft regulations. I commend them to the Committee.

Emergency Alert System: Fujitsu

Lord Clement-Jones Excerpts
Wednesday 19th April 2023

(1 year, 8 months ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- View Speech - Hansard - - - Excerpts

My noble friend and I agree that the impact of the Horizon scandal on postmasters and their families is utterly horrendous; we used to work together on this when I was on the Back Benches. That is why the Government have set up an inquiry, much encouraged by my noble friend, to get to the bottom of what went wrong and ensure that it can never happen again, as well as providing compensation for those affected.

All government contracts are awarded in line with procurement regulations and transparency guidelines, and that goes for the contract on the alerts. As noble Lords would expect, robust security measures are in place as part of the procurement process.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, I pay tribute to the noble Lord, Lord Arbuthnot, for his relentless campaigning over a period of 13 years. Otherwise, the sub-postmasters would not have received any form of justice. Fujitsu’s track record is quite appalling; the noble Lord mentioned that it has never apologised. It was described as giving unsatisfactory and inaccurate evidence in the case brought by the sub-postmasters. The NHS terminated two contracts with it back in 2008-09, then Fujitsu sued the NHS for £700 million and did not settle for 10 years. On exactly what basis do the Government judge Fujitsu to be fit and proper to hold this contract?

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- View Speech - Hansard - - - Excerpts

I will make one preliminary point: Fujitsu has been fully co-operating with the postmasters inquiry. I also emphasise that there is no link between the small amount of work that Fujitsu has done for DCMS and the Cabinet Office and the work done for the Post Office.

Security of Government Devices

Lord Clement-Jones Excerpts
Tuesday 21st March 2023

(1 year, 9 months ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Collins of Highbury Portrait Lord Collins of Highbury (Lab)
- Hansard - - - Excerpts

I did ask someone earlier what TikTok is—I thought I was a modern person, but clearly not.

Can the Minister tell us whether this sort of interpretation is going to involve a change in the Ministerial Code? A Minister may not think sharing a draft Written Ministerial Statement on personal email qualifies either as substantive business or as a security risk, but the Home Secretary was of course temporarily forced out after sending such material to the wrong people. Oliver Dowden also talked about the granting of exemptions for operational reasons. Can the Minister provide an example of why a banned app may be deemed necessary? If she cannot today, could she write with such an example?

This debate takes place in the context of wider concerns about some forms of Chinese-made technology, including CCTV camera systems. On 2 February, my noble friend Lord Bassam of Brighton asked when the Government would commence important product security provisions under the Product Security and Telecommunications Infrastructure Act, which is intended to protect users of smart products such as CCTV doorbells. The noble Lord, Lord Parkinson of Whitley Bay, was unable to provide any date. I hope the Minister can do so today. The Government said they intended to bring the first half of that Act into force as soon as practicable, so why are we still waiting?

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, as a long-standing deputy chair of the all-party China group, I welcomed the proportionate approach taken in the Government’s statements in the integrated review refresh about relations with China. In the face of the current human rights position in Xinjiang and the situation in Hong Kong, however, this should not change any time soon.

On these Benches, we are in strong agreement with those who consider that the Government could and should have been a great deal more strategic about relationships with sensitive Chinese suppliers—whether internet or data based, hardware or software related—in the run-up to this Statement. This is a one-off Statement about TikTok, a social media company. It would be good to see the assessment and the evidence of potential cybersecurity issues which the Government have not yet—as far as I know—produced.

However, when it comes to makers of surveillance cameras, as the noble Lord, Lord Collins, said, the Government appear far more reluctant to act. The Surveillance Camera Commissioner, Professor Fraser Sampson, has been very clear in his warnings, in particular about Hikvision and Dahua cameras, which, as far as we know, are used extensively in Xinjiang for surveillance purposes and pose security risks here, even when live facial recognition is not enabled.

Just last week, we saw Tesco lead the way in the private sector and order the removal of these cameras from its stores. The Government have simply ceased to install them. Why are they not directing their removal, particularly in police forces? Have they mapped exactly where on the government estate and in other spaces these cameras remain?

Regarding TikTok, why act so late when the EU and US, as the noble Lord, Lord Collins, mentioned, acted earlier? Presumably they have the same security information. When did the evidence emerge that has led to this ban? Will the Government publish the review by cybersecurity experts which assesses the risks posed by these third-party apps on government devices?

As the noble Lord, Lord Collins, also mentioned, why are private devices used by government Ministers not covered? I note that Oliver Dowden repeated that position last week. After all, we know there has been extensive use of private devices by Ministers, particularly —dare I say—among former Health Ministers. What assessment of this aspect has been made? Which government departments and public bodies are actually covered? What is the process for drawing up the promised approved list of apps? What criteria will be used?

As many said in the Commons, this looks like whack-a-mole; the Statement is no substitute for a coherent cross-government strategy. Why do the Government not now move, for instance, to include the capture of biometric data in the definition of “critical national infrastructure”? Questions have been raised recently about Chinese cellular internet of things modules—CIMs—which are imbedded in many devices. What is the Government’s approach to this? Are they even aware of what CIMs are?

Finally, if the Government are concerned about information being harvested by social media and other apps, why is the Data Protection and Digital Information Bill, now before the Commons, widening the circumstances in which research data can be used for commercial purposes? Is this not a typical example of this Government’s incoherence and lack of co-ordination on issues such as this?

Baroness Neville-Rolfe Portrait The Minister of State, Cabinet Office (Baroness Neville-Rolfe) (Con)
- View Speech - Hansard - - - Excerpts

My Lords, I welcome the welcome for the Statement made by my right honourable friend the Chancellor of the Duchy of Lancaster last week. By way of background, I should explain that the Government commissioned a review by our cybersecurity experts of the risks posed by third-party applications, including TikTok. As a result, the review concluded that we needed further security measures to protect the data.

There is obviously a limit to what I can say due to the sensitive nature of the Government’s work, but we are taking what we believe is proportionate, considered action to strengthen the security of government devices, and we are doing that in two ways. First, as is already the case in many departments—and that includes my own, the Cabinet Office—all government departments will now move to a system where only the third-party mobile apps available on their devices are those which have been pre-approved for inclusion on a departmental “allow list”.

Secondly, as a precautionary measure, all government departments are now required to take action to prohibit TikTok on their devices with immediate effect. It is a prudent, proportionate step, and more broadly, we are absolutely committed to bolstering national security, of which this is an example. As I explained to the House about 10 days ago, new guidance on the use of non-corporate communications will be issued very shortly and will bear on some of the questions that have been raised.

I was asked about TikTok on Ministers’ personal devices. The Secretary for State for Energy Security and Net Zero, who has been quoted, supports our policy and has been very clear that he has never used TikTok on his government devices. On personal devices, it is more of a personal choice. As I have explained before, all Ministers are carefully trained in security when they are appointed, and they have a briefing from time to time to keep that up to date.

To answer the question about exemptions, the business justification for having TikTok on government phones is to my mind very limited, but there are a small number of cases where it is necessary. Examples would include security and law enforcement. I know that some of my colleagues who are involved in security may need to use TikTok to make observations. Marketing would be another area—I think that the Secretary of State for Energy Security and Net Zero, Grant Shapps, comes into that category. We need to have common sense and proportionality. Departments will be able to make exemptions on a case-by-case basis through a departmental approval process, but with ministerial clearance as appropriate and risk mitigation in place.

Regarding Chinese security cameras, we have acted— we have discussed this in this House many times. We are also strengthening the powers in our Procurement Bill, and suppliers will be considered for addition to the debarment list on the basis of a rigorous and fair policy. This policy is under development, so it is too early to say, but regarding the action we have taken, we are now working with departments to make sure that Hikvision cameras are phased out.

The noble Lord, Lord Clement-Jones, talked on a more strategic level about China, about which we need to be sober and realistic. Obviously, we do not dispute the importance of China, but it has become more authoritarian at home and more assertive overseas, which is of concern to the UK—our policies need to reflect that. In the integrated review refresh, which was published last week and is well worth a read—the noble Lord referenced it—the Prime Minister set out clearly the overall direction across government for a consistent, coherent and robust approach to China, rooted in the UK’s national interest and aligned with our allies. A proper, and properly resourced, approach to security is an important part of that.

I repeat that the Prime Minister set up a new department, and the Budget included a substantial pledge—£3.5 billion by 2030—to support the Government’s ambitions to make the UK a scientific and technology superpower. This is one of the Prime Minister’s five priorities. So we should take the steps we need to take for security, but we also need to be careful to encourage the positives of new technology, whether that is AI, quantum technologies or engineering biology. We seek an important balance here.

Civil Service: Digital Skills

Lord Clement-Jones Excerpts
Monday 20th February 2023

(1 year, 10 months ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Asked by
Lord Clement-Jones Portrait Lord Clement-Jones
- Hansard - -

To ask His Majesty’s Government what steps they intend to take in response to the Global Government Forum report UK civil service digital skills, published on 29 November 2022.

Baroness Neville-Rolfe Portrait The Minister of State, Cabinet Office (Baroness Neville-Rolfe) (Con)
- View Speech - Hansard - - - Excerpts

My Lords, the Government are already taking action to build digital skills at scale and have a clear road map, set out in the Transforming for a Digital Future strategy, which we published in June 2022. The road map has set a target to upskill at least 90% of senior civil servants in digital and data by 2025 and to strengthen the attraction and retention of digital talent by bolstering the Government’s recruitment brand and pay offer for specialist skills.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, the Government claim that their 2022-25 digital and data road map will usher in a

“new era of digital transformation”

for public service improvement, yet Civil Service skills are clearly inadequate to deliver it. As the NAO has pointed out, there has been

“a consistent pattern of underperformance”

in public services for many years. What will be different this time? Is not the road map another example of this Government’s wishful thinking?

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- View Speech - Hansard - - - Excerpts

It is important to have an ambition and a road map if you are going to move things forward. We have a Prime Minister who regards the digital and data area as very important. We have set out our digital future strategy, which includes, on the point that the noble Lord is concerned about, that 90% of senior civil servants will be upskilled in digital and data through that programme. Digital professionals will also have top-up training every year. We are moving to recruit a lot more civil servants in the digital and data area; we have 4,000 vacancies, which is too many, but we are doing everything that we can to attract more people. This includes a capability-based pay scheme and much more focus on the regions, where we believe that we can get more digital talent out of the universities, often working away from London in centres such as Cardiff and Darlington.

Preparing for Extreme Risks (RARPC Report)

Lord Clement-Jones Excerpts
Thursday 12th January 2023

(1 year, 11 months ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, I express my own thanks to our chair, the noble Lord, Lord Arbuthnot, not only for his excellent introduction today but for his superb chairing of the committee, especially given that meetings had to be conducted remotely almost throughout. I support his thanks to our terrific staff and advisers, and to my fellow committee members for their stimulating company and insights.

I joined the committee encouraged by some of the writing of the noble Lord, Lord Rees, especially in his excellent book On the Future: Prospects for Humanity, in the hope and expectation that we would grapple with how best to anticipate and mitigate some of the extreme and existential risks we face in the UK, particularly those arising from new technologies such as artificial intelligence.

However, the fact is that, in risk terms, we have rarely been thinking beyond a two-year timeframe, let alone a parliamentary term, and we found that our system is completely deficient in assessing and planning for chronic or long-term risks and has a bias against low-likelihood, high-impact risks. In his evidence to us, the noble Lord, Lord Harris of Haringey, chair of the National Preparedness Commission, rightly questioned whether the current political system, with short parliamentary terms and ministerial postings, allows for the proper consideration of risk. Sir Patrick Vallance, who it is clear will be playing an important role in government reforms in this area, was even blunter, saying:

“If you take a two year outlook, you get the wrong answer.”


We discovered that it was not just generational risks where risk assessment and planning were inadequate, such as with climate change or AGI—artificial general intelligence—but that we failed even when it came to the medium term. As we have heard, the great irony is that, prior to the onset of Covid-19, the UK’s approach to risk assessment and management—as the Institute for Government pointed out in its report Managing Extreme Risks—was admired. It is clear, however, that there are both cultural and institutional flaws in planning, assessment, mitigation and prevention. The time is never right for expenditure on prevention and mitigation, as the noble Lord, Lord Rees, says—another plug for his book—in his new introduction.

The risks we face are changing. As we say in the report:

“Technological advances have raised the threat posed by the malicious deployment of technologies which could be used for good or ill, while traditional threats such as those from nuclear or chemical warfare remain.”


We also found that the Government’s risk assessment process through the NSRA looks at only discrete risks and is unable to encompass the complexity of risks facing the UK. It has failed to account for interconnected or cascading risks, which go far beyond the failure of one part of a system.

In his prologue to his book Apocalypse, How?, one of our witnesses, Sir Oliver Letwin, posits a national emergency where the internet goes down, electricity supply fails across the country and no analogue communications backup is available. Given the way that BT’s Digital Voice programme to replace copper telephone lines with fibre seems to be taking place without any assessment of the impact on national resilience, it looks like we are heading for an emergency of exactly that type. Robert Harris, author of The Second Sleep, illustrated this graphically in his evidence:

“Sophisticated societies do collapse. Every civilisation collapses. You cannot think of one that did not face some terrible crisis, partly because they became so sophisticated.”


We further found that the central government risk assessment process has developed a culture of secrecy that impedes thorough scrutiny, expert consultation and information sharing with key partners, as experience with Exercise Cygnus and the DHSC’s more recent report on learning Covid lessons are already showing.

I welcome a great deal of the Government’s response and the new resilience framework, particularly the adoption of the overarching three principles adumbrated by the noble Lord, Lord Arbuthnot, and action relating to local resilience forums and the voluntary sector—and, indeed, relating to the development of skills. But how will the resilience directorate and the new head of resilience be

“providing leadership for this system”?

It seems there will not be any teeth in terms of challenging lead government departments.

Then we have the lack of a statutory duty regarding critical national infrastructure threats, which could be the Achilles heel of our risk planning. How does this square with the commitment to deliver resilience standards in the private sector? What does action to “refresh” the NSRA mean? What methodology will be adopted? Why is there no commitment to looking more than five years out? These proposals all aim to ensure that we have a much better handle on the future. As Professor William MacAskill says in his recent book, What We Owe the Future, sacrifices can actually be win-wins for posterity. I hope the Treasury takes note.

--- Later in debate ---
Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

I always like to be the bearer of good news from the Dispatch Box.

We are going to be updating the risk register, as everybody has talked about. I cannot give an exact date, but I can say that we are working on these issues with energy. I am delighted to be working now in this area, and obviously very keen to make progress. I do not think that I can say anything today about the very important issue of powers, because I was on the Back Benches during all the Covid measures, so I very much understand the points that have been made. We have got a Covid inquiry that is taking place, and there has to be some sort of interaction between the Covid inquiry and what we do for the future.

I am very grateful to my noble friend Lord Arbuthnot for his positive comments on the resilience framework. I am pleased that he recognises elements of his committee’s recommendations within it—in fact, nearly all the recommendations were accepted in whole or in part. My noble friend rightly raised transparency and challenge. We set our commitment to both in the framework and are already working to embed the principles across my departments, and across others. As an example, the national risk register, when it is published in the coming months, will include more detailed risk information and guidance than previous iterations, and it follows the new classified version of the national security risk assessment.

Noble Lords will be pleased to know that the development of the latter involved a great deal of external challenge this time, and the NSRA is more robust as a result. My colleague the Chancellor of the Duchy of Lancaster will be chairing the next UK resilience forum in February—just one way in which we are incorporating more independent challenge and expertise from outside government. I hope that further work on resilience this year will demonstrate more progress, and we will update Parliament through our inaugural annual statement on resilience.

The noble Lord also raised the committee’s recommendation, as others did, for an office for preparedness and resilience, and the accountability issue was emphasised by the noble Lord, Lord Browne of Ladyton, who sadly had to slip away. It is a key factor of the framework and, while have not chosen to establish a new body, we are taking steps to address the spirit of the committee’s recommendations. We agree with the noble Baroness, Lady Brinton, on the need for culture change—a point that she rightly often makes—and that is already happening.

The strength and function at the centre of government build on the approach that we have got under way on things like procurement and infrastructure, and I am sure that it will lead to much better coherence and accountability in the resilience system. We are also strengthening the lead government department model of risk ownership and are establishing a sub-committee of the National Security Council to enable Ministers to focus on national resilience, because ministerial involvement is important in getting things effectively progressed. I need hardly say that the Government also agree with the report’s emphasis on training, conducting exercises and performing dummy runs as a fundamental part of our collective resilience.

We are not just going to carry on as before, as the noble Lord, Lord Berkeley, rather mischievously said, and I look forward to giving evidence to his Built Environment Committee on infrastructure next week and to discussing the improved way we now monitor the progress of hundreds of infrastructure projects.

I am sorry that it has been over a year since the committee’s report was published, but the Government, as I have already outlined, have taken a number of steps to address the points that were raised. It is worth reiterating three key themes. On finalising a new classified national security risk assessment, the changes were informed by recommendations from the committee, but also by an external review from the Royal Academy of Engineering in September 2021. The intervention of the noble Lord, Lord Mair, showed the importance of bringing in the engineers.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

My Lords, I apologise for interrupting the Minister but one of the key points is about the methodology adopted for the NSRA, and one of the key issues that appears to be emerging is that the Government do not seem to be committing to go beyond a five-year horizon. What assurance can the Minister give about the methodology that is going to be used, and whether we are going to be looking further into the future?

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

I think the noble Lord is right that the main focus is on the next five years, but I will perhaps come back to him to discuss that point further. It is clear from what I have been saying that we are looking at extreme risks, and they are not necessarily going to arrive tomorrow, so I understand and sympathise with the point he has made.

The second step is strengthening the crisis and resilience structures in the Cabinet Office with the creation, as I have said, of the resilience directorate and the COBRA unit. We are responsible for resilience planning and national crisis response, working closely with departments which have sectoral responsibilities. This includes identifying, planning and preparing for risks, and building capacity to respond effectively. The changes to how it is organised will help to ensure that the Government have the capacity and capability to respond to emergencies, which is obviously particularly important in the wake of Covid-19.

Thirdly, we are working to improve our resilience to chronic risks and vulnerabilities, such as climate change—which was emphasised by the noble Viscount, Lord Thurso—and artificial intelligence. We have recognised that this type of risk poses continuous challenges over time to communities, the economy and security, and requires a different type of response to more acute risks, such as flooding or terrorism.

The scale of the risks we face has required a new strategic approach to resilience. That is why we published the UK Government Resilience Framework in December, which previously had the working title of “national resilience strategy”, to respond to a point made by several noble Lords. It is a new strategy which is already being implemented across government. It reflects our ongoing commitment to resilience which we made in last year’s integrated review, and the new strategic approach will be reflected in further publications this year, with the refreshed national risk register, the updated biological security strategy, and the update to the integrated review itself, which has also been promised.

Procurement Bill [HL]

Lord Clement-Jones Excerpts
Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

My Lords, forgive me; I thought I could move this amendment formally too. I try to find a sensible and reliable pathway through, as your Lordships know. I look forward to debating this group, which discusses the single digital platform and transparency.

Transparency has been central to the development of this Bill, and it should be noted that there is a significant extension to transparency under the regime. The publication of documents and notices that follow the award stage will allow interested parties to see how contracts are being implemented. While we have stated publicly that it was always the Government’s intention to create a central digital platform to host this data, we acknowledge the concerns raised by noble Lords during Committee around the importance of the online platform. Amendment 129 therefore creates a new duty requiring a Minister of the Crown to provide an online system for the purpose of publishing notices, documents and other information under this Act.

In addition, the duty requires that the platform has to be accessible to people with disabilities—a point we were debating on Monday—and provide access to procurement information that is published under the Act, free of charge. This means everyone will have access to public procurement data and can track contracts as they progress through the commercial lifecycle from tender to award and delivery. Citizens will be able to scrutinise contracting authority decisions; suppliers will be able to identify new opportunities to bid and collaborate; and buyers will be able to analyse the market and benchmark their performance against others, for example on their spend with SMEs.

In addition to the principal amendment, Amendment 132 is a technical amendment which removes an existing statutory power as this platform is expected to be delivered through common law powers. Since becoming the Minister responsible for this Bill, I have been keen to ensure that it strikes the right balance between transparency and not imposing undue burdens on contracting authorities. Contracting authorities will continue to be bound by the obligation to publish opportunities for all advertised procurements that are above a threshold of £12,000 for central government authorities or £30,000 for others. This will ensure that there is a high degree of transparency for SMEs, so that they can bid.

However, at the other end of the commercial process, the Bill introduces additional transparency requirements after the award of the contract. I have reflected on these, and Amendments 78, 80 and 104 all seek to raise the original threshold for the publication of contract key performance indicators, public contracts and modifications to a public contract from £2 million to £5 million. This will reduce the administrative requirements for contracting authorities while ensuring transparency of the public sector’s larger contracts. I am pleased to say that these amendments have been welcomed by the Local Government Association in the briefing note it published on 25 November.

I will turn to the other amendments tabled in this group in closing, having heard the points raised by noble Lords. Meanwhile, I beg to move Amendment 78.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- View Speech - Hansard - -

My Lords, I rise to speak to Amendment 130 to government Amendment 129. Many of us will be pleased that the Minister has decided to put the new online system for procurement information on the face of the Bill. At the same time, however, we need some assurance that it will be fit for purpose and achieve the objectives set for it, otherwise the Government seem to have carte blanche to construct whatever system they see fit to inflict on the vendor community, without any required standards or reporting duty. Let us face it: even the modest database under the Subsidy Control Act is subject to a form of reporting duty, and this system will be of far greater significance.

The amendment in my name and that of my noble friend Lord Fox is designed to provide assurance but in very simple terms. There would be the requirement for a report, first, on the performance standards expected and, secondly, on the standards achieved in the relevant period, including metrics on satisfaction and the accessibility experience of stakeholders. This is a modest proposal; how can the Minister possibly argue against it?

Baroness Noakes Portrait Baroness Noakes (Con)
- View Speech - Hansard - - - Excerpts

My Lords, I support the single digital platform which is now covered by government Amendment 129 in this group, but I have one caveat. The benefits of the platform, in terms of efficiency—having all the procurement details in one place—will be undermined if contracting authorities are required also to publish tender information in other ways. That is what lies behind my Amendments 166 and 168 in this group. Like some of the amendments I spoke to on our first day in Committee, these have been suggested by the Local Government Association. I am grateful to my noble friend Lord Moylan for adding his name to them.

These amendments propose two additional repeals within Schedule 11, the repeal schedule. Subsections (4)(b) and (5) of Section 89 of the Transport Act 1985 require local authorities to issue notices of tender individually to anyone who has given written notice that they wish to be notified. Amendment 166 would repeal that, because it should no longer be necessary. Amendment 168 would repeal Regulations 4 and 5 of the Service Subsidy Agreements (Tendering) (England) Regulations 2002 so that information on tenders will no longer be required, for example, to be published locally, including in local newspapers.

I hope my noble friend will see these two amendments as supporting the importance of the digital platform. I also hope that she will be able to assure the House that the Government will ensure that later legislation will not be allowed to undermine the platform by adding new and additional requirements, once it is up and running.

--- Later in debate ---
Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- View Speech - Hansard - - - Excerpts

My Lords, Amendments 79, 81 and 105 have been tabled by the noble Baroness, Lady Hayman, and the noble Lord, Lord Coaker, to amend to £3 million the financial threshold above which contracting authorities would be required to publish contracts and contract modifications, and set and publish KPIs. The government amendments raise these thresholds to £5 million. The intention of this is to reduce the administrative burden on contracting authorities, while still providing increased transparency on larger contracts. Redacting contracts for publication where they contain commercially sensitive information is particularly burdensome for smaller contracting authorities, requiring detailed and costly checking by legal teams that they may not have or expensive legal advisers.

Where does the figure come from? I do not know exactly; that is the honest answer. I was offered options of £50 million, £10 million and £5 million. I chose £5 million because that is quoted in the Sourcing Playbook, which seemed a reasonable point. I believe that a threshold of £5 million balances the benefits of transparency with the costs and burdens of implementation.

The higher threshold in the government amendment has been welcomed by the Local Government Association. We want the arrangements to work, so we will monitor them carefully. We have powers to change the thresholds if we need to do so—for example, to bring in extra contracts as the system grows and matures—and if analysis of the new data gathered allows us to better understand how to ensure that the obligations are effective and proportionate; or, to go the other way, if we end up with a lot of difficulties. It seems a reasonable approach.

Amendment 130 tabled by the noble Lords, Lord Clement Jones and Lord Fox, seeks to require the Minister of the Crown to report annually on performance standards and feedback on the online system, including stakeholder satisfaction and accessibility. The data on the platform will be available in real time, and interested parties—of which there will be many—will be able to access information by using the tools available on the platform and by downloading the data for external analysis, such as statistics on the publication of notices and the progress of contracts. The platform will be accessible, as I have said, and will comply with the relevant legislation, including the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018, on which I am not, I fear, an expert. The Government are continuously monitoring the existing online platform that supports noticing under the current regulations and will continue to do so under the new regime and make changes as they are needed, so we are not inclined, on this occasion, to write in a review clause.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

What mechanism will there be for feedback from vendors and so on?

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

We have talked several times about the PRU and the role it will have in looking systematically at things. It seems to me that one of the main sources of information for it will be this online system. It has the merit of largely being an all-singing and all-dancing system. I will come on to my noble friend Lady Noakes’s amendment in a minute. I think, therefore, that this is going to work well, but if the noble Lord discovers in the fullness of time that it is not doing so, I am sure he will come back and ask the Cabinet Office what it is up to.

Amendments 166 and 168 in the names of my noble friends Lady Noakes and Lord Moylan have been tabled to remove provisions in two pieces of transport legislation, both relating to contracts for subsidised public passenger transport services. The first repeals two subsections from Section 89 of the Transport Act 1985—that is a long time ago—dealing with the obligation to invite tenders for such contracts. This change would remove the requirement to issue invitations to tender individually to anyone who has given a written notice requesting this. The second amendment revokes two regulations from the Service Subsidy Agreements (Tendering) (England) Regulations 2002, dealing with information to be published regarding accepted tenders and where no tenders are accepted. These amendments were raised in Committee and, while both rightly seek to reduce the burden on contracting authorities, there are further considerations for the Department for Transport.

Not all transport is covered by the Bill, and we have carved out certain public passenger transport services under Schedule 2. The Department for Transport is reviewing procurements that fall under this separate regime as part of its review of retained EU law and its legislation more widely. It is important that what we do in our schedules does not impinge on that review. We are therefore unable to accept my noble friend Lady Noakes’s repeals today, but I have asked my officials to work with the Department for Transport to see whether it is possible to sort this out and bring forward a government amendment in the Commons to address her concerns. In the light of those various assurances, I respectfully request that noble Lords do not press their amendments.

Procurement Bill [HL]

Lord Clement-Jones Excerpts
Moved by
235ZA: Clause 40, page 25, line 16, at end insert—
“(c) if the contract is not included in a framework agreement.”
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

My Lords, I would be very happy if the Minister introduced my amendment, but in moving it I will also speak to Amendment 243A and Clause 40 stand part. My noble friend Lord Fox will speak to other Liberal Democrat amendments in this group that are in the names of my noble friends Lord Wallace and Lady Brinton. I know that my noble friend Lord Fox has congratulated the Minister already but it is the first time that I have spoken since I saw her on the Back Benches in our previous proceedings. I must congratulate her on her seamless move to the Front Bench—again.

Given the controversy surrounding these direct contracts, the removal of Clause 40 on direct awards would, pending greater transparency and equity for SMEs, be the preferable course. But these are specific amendments to Clauses 40 and 42, which would prevent direct awards being used within framework agreements and instead open all such awards to competition. This issue is seen all the time within the G-cloud framework; it prevents proper competition from British SMEs and simply reinforces the dominance of certain key foreign players in the market. These amendments would provide the opportunity to redress the balance and help support UK SMEs.

We will debate the role of frameworks later, but these amendments seek to highlight the blurring of direct award rules by smuggling in large, uncontested contracts within framework agreements. The notion that there is a ceiling above which such awards must be competed for, and below which they can be awarded directly, is theoretically sound if it is rigorously adhered to. We on these Benches would argue that the threshold of £250,000 is too high and that a figure of £100,000 would be more appropriate. I seek the Minister’s view on thresholds and how they are arrived at. However, thresholds are pointless if they are ignored or bypassed, which is what seems to be happening.

One very good example of where this system has completely gone off the rails is cloud computing. This important service is central to the Government’s digital plans. It seems that rarely is the ongoing cloud service bid seen as a separate service; rather, it is wrapped in a package being competed for through a framework agreement by the consulting giants. These consultants always seem to partner with one or other of the dominant, non-UK cloud services companies.

This has gradually led to a disproportionate level of awards to these companies. For example, in 2012-17, one company, Amazon Web Services, was awarded £25.5 million-worth of contracts from a total market worth £381.7 million—a market share of 7%. By 2018-22, its market share had ballooned to just a shade under 40%. In the current financial year alone, 2022-23, AWS has seen £87.7 million-worth of contracts from a total market of £137.6 million—a market share of 64%. The US federal Government estimate that the UK public cloud market was worth $12 billion in 2020 and growing, so AWS can expect a healthy $5 billion-plus, with Microsoft Azure not far behind. Almost none of this would have been opened up to competition.

Of course, in the UK, a company is deemed to have monopoly power if it holds more than 25% of the market. At the same time, the SME share of the market has fallen from more than 50% to just 20% in the last five years, and barely 10% this year. It simply reinforces the dominance of certain key foreign “hyperscalers” in this market. To be clear, it seems that these services are available from UK-based suppliers. We are not asking for preferential access for these UK suppliers, just that they are not locked out by the use of framework agreements in this way and the awards of direct contracts under them.

The Government talk about building a UK digital future, yet they systematically underwrite the development of non-UK businesses by ignoring their own rules. The Procurement Bill is supposedly designed, according to the Queen’s Speech, so that

“Public sector procurement will be simplified to provide new opportunities for small businesses.”


On top of this, the Crown Commercial Service’s own guidance on direct awards suggests that the procedure is suitable only for low-value, low-volume commodity products. In the case of AWS, some of the contracts, such as the Home Office contract, top £100 million in value, so they cannot be considered low-volume or low-value, nor can cloud hosting be considered a commodity, given the proprietary nature of the service and the consequences of that.

If the Government are true to their word, they will accept these amendments to ensure that the balance is redressed and UK SMEs are given a chance to compete on a level playing field. I beg to move.

Baroness Noakes Portrait Baroness Noakes (Con)
- Hansard - - - Excerpts

My Lords, I have Amendment 236 in this group. It probes the relationship between direct contract awards and framework contracts.

Direct awards are allowed under Clause 40 if they satisfy one of the justifications in Schedule 5, paragraph 8 of which allows them if they are similar to existing contracts for goods and services that have been entered into in the previous five years and in which the initial tender set out the intention to use the direct award justification. My amendment would change those five years to four years, specifically to probe the differences between a repeat direct award under Clause 40 and an award under a framework contract, as covered in Chapter 4 of Part 3.

Clause 45 says that a framework contract has a maximum duration of four years other than for defence and utilities contracts. Doubtless this is my ignorance speaking but I hope that my noble friend the Minister can explain to me the rationale for allowing five years for direct awards under Chapter 3 as opposed to four years for framework contracts under Chapter 4. My question is pretty simple: is there a substantive distinction between direct awards and awards under framework contracts, where the justification for the direct award is in paragraph 8 of Schedule 5?

It seems to me that this is another example of how the designers of this new procurement system have lost sight of simplicity and underlying principles in designing the system. However, there may be a good reason for that, of course; I look forward to my noble friend the Minister explaining it.

--- Later in debate ---
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

My Lords, it falls to me as the mover of the lead amendment to respond to the Minister. Clearly, there was quite a lot in what she said and we will need to brood over Hansard when the time comes because there are a large number of issues here. I recognise the Minister’s track record on SMEs but I am somewhat amazed that the Government have been commended on bringing greater clarity, as she put it, because our intention was to provide much greater clarity—and, indeed, equity—in all of this for SMEs. In terms of the addition of more time, burden and so on, I believe the Minister would normally think that we should go the extra mile for SMEs in these circumstances.

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

Certainly. We have discussed SMEs before; we have gone away to have a look at that issue. I recently held a round table with SMEs. Basically, they were positive about the Bill. Clearly, we have to see through and teach them about the new proposals. The basic point is that there are fewer different ways forward. I was quite surprised that that was the case but clearly there is complexity, and we have got to make sure that the Bill is in the right form.

--- Later in debate ---
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

My Lords, I think it partly depends on the market that is covered by particular SMEs. I could probably produce a range of SMEs that are not quite as pleased with their lot. Of course, that is partly the theme that the noble Baroness, Lady Hayman, and I have been talking about in terms of the UK cloud market.

I appreciate the fact that—stop press—it appears that the intention of Clause 41 is to prevent VIP lanes, because, let us face it, that is lesson number one from Covid. I hope that that is correct, but no doubt we will read carefully how and in what respect it gets rid of VIP lanes.

More broadly, virtually everyone who contributed to this debate wants to see a much clearer set of underlying principles—the noble Baroness, Lady Noakes, was clear on this—around how direct awards relate to framework agreements. I do not believe that we have seen that yet. Assurance from a Minister is one thing but seeing it in black and white in the legislation is another. I thought that the phrase “safe from challenge”, used by the noble Baroness, Lady Hayman, was exactly right. We have seen only too clearly what happens when there is no clarity; the Randox contract was an absolutely classic example of that. All of us hope that that will not happen again and hope to see a competitive market for our SMEs. However, I think we will probably have to return to this issue on Report.

In the meantime, I beg leave to withdraw the amendment.

Amendment 235ZA withdrawn.

Procurement Bill [HL]

Lord Clement-Jones Excerpts
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

My Lords, I rise to speak to a number of amendments in this group on behalf of my noble friend Lord Wallace and myself. I must first apologise that there was no presence on the Liberal Democrats Benches at the beginning. I am afraid my colleagues have been in the wars. My noble friend Lord Wallace is at the dentist, my noble friend Lord Fox is suffering from Covid and my noble friend Lord Scriven was delayed for four hours on a train—so it has all been a tale of disaster.

I shall speak first to my noble friend Lord Wallace’s Amendments 450 and 451, which are intended to probe the nature of the exemptions from publishing or disclosing information. It is welcome that centralised investigations by a Minister of the Crown into whether suppliers should be excluded are explicitly allowed under the Bill and that reports from these investigations must be published. However, under the current Bill the grounds for not publishing such reports include national security and the release of sensitive commercial information. Sensitive commercial information is defined under Clause 85 as any information which

“would be likely to prejudice the commercial interests of any person if it were published”.

Given that a debarment investigation, by its very nature, is likely to prejudice the commercial interests of a person in that it will have a significant reputational impact on a company or individual that will affect their commercial relations, this test is too broad and is likely to lead to many debarment investigation reports not being published or to decisions to do so being contested by the company.

Clause 85(2)(b) is likely to lead to more redaction of information than is necessary or in the public interest by putting the onus on the contracting authority to prove there is no chance it will cause any harm to the commercial interests of any person—a standard which is very vague and difficult to enforce. We therefore argue that information in public contracts regarding how public funds are spent should be public by design and redacted only by exception when doing so is in the overriding public interest. Doing so reduces the risk for contracting authorities and will avoid overreaction.

My noble friend’s Amendment 448 has the same intent as Amendment 449A. The noble Lord, Lord Berkeley, spoke to that amendment extremely cogently and I have signed it. As he said, the Freedom of Information Act 2000 applies to information about a contract held by a public authority but not normally to information held by the contractor. Public access to information about public sector contracts varies from contract to contract, depending on their precise terms and on the willingness of the parties to adopt measures permitting greater access.

Much of the information the public may seek will relate to problems not anticipated at the contract stage or to information which the authority did not consider it needed to monitor in relation to performance under the contract. The Bill provides for only limited disclosure to the public about the performance of a contract. An annual assessment of performance against KPIs will be required for contracts valued at over £2 million, but an authority will not be required to publish more than three KPIs and may not be required to publish any at all if it considers that they would not allow the appropriate assessment of the contract’s performance. The actual information to be published about compliance with KPIs will be left to regulations.

In any event, a 12-month wait for an annual publication is unlikely to satisfy the needs of those concerned about an existing problem, and this amendment, as the noble Lord described, provides that all information relating to a contract with a public authority held by the contractor or a subcontractor will be subject to the FoIA or to the Environmental Information Regulations 2004. As he described, this follows the approach of many countries’ FoI laws: for example, Australia, Germany, Ireland, Italy, New Zealand—I could go on.

Amendment 449 would in effect make this position under the UK’s Freedom of Information Act and the EIR. It would ensure that any information held by a contractor in connection with a public authority contract would be deemed to be held on behalf of the authority and thus be subject to the FoIA and EIR. The public’s right to such information would no longer depend on the precise terms of the contract. We strongly support that amendment.

We also support Amendments 455 and 459A in the name of the noble Baroness, Lady Hayman. I have also tabled Amendment 456, which is complementary to Amendment 459A. As the noble Baroness described, Amendment 459A is designed explicitly to frame a duty around transparency in UK procurement beyond publishing the notices themselves as required in the Bill. As she described, this is drawn from the OECD’s recommendation on public procurement and seems to have some purchase with the Cabinet Office. The amendment would help establish how and where the notices should be published. It also says why or what the objective behind publishing the notices is. It is important that the completeness and comprehensiveness of the notices are not changed without accountability.

Amendment 456 goes a bit further and adds specific requirements about the platform’s implementation and would ensure that the information on the digital platform was regularly reviewed for accuracy, timeliness and completeness. A crucial aspect is the need for the contract award notices to be published in a timely fashion. Current legislation requires contract award notices to be published within 30 days, yet research by the Spend Network shows that the mean time to publish contract award notices is over 40 days. Many ministerial departments spending billions of pounds take more than three months to publish notices. The Cabinet Office takes an average of 2.7 months. Vital information is missing from nearly three-quarters of contract award notices, and this is wrong because it denies the public, businesses of all sizes and the media the ability to understand what financial commitments the Government are making and with whom—as with that egregious fast-track PPE contract situation.

We need to ensure that this long-standing problem does not get worse and that the appropriate authority ensures that public sector organisations publish complete, accurate and accessible data under an open licence and that the 30-day threshold set out in Clause 51 is respected in practice. That is what Amendment—

--- Later in debate ---
Baroness McIntosh of Hudnall Portrait The Deputy Chairman of Committees (Baroness McIntosh of Hudnall) (Lab)
- Hansard - - - Excerpts

My Lords, I am tempted to say to the noble Lord, Lord Clement-Jones, that he need not sit down since I am about to call him.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

Thank you. My Lords, if noble Lords thought that my previous speech took a long time, they will not be happy with the second half of it, which concerns the technical parts. These relate to Amendments 452A, 452B, 519A and 519B, which are technical amendments from the Local Government Association designed to ensure that all notices come within the new digital platform.

Amendments 452A and 452B relate to Clause 86(1) of the Bill, which sets out that appropriate authorities may by regulations make provision about

“the form and content of notices, documents or other information to be published or provided under this Act”

and

“how such notices or documents are, or information is, to be published, provided or revised.”

The amendments would help ensure that future regulations do not contravene the purpose of the single digital platform wherever possible and support the move to progressively streamline the many different publication requirements for procurement information and contract-spend data placed on local government and the public sector as a whole through different pieces of legislation.

Amendment 519A would omit Section 89(4)(b) and 89(5) of the Transport Act 1985. This would remove the requirement for local authorities to issue notices of tender individually to all persons who have given to that authority a written notice indicating that they wish to receive invitations to tender for the provision of local services for that authority’s area. This would bring the requirements to advertise tenders for transport services into line with those set out in the Bill and facilitate the ambition to create a single digital platform where all public tenders are advertised in one place.

Finally, Amendment 519B would amend the Service Subsidy Agreements (Tendering) (England) Regulations 2002 by removing Regulations 4 and 5. Regulation 4 requires local authorities to publish information relating to tender invitations in accordance with Part 1 of Schedule 1 to the same regulations. Regulation 5 requires local authorities to publish tender information to the general public at times, in places and in a form which are convenient to the public, and to publish notices of tenders in local newspapers. Removing the two regulations would ensure that information about contract pipelines and contract awards for service subsidies will in future be published in the same place and format as information about any other public contract, to improve consistency and accessibility. A service subsidy in this context is where councils subsidise companies operating public passenger transport services to run services on routes which may not otherwise be economically viable, for example bus services in rural areas. I hope that has explained these rather technical amendments and very much hope that the Minister understands the motive behind them.

Lord True Portrait Lord True (Con)
- Hansard - - - Excerpts

My Lords, I apologise for not rising sooner; I never know how many spokesmen are going to rise from the various Benches. This has been another interesting and informative debate. It has also been extremely wide-ranging, as has become our custom in this Committee. I will try to answer as many points as possible, but there are things coming from various areas that we will look at carefully. This is your Lordships’ Committee and therefore it is perfectly reasonable for points to be made. My aspiration is to answer, but I may not be able to answer them all.

Before I get on to the main amendments, I will address various things I was asked about. The noble Baroness, Lady Boycott, asked about the Palantir contract. I am advised that this is a DHSC NHS contract. I am not informed in my department of the details she asked for, but I will ask my officials to follow up and respond to her later.

The noble Lord, Lord Berkeley, asked about a Written Ministerial Statement made last week. The timing of the publication of the participation in government commercial activity guidelines for Ministers referred to in that Statement is not connected to this Bill. The guidance sets out how Ministers can be appropriately involved in commercial activity, including procurements, under the current procurement rules.

I was anticipating in a later group—indeed, there are some relevant amendments—a debate about Hikvision. I am grateful for what the noble Lord, Lord Alton, said, as well as for the opportunity to speak to him about this matter, which, as he said, has some security considerations. So far as the actuality of what might or could happen is concerned—that is a potential rather than a loaded spin on it—it is ultimately up to contracting authorities to apply the grounds for exclusion under this Bill on a contract-by-contract basis. The national security ground is discretionary, meaning that authorities can take into account a range of factors, including the nature of the contract being tendered. However, the debarment regime will allow for the central consideration of suppliers on the grounds of national security. As the noble Lord knows, the Government’s security group is working with the National Technical Authority and the Government Commercial Function on the government security aspects of this issue.

I appreciate the noble Lord’s impatience, given the sensitivities of the issue. Policy options are being worked out for how to mitigate the security risks posed by this type of equipment; they range from primary legislation to ban certain companies from the government supply chain to issuing more advice and guidance for contracting authorities. The Cabinet Office has also published guidance setting out the steps that all government departments must take to identify and mitigate modern slavery and labour abuse risks throughout the commercial lifecycle, focusing on the areas of highest risk. We may well return to this issue in debate on a later group, but I can assure the noble Lord that the matters he raised are ones that the Government are not minimising but currently considering.

--- Later in debate ---
Lord True Portrait Lord True (Con)
- Hansard - - - Excerpts

My Lords, I have given further information. The noble Lord referred to a whole range of factors which he asked to be considered and asked me to respond to the Foreign Affairs Select Committee report and so on. I said I would reflect on all he has said and come back, but I gather there has been some reflection on this aspect of his menu. We will no doubt maintain this dialogue.

The amendments we were talking about—Amendments 448, 449 and 449A—all relate to freedom of information and seek to bring external suppliers into the scope of the Act. In practice, the Government do not believe that the amendment would add much and could impose burdens on businesses that would make public contracts unattractive. The public authority will already hold all the details of the tendering process and the resulting contracts, and that information can already be requested under the FoI Act. The desire has been expressed in some quarters to reform the FoI Act, but we are looking at the proposals before us.

Furthermore, information held by a supplier or subcontractor on behalf of a contracting authority is already within scope of the Act. The amendments also introduce unhelpful limitations on the ability of contracting authorities to withhold commercially confidential information. This is a point of debate, but the FoI Act sets out the duties on public bodies when they receive requests for information under the Act. Restating the operation of that legislation is not necessary in this Bill. The Bill sets out in detail what information is required to be published and the triggers for publication, as well as requiring contracting authorities to explain why they are withholding any data.

Amendment 449A also seeks to extend the enforcement powers of the Information Commissioner to suppliers and subcontractors and open them up to criminal prosecution. The Information Commissioner already has enforcement powers in relation to public authorities and therefore in relation to the information held by others on their behalf. We believe that transparency is a sanction for authorities that fail to fulfil their obligations to publish as the failure will be obvious to the public. Failure to publish information required by the Act could be subject to judicial review, and there is also potential for a civil claim for breach of statutory duty pursuant to Clause 89 if the supplier can demonstrate that it suffered loss or damage arising from a breach of a publication obligation. Additionally, an appropriate authority has a power under Clauses 96 to 98 to investigate a contracting authority’s compliance with the Act, make recommendations and, if appropriate, provide statutory guidance to share lessons learned as a result of the investigation. Recommendations issued under Clause 97 come with a duty on the contracting authority to have regard to those recommendations when considering how to comply with the Act, and failure to do so would also leave the contracting authority open to judicial review.

Where a contracting authority is required to publish something that includes sensitive commercial information, it may withhold or redact that information only if there is an “overriding public interest” in doing so. Where the commercial confidentiality exemption is used to withhold or redact information, this must be publicly recorded. As such, there will be full transparency about what has been withheld and why, and interested parties can always challenge such decisions by requesting the withheld information under FoI law. This process is subject to the oversight of the Information Commissioner. Interested parties can also complain to the procurement review unit, which we discussed the other day.

Amendments 450 and 451 are from the noble Lords, Lord Wallace and Lord Fox. They are absent, and I send them best wishes for their respective aliments. Expertus dico: I have just had an aliment as noble Lords saw in the last Session, and I very much feel for all noble Lords. These amendments would make it harder for contracting authorities to withhold information in instances where there is sensitive commercial content. The overall result could be the inappropriate disclosure of sensitive information or fear of such disclosure, both of which are likely to have a chilling effect on suppliers bidding if they cannot be confident that their commercial secrets will be respected by contracting authorities. This could lead to a reduction in choice, quality and value.

Amendment 452, tabled by the noble Baronesses, Lady Worthington and Lady Boycott, and Amendment 455, tabled by the noble Baroness, Lady Hayman of Ullock—which I think is intended to address the central digital platform, not the data on the supplier registration system—propose to introduce various requirements about the accessibility of published information and how it is licensed. The Government have already committed to a publicly available digital platform which will allow citizens to understand authorities’ procurement decisions. This data will be freely available. It will remain subject to data protection law and redaction under the exemptions set out in Clause 85.

However, not all information should be published on the central digital platform. For example, some associated tender documents produced under Clause 20 in certain procurement exercises may need to be circulated to only a limited group of suppliers, for instance, where that information is sensitive. As set out in the Green Paper, we will apply the open contracting data standard, and specify this in more detail in secondary legislation. Published data will be covered by open government licence where possible; personal data contained on the platform will be available without any licence.

Amendments 452A and 452B, tabled by the noble Lord, Lord Clement-Jones, would amend Clause 86 to ensure that regulations require publication on a single digital platform. These amendments are unnecessary as the Government have already committed to providing this platform.

The noble Lord, Lord Clement-Jones, has tabled Amendment 456, which imposes obligations on an appropriate authority in relation to standards and quality of data on the platform. Clause 86(1)(a) already makes specific provision for regulations to set out both the form and the content of information to be published under the various notices required by the Bill. This power is there to ensure that regulations can establish the very standards and formats that I believe the noble Lord is seeking.

On the noble Lord’s proposed new paragraph (b), a notice is usually a snapshot of a moment in time. Most notices should not be updated after the initial publication and it is the legal responsibility of the contracting authority publishing the information to ensure that it is timely, accurate and complete. The appropriate authority—a Minister of the Crown, a Welsh Minister or a Northern Ireland department—will not be in a position to verify all that information, which is why it is the responsibility of the contracting authority.

Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - -

My Lords, I apologise for interrupting, but can the Minister therefore explain why these time limits are so regularly and hugely overridden? The research shows, as I mentioned, that the Cabinet Office itself has a delay of 2.7 months compared with its legal obligation of 30 days. How does the Minister explain that, and why is no further action needed in terms of compliance?

Lord True Portrait Lord True (Con)
- Hansard - - - Excerpts

My Lords, if the Cabinet Office is sinning, I will take the matter away and look into it. I heard what the noble Lord said about time limits, but I do not have a specific response in this area at the moment, and nor can I either confirm or deny the figure he gave. We have undertaken to engage on these issues, and we will find the answers and will look very carefully at what the noble Lord said in his speech—or rather, his two speeches.

Amendment 458, tabled by the noble Baroness, Lady Hayman of Ullock, relates to the creation of a digital registration system for suppliers. The register of suppliers described in the Green Paper remains a priority, and provision for this register is set out in Clause 88.

Amendment 459, tabled by the noble Baroness, the noble Lord, Lord Coaker, and others seeks to introduce a requirement for government departments to produce reports on carbon emissions relating to procured goods, services and works. I made the Government’s position clear previously that such matters should not be included in the Bill and that remains our position.

I thank the noble Baroness and the noble Lords, Lord Coaker and Lord Clement-Jones, for their Amendment 459A. However, the Government are opposed to this amendment as well. It would create an obligation to have the central digital platform operational within six months of passing the Act. Just to be clear, Clause 86 creates the powers that the Government will use to require publication on the single digital platform. Clause 88 is the basis of the supplier registration system, which is the “tell us once” system through which suppliers will communicate information about themselves to contracting authorities.

I understand from his helpful explanatory statement that the noble Lord, Lord Coaker, was referring to the former—the single digital platform. We do not wish to commit to such a timetable now, as it might not be necessary or possible to deliver the whole functionality of that platform to that timetable. As the noble Lord knows, there is already a six-month period of pre-implementation built in, but I hear what he says and I think there is broad agreement in the Committee that this development is desirable. I welcome the positive response from the Liberal Democrats and Her Majesty’s Opposition, having had discussions about it, and I will take away what they say.