Amazon Web Services
Lord Clement-Jones Excerpts(5 days, 21 hours ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Leong (Lab)
My Lords, in respect of the noble Viscount’s point about cost, this happened just yesterday so, of course, we are still working it through; it will take us some time to evaluate how much it will cost the economy. I am sure that economists will be kept very busy for some time working out the costs and the impact on productivity.
We are already taking steps to strengthen the resilience of the UK’s digital infrastructure. Through the national cyber strategy and the national resilience framework, we are working with the National Cyber Security Centre to treat major cloud service providers as part of our critical national infrastructure. This includes measures to ensure that they have robust redundancy back-up and incident response capabilities in place. At the same time, we are consulting with industry on enhanced incident reporting and transparency requirements so that the Government can be alerted immediately to any service disruption that could have national impact.
Lord Clement-Jones (LD)
My Lords, at the very least, this should be a wake-up call for the Government. It is clear that the Government have been overdependent on two US cloud service providers, which, as the Competition and Markets Authority says, have 70% to 90% of the market, and restrictive practices impede competition. Of course, there is now a sovereign AI unit within DSIT. Will government procurement policy now change to encourage UK cloud service providers, which would then help to deliver sovereign AI? Will the Government also encourage the CMA to act rapidly, given this lack of competition?
Lord Leong (Lab)
I thank the noble Lord for those points. The Government are aware and are taking cybersecurity seriously. That is why we have published a number of strategies and are working with the National Cyber Security Centre, as I mentioned earlier. The noble Lord also mentioned procurement and the service providers. The three providers I just mentioned—Amazon Web Services, Microsoft Azure and Google Cloud—probably have something like 60% of the market share. Yes, we have other small, independent providers as well but, at the same time, procurement is dependent on government departments: on how they want to procure their services and from where. The basic point is that, going forward, we have to ensure that it is safe and resilient.
Global IT Outage
Lord Clement-Jones Excerpts(1 year, 3 months ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Baroness Twycross (Lab)
I think we all have huge sympathy for those affected. As the noble Lord rightly says, thousands of people were affected on the day. However, compensation is a matter for the individual operators and subject to consumer rules, which would cover any entitlement to compensation or refunds.
Lord Clement-Jones (LD)
My Lords, in the light of recent events, we are clearly talking not just about bad actors. Does the Minister agree that there needs to be a rethink about critical national infrastructure and our dependence on a few overly dominant major tech companies for cloud services and software, which are now effectively essential public utilities? Will the Government reconsider how we are wholesale replacing reliable analogue communications with digital systems without any back-up?
Baroness Twycross (Lab)
The noble Lord raises critical issues, a number of which will be covered by the cybersecurity and resilience Bill. I would welcome the opportunity to discuss these issues with him further.
Ministers: Legal Costs
Lord Clement-Jones Excerpts(1 year, 7 months ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Clement-Jones
To ask His Majesty’s Government what assessment they have made of taxpayer-funded legal costs incurred by Government Ministers, following the recent libel settlement funded by the Department for Science, Innovation and Technology.
The Minister of State, Cabinet Office (Baroness Neville- Rolfe) (Con)
My Lords, in line with established practice under multiple Administrations of all political colours, Ministers are provided with legal support and representation where matters relate to their conduct and responsibilities as a Minister. As set out in Chapter 6 of the Cabinet Manual, Ministers are
“indemnified by the Crown for any actions taken against them for things done or decisions made in the course of their ministerial duties. The indemnity will cover the cost of defending the proceedings, as well as any costs or damages awarded against the minister”.
Lord Clement-Jones (LD)
My Lords, I thank the Minister for that reply. The Prime Minister put it rather differently. He said
“it is a long-standing convention stretching back many years … that the government will fund those legal disputes when it relates to government ministers doing their work”.
How can making party-political libel posts on X on Friday at midnight constitute “Ministers doing their work”? Why should this settlement come out of the public purse? Is this not a breach of the Ministerial Code, after all?
Baroness Neville-Rolfe (Con)
As I said, it is long-standing practice. Indeed, the Secretary of State concerned made a statement this morning at the Lords Science and Technology Committee and explained the circumstances in full, including how she was engaged in official work and got support from officials on the disputed letter.
Baroness Neville-Rolfe (Con)
I do not see it that way. The Secretary of State gave evidence this morning to the Lords Science and Technology Committee. There was a brief discussion of this matter. They then moved on to discuss important points about science, which she and this Government are extremely supportive of and have done so much to make sure that the UK is one of the leaders in the world in science and technology matters.
Lord Clement-Jones (LD)
My Lords, is this not another case of the Government marking their own homework? What is the Government’s ethics adviser saying about this? Have the Government taken a proper view from the ethics adviser?
Digital Government (Disclosure of Information) (Identity Verification Services) Regulations 2023
Lord Clement-Jones Excerpts(1 year, 11 months ago)
Grand CommitteeRead Full debate Read Hansard Text Read Debate Ministerial Extracts
The Minister of State, Cabinet Office (Baroness Neville-Rolfe) (Con)
My Lords, I am glad to see the noble Lord, Lord Stevenson of Balmacara, and others, and I echo what he said about our constructive discussions in 2014-16. I am also pleased to see my noble friend Lord Camrose championing intellectual property, as we try to do, and to see him accompanied by my noble friend Lord Evans of Rainow in his new position as Cabinet Office Whip.
The Digital Government (Disclosure of Information) (Identity Verification Services) Regulations 2023 are an important part of this Government’s commitment to strengthen the use of data and information across the public sector. We are bringing these forward so we can deliver better and more joined-up services and, in turn, improve outcomes for our citizens.
The regulations aim to allow information sharing between named bodies for the specific purpose of supporting cross-government identity checking when it is needed. Verifying a user’s identity—ensuring that a person is who they say they are—is a key part of delivering many government services. The draft regulations enable this by establishing a new data-sharing objective under Section 35 of the Digital Economy Act 2017 and by setting out which public bodies may use the new objective. This will create a legislative gateway, enabling us to use existing data sets, which public bodies already hold, to help as many people as possible to access the government services that they need online. It is therefore central to the development of more inclusive and accessible systems.
Specifically, the proposed objective would unlock the full benefits of the new cross-government digital system known as GOV.UK One Login. This is now live; users are able to set up an account, log in and prove their identity in order to access an initial set of 24 government services, with more being added all the time. However, at the moment, users must have photographic documentation, such as a passport or driving licence. This will change following the introduction of the new objective, as it will unlock new ways for people without photo ID to prove who they are, opening up the system to more users.
The delivery of One Login is a step change in simple joined-up access to government services online. This, in turn, delivers substantial cost and time savings for the Government and users by reducing duplication and providing enhanced capability to identify and stop fraudsters. In summary, the proposed objective will, first, enable checks against existing government-held information, such as PAYE and benefits data, to build confidence in the user’s identity, which will be particularly key where service users do not have a passport or driving licence. Secondly, it will provide a specific legal framework for checks against documents currently used in identity verification, such as driving licences. Thirdly, it will enable the sharing of the results of identity checks performed by one named body with another, so that users need to prove their identity only once.
The draft regulations set out which of the bodies already listed in Schedule 4 to the Digital Economy Act can use the new identity-verification data-sharing power, such as HM Revenue & Customs and the Department for Work and Pensions. They also add four new public bodies to the schedule that will be able to use the power: the Cabinet Office, the Department for Transport, the Department for Environment, Food and Rural Affairs and the Disclosure and Barring Service.
The public bodies listed in the regulations are either bodies that hold information that could be used in support of proving that someone is whom they say they are or those that own and manage services that people need to access, which they therefore need to receive the results of identity checks. Of course, some public bodies do both.
The territorial extent of the draft regulations is England, Wales and Scotland. The Information Commissioner’s Office and the devolved Administrations support the draft regulations, and indeed the Scottish and Welsh Administrations have requested that certain Scottish and Welsh bodies be included in the draft regulations to enable them to use the new data-sharing power—so it is devolved friendly.
I am sure noble Lords will be pleased to know that these draft regulations have been subject to the standard rigorous processes of internal and external review. In the first instance, the objective has been subject to scrutiny by the Public Service Delivery Review Board, as set out in the underpinning code of practice on public service delivery, debt and fraud of the Digital Economy Act 2017. The board recommended that Ministers take forward these draft regulations since they meet the required criteria of supporting the improvement, or targeting, of public services to individuals in order to enhance their well-being.
Furthermore, the objective has been subject to a public consultation, which received more than 66,000 responses. Some respondents recognised the benefits to individuals of improved and more inclusive services. Some mistakenly expressed concern that this was a back-door route to identity cards. Therefore, in response to the consultation, the Government confirmed that they have no plans to introduce mandatory digital ID or identity cards. We also published additional information on how GOV.UK One Login will operate within these regulations and within the overall data protection framework. We extended the time between the regulations being approved and coming into force, and we amended some of the wording to reflect that of the Act. Of course, the Government understand that people want to protect their personal information and this is central to our approach. The draft regulations relate to using data only for the purpose of identity verification.
Part 5 of the 2017 Act gives the Government powers to share personal information across organisational boundaries to improve public services. It lays down what data can be shared and for which purposes. Data sharing must also have regard to the accompanying statutory code of practice on public service delivery, debt and fraud, which sets out how the power must be operated, including how any data shared must be processed lawfully, securely and proportionately in compliance with data protection legislation and UK GDPR.
The Digital Economy Act statutory code of practice on public service delivery, debt and fraud also requires information-sharing agreements to be listed on a public register of information-sharing activity under the powers. The framework for data sharing under the DEA provides a supportive background to help organisations to share data in ways that benefit the public, as confirmed by the Information Commissioner’s Office in its recent review. It includes robust safeguards that ensure that organisations share data responsibly and in alignment with data protection principles, while also safeguarding people’s rights.
I think these regulations are relatively straightforward and important, and I hope that colleagues will join me in supporting them.
Lord Clement-Jones (LD)
My Lords, it is good to see the Minister move seamlessly from intellectual property to digital and data, but both can sometimes create their own questions. Since this is the first time we have debated One Login in the Lords, I hope that the Minister will not mind if she gets a large number of questions about the scheme. As I understand it, the goal of the One Login programme is to create a log-in database owned by the Government and containing the verified names, addresses, dates of birth, phone numbers and email addresses of everyone who uses—eventually—all Government-owned digital services, which is likely to be everyone in the country.
Perhaps unfairly, I have always thought of One Login with some scepticism, as the son or daughter of Verify, and not in a good way. The cost of the failed Verify scheme was over £200 million. It would be very useful as part of this debate to hear the cost of OneLogin so far and how much more is budgeted to be spent on its rollout. It does seem strange that the Government are having another crack at a single verification system, given the many other trustworthy existing systems that could be adopted.
First, I think it worth mentioning what the Secondary Legislation Scrutiny Committee said in its 55th report in October. I think it was rather baffled and scathing at the same time:
“This is a classic example of an Explanatory Memorandum … with too narrow a focus”.
I think it felt it was being bounced to some extent, without the context in which One Login was going to be designed to work. It said:
“We therefore request that the Cabinet Office revises its”
Explanatory Memorandum
“to include sufficient background information to enable any reader to understand the legislation’s practical effects”.
I suppose I am lucky in that I followed the gory progress of Verify through to One Login and the current date. I have some idea of the purpose behind One Login. As I understand it, the principal effect of these regulations is to allow the Government to share data for the purposes of identification. The SI does not restrict those flows of data; data can flow into the Cabinet Office as envisaged but identity data can also flow from the Cabinet Office to any other listed department. I hope that the Minister will be able to confirm that.
Will the Government allow population databases to be copied, whether openly or not? The revised Explanatory Memorandum is silent on this, and it is unclear if this assurance from the Government’s consultation response will be delivered. The response said:
“In particular, information will set out which departmental services are using identity verification services to support delivery and which will provide data to help departments establish who a person is”.
Will that actually happen? Will there be that level of transparency? There are apparently no safeguards on sharing bulk data if the Government want to share for this purpose across government. What transparency will there be if and when this takes place?
There is then the question of for whose benefit One Login really is. Is this a “better login to government” project, which many people might applaud, or is it a “one identity to government” project? The answer at the moment appears to be the latter. I say this because medConfidential, which I thank for its briefing, reports that a
“meeting held during the consultation was told that the Government’s intent is to actively prevent individuals from having multiple login accounts. A person may be able to have multiple email addresses— indeed, they may already do—but Government would attach them to a single ‘identity’. This regulation allows that database to be shared in bulk”.
Not to put too fine a point on it, that turns One Login into a tool of a centralising state—with implications for the privacy of the citizen—which the Government have previously assured us many times they were not building. I would therefore be extremely grateful if the Minister described the reality of One Login, as well as its purpose and operation.
At a roundtable on the consultation, the Government Digital Service apparently said that the regulation’s “first use is One Login”, which suggests there will be a second use. It is unclear to us to what extent the DWP will embrace One Login for government, for universal credit, for HMRC’s services, or indeed for the MoJ’s digital courts. What commitment from government departments and agencies is there? I can see that they are all listed, but Verify fell down precisely because of the lack of commitment from many government departments. What about the identities, too, of public servants? Will they be able to have multiple identities as both citizen and employee? What is the reality of that?
Lord Clement-Jones (LD)
Let me understand this. In effect, data is being shared across departments so it is not simply a way of having a wallet, if you like, within the Cabinet Office that then gives you a clear identity for the purposes of accessing government services across government; it is a question of sharing that identity data across government departments. It is data sharing in bulk across government departments.
Baroness Neville-Rolfe (Con)
It is data sharing for the purposes of digital identity. Ultimately, by April 2025, we hope to have approximately 145 central government services that can be accessed via One Login. It is a mistake to think that this is somehow going to be used in the bulk way that the noble Lord describes. It is about identity checking, not collecting huge amounts of data for use in a Big Brother sort of way; the noble Lord may have misunderstood this. Users can delete their account at any time. I think that the noble Lord’s concern is perhaps misplaced.
Baroness Neville-Rolfe (Con)
While I am on the subject of benefits to the individual, there is an example that I would like to share with the committee; it reflects a question that I asked. Sometimes, married women have two different names. I am in that lucky, or unfortunate, position. We understand that some users will need or want to use multiple accounts, so users can already set up multiple accounts on One Login using different email addresses that can relate to different names. From next year, we plan to allow users to link accounts under the same verified identity. The noble Baroness, Lady Chapman, asked us to look through the eyes of the individual. This is one of the things we have been trying to do in this programme, learning from the past.
Baroness Neville-Rolfe (Con)
The difference is that, at the moment, you tend to have to provide a passport. It is difficult to log in to some of these services without a passport or a driving licence. In future, as I made clear in my introductory remarks, it will be possible to use different sorts of identity data and to have a system within government that allows us to do that. That will have the effect of making it easier for more people who are finding establishing their identity difficult without encouraging a lot of identity fraud, which is obviously another concern that one has to take account of in putting these systems together.
Lord Clement-Jones (LD)
I entirely appreciate the Minister taking the trouble to talk us through this. The question is: for whose benefit is this? Is this so that government departments can identify somebody right across the board, so that you can have only one identity in government and so that the Home Office will share data with universal credit and every other department that interfaces with an individual? Is that the idea of this One Login? Or is it possible to have more than one digital identity?
Baroness Neville-Rolfe (Con)
One obvious benefit is that more and more government departments are using digital. The technology is transforming our lives, after all. Once you have this single digital identity, you will then be able to use it to access services and opportunities from other government departments as well. That is the point: the digital identity will be used across the board. That is helpful to individuals. I should add that a document is published on GOV.UK outlining what data is being used by One Login. I think it is worth noble Lords looking at that.
The noble Lord, Lord Clement-Jones, rightly asked a question about cost—something we always used to ask about in our previous debates. The One Login programme’s total budget for 2022-23 to 2024-25 is £305.4 million. Of this, the programme forecasts expenditure of £132.7 million on the development and rollout of the system by the end of the current financial year.
The noble Lord mentioned the Explanatory Memorandum. We did indeed make some changes, as he acknowledged, to the Explanatory Memorandum, which was made available to the SLSC, to provide a clearer explanation of which part of the law the instrument is changing and why. He mentioned that the revised Explanatory Memorandum was laid on 2 November, and provided more contextual information. In particular, it explained that the SI provides the statutory basis for specified public bodies to share data in order to verify an individual’s identity in a safe and secure way so that they can access public services online, and that duplicative systems are being replaced with a single account. This is an obvious benefit.
The SI will also enable the GOV.UK One Login to draw on a broader range of government-held data sources when users need to verify their identity. That is an important point, because it is difficult for people who do not have a passport or a driving licence under the current system.
We are committed to being open and transparent by making information about data shared under the Digital Economy Act easily available for all to find and understand in the public register of data-sharing agreements. That was one of the safeguards laid down in that Act, so we have obviously taken that on board. That is an important point of transparency.
This is also underpinned by a robust code of practice—I have read it—which was created by Section 43 of the DEA. That sets out how the power must be operated, and includes setting out how any data shared under this power must be processed lawfully, securely and proportionately, in line with data protection legislation. We therefore have the DEA and data protection legislation coming together to allow us to implement this, hopefully life-changing, bit of technology in a way that protects the citizen. Obviously, the Cabinet Office is responsible for maintaining that register, and the Public Service Delivery Review Board is overseeing strategic consistency.
We have not seen that many regulations made under this Act—I think there was one on social care before—but we can see the value of the Act and the safeguards that Parliament added to it coming through.
On voter registration, the noble Baroness, Lady Chapman, raised a very good point, to my mind. I will have to follow up in writing. Fundamentally, as she said, these regulations will enhance the user experience. Despite many improvements over the last few years, today’s experience of interacting with government is too fragmented. We have multiple logins, and we are repeatedly asked the same information, which sometimes one has recorded on the phone—and sometimes recorded wrongly, as I know from my own experience. This is the same for everyone trying to access government. One Login will replace this with one system; we are used to this on our phones and so on, and there is a lot to be said for this new arrangement. We will have better data sharing to help those people without traditional forms of ID to access the services online that they need.
I hope noble Lords, having heard the benefits of the regulation—
Lord Clement-Jones (LD)
My Lords, I am sorry to interrupt the Minister as she comes to the final furlong, but the question of oversight raised by the noble Baroness, Lady Chapman, and by me, and the standards that will apply to this system, are extremely important.
Baroness Neville-Rolfe (Con)
Given the time, I will take that away, along with the voting point, if I may. I drew attention to the code of practice and the parent Act; we have every intention of following the principles, but the point about review and oversight is well made by the noble Lord, as always. I will come back to him on that point.
I am sorry that I have not been able to answer every question on the login area. I can introduce noble Lords to my honourable friend in the other place, Alex Burghart, who has spent a great deal of time developing these regulations. The point is that these narrow regulations before us today are a necessary enabler for this major change for the citizen. I hope that noble Lords, having heard the benefits, will join me in supporting the draft regulations. I commend them to the Committee.
Emergency Alert System: Fujitsu
Lord Clement-Jones Excerpts(2 years, 6 months ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Baroness Neville-Rolfe (Con)
My noble friend and I agree that the impact of the Horizon scandal on postmasters and their families is utterly horrendous; we used to work together on this when I was on the Back Benches. That is why the Government have set up an inquiry, much encouraged by my noble friend, to get to the bottom of what went wrong and ensure that it can never happen again, as well as providing compensation for those affected.
All government contracts are awarded in line with procurement regulations and transparency guidelines, and that goes for the contract on the alerts. As noble Lords would expect, robust security measures are in place as part of the procurement process.
Lord Clement-Jones (LD)
My Lords, I pay tribute to the noble Lord, Lord Arbuthnot, for his relentless campaigning over a period of 13 years. Otherwise, the sub-postmasters would not have received any form of justice. Fujitsu’s track record is quite appalling; the noble Lord mentioned that it has never apologised. It was described as giving unsatisfactory and inaccurate evidence in the case brought by the sub-postmasters. The NHS terminated two contracts with it back in 2008-09, then Fujitsu sued the NHS for £700 million and did not settle for 10 years. On exactly what basis do the Government judge Fujitsu to be fit and proper to hold this contract?
Baroness Neville-Rolfe (Con)
I will make one preliminary point: Fujitsu has been fully co-operating with the postmasters inquiry. I also emphasise that there is no link between the small amount of work that Fujitsu has done for DCMS and the Cabinet Office and the work done for the Post Office.
Security of Government Devices
Lord Clement-Jones Excerpts(2 years, 7 months ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Collins of Highbury (Lab)
I did ask someone earlier what TikTok is—I thought I was a modern person, but clearly not.
Can the Minister tell us whether this sort of interpretation is going to involve a change in the Ministerial Code? A Minister may not think sharing a draft Written Ministerial Statement on personal email qualifies either as substantive business or as a security risk, but the Home Secretary was of course temporarily forced out after sending such material to the wrong people. Oliver Dowden also talked about the granting of exemptions for operational reasons. Can the Minister provide an example of why a banned app may be deemed necessary? If she cannot today, could she write with such an example?
This debate takes place in the context of wider concerns about some forms of Chinese-made technology, including CCTV camera systems. On 2 February, my noble friend Lord Bassam of Brighton asked when the Government would commence important product security provisions under the Product Security and Telecommunications Infrastructure Act, which is intended to protect users of smart products such as CCTV doorbells. The noble Lord, Lord Parkinson of Whitley Bay, was unable to provide any date. I hope the Minister can do so today. The Government said they intended to bring the first half of that Act into force as soon as practicable, so why are we still waiting?
Lord Clement-Jones (LD)
My Lords, as a long-standing deputy chair of the all-party China group, I welcomed the proportionate approach taken in the Government’s statements in the integrated review refresh about relations with China. In the face of the current human rights position in Xinjiang and the situation in Hong Kong, however, this should not change any time soon.
On these Benches, we are in strong agreement with those who consider that the Government could and should have been a great deal more strategic about relationships with sensitive Chinese suppliers—whether internet or data based, hardware or software related—in the run-up to this Statement. This is a one-off Statement about TikTok, a social media company. It would be good to see the assessment and the evidence of potential cybersecurity issues which the Government have not yet—as far as I know—produced.
However, when it comes to makers of surveillance cameras, as the noble Lord, Lord Collins, said, the Government appear far more reluctant to act. The Surveillance Camera Commissioner, Professor Fraser Sampson, has been very clear in his warnings, in particular about Hikvision and Dahua cameras, which, as far as we know, are used extensively in Xinjiang for surveillance purposes and pose security risks here, even when live facial recognition is not enabled.
Just last week, we saw Tesco lead the way in the private sector and order the removal of these cameras from its stores. The Government have simply ceased to install them. Why are they not directing their removal, particularly in police forces? Have they mapped exactly where on the government estate and in other spaces these cameras remain?
Regarding TikTok, why act so late when the EU and US, as the noble Lord, Lord Collins, mentioned, acted earlier? Presumably they have the same security information. When did the evidence emerge that has led to this ban? Will the Government publish the review by cybersecurity experts which assesses the risks posed by these third-party apps on government devices?
As the noble Lord, Lord Collins, also mentioned, why are private devices used by government Ministers not covered? I note that Oliver Dowden repeated that position last week. After all, we know there has been extensive use of private devices by Ministers, particularly —dare I say—among former Health Ministers. What assessment of this aspect has been made? Which government departments and public bodies are actually covered? What is the process for drawing up the promised approved list of apps? What criteria will be used?
As many said in the Commons, this looks like whack-a-mole; the Statement is no substitute for a coherent cross-government strategy. Why do the Government not now move, for instance, to include the capture of biometric data in the definition of “critical national infrastructure”? Questions have been raised recently about Chinese cellular internet of things modules—CIMs—which are imbedded in many devices. What is the Government’s approach to this? Are they even aware of what CIMs are?
Finally, if the Government are concerned about information being harvested by social media and other apps, why is the Data Protection and Digital Information Bill, now before the Commons, widening the circumstances in which research data can be used for commercial purposes? Is this not a typical example of this Government’s incoherence and lack of co-ordination on issues such as this?
The Minister of State, Cabinet Office (Baroness Neville-Rolfe) (Con)
My Lords, I welcome the welcome for the Statement made by my right honourable friend the Chancellor of the Duchy of Lancaster last week. By way of background, I should explain that the Government commissioned a review by our cybersecurity experts of the risks posed by third-party applications, including TikTok. As a result, the review concluded that we needed further security measures to protect the data.
There is obviously a limit to what I can say due to the sensitive nature of the Government’s work, but we are taking what we believe is proportionate, considered action to strengthen the security of government devices, and we are doing that in two ways. First, as is already the case in many departments—and that includes my own, the Cabinet Office—all government departments will now move to a system where only the third-party mobile apps available on their devices are those which have been pre-approved for inclusion on a departmental “allow list”.
Secondly, as a precautionary measure, all government departments are now required to take action to prohibit TikTok on their devices with immediate effect. It is a prudent, proportionate step, and more broadly, we are absolutely committed to bolstering national security, of which this is an example. As I explained to the House about 10 days ago, new guidance on the use of non-corporate communications will be issued very shortly and will bear on some of the questions that have been raised.
I was asked about TikTok on Ministers’ personal devices. The Secretary for State for Energy Security and Net Zero, who has been quoted, supports our policy and has been very clear that he has never used TikTok on his government devices. On personal devices, it is more of a personal choice. As I have explained before, all Ministers are carefully trained in security when they are appointed, and they have a briefing from time to time to keep that up to date.
To answer the question about exemptions, the business justification for having TikTok on government phones is to my mind very limited, but there are a small number of cases where it is necessary. Examples would include security and law enforcement. I know that some of my colleagues who are involved in security may need to use TikTok to make observations. Marketing would be another area—I think that the Secretary of State for Energy Security and Net Zero, Grant Shapps, comes into that category. We need to have common sense and proportionality. Departments will be able to make exemptions on a case-by-case basis through a departmental approval process, but with ministerial clearance as appropriate and risk mitigation in place.
Regarding Chinese security cameras, we have acted— we have discussed this in this House many times. We are also strengthening the powers in our Procurement Bill, and suppliers will be considered for addition to the debarment list on the basis of a rigorous and fair policy. This policy is under development, so it is too early to say, but regarding the action we have taken, we are now working with departments to make sure that Hikvision cameras are phased out.
The noble Lord, Lord Clement-Jones, talked on a more strategic level about China, about which we need to be sober and realistic. Obviously, we do not dispute the importance of China, but it has become more authoritarian at home and more assertive overseas, which is of concern to the UK—our policies need to reflect that. In the integrated review refresh, which was published last week and is well worth a read—the noble Lord referenced it—the Prime Minister set out clearly the overall direction across government for a consistent, coherent and robust approach to China, rooted in the UK’s national interest and aligned with our allies. A proper, and properly resourced, approach to security is an important part of that.
I repeat that the Prime Minister set up a new department, and the Budget included a substantial pledge—£3.5 billion by 2030—to support the Government’s ambitions to make the UK a scientific and technology superpower. This is one of the Prime Minister’s five priorities. So we should take the steps we need to take for security, but we also need to be careful to encourage the positives of new technology, whether that is AI, quantum technologies or engineering biology. We seek an important balance here.
Civil Service: Digital Skills
Lord Clement-Jones Excerpts(2 years, 8 months ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Clement-Jones
To ask His Majesty’s Government what steps they intend to take in response to the Global Government Forum report UK civil service digital skills, published on 29 November 2022.
The Minister of State, Cabinet Office (Baroness Neville-Rolfe) (Con)
My Lords, the Government are already taking action to build digital skills at scale and have a clear road map, set out in the Transforming for a Digital Future strategy, which we published in June 2022. The road map has set a target to upskill at least 90% of senior civil servants in digital and data by 2025 and to strengthen the attraction and retention of digital talent by bolstering the Government’s recruitment brand and pay offer for specialist skills.
Lord Clement-Jones (LD)
My Lords, the Government claim that their 2022-25 digital and data road map will usher in a
“new era of digital transformation”
for public service improvement, yet Civil Service skills are clearly inadequate to deliver it. As the NAO has pointed out, there has been
“a consistent pattern of underperformance”
in public services for many years. What will be different this time? Is not the road map another example of this Government’s wishful thinking?
Baroness Neville-Rolfe (Con)
It is important to have an ambition and a road map if you are going to move things forward. We have a Prime Minister who regards the digital and data area as very important. We have set out our digital future strategy, which includes, on the point that the noble Lord is concerned about, that 90% of senior civil servants will be upskilled in digital and data through that programme. Digital professionals will also have top-up training every year. We are moving to recruit a lot more civil servants in the digital and data area; we have 4,000 vacancies, which is too many, but we are doing everything that we can to attract more people. This includes a capability-based pay scheme and much more focus on the regions, where we believe that we can get more digital talent out of the universities, often working away from London in centres such as Cardiff and Darlington.
Preparing for Extreme Risks (RARPC Report)
Lord Clement-Jones Excerpts(2 years, 9 months ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Clement-Jones (LD)
My Lords, I express my own thanks to our chair, the noble Lord, Lord Arbuthnot, not only for his excellent introduction today but for his superb chairing of the committee, especially given that meetings had to be conducted remotely almost throughout. I support his thanks to our terrific staff and advisers, and to my fellow committee members for their stimulating company and insights.
I joined the committee encouraged by some of the writing of the noble Lord, Lord Rees, especially in his excellent book On the Future: Prospects for Humanity, in the hope and expectation that we would grapple with how best to anticipate and mitigate some of the extreme and existential risks we face in the UK, particularly those arising from new technologies such as artificial intelligence.
However, the fact is that, in risk terms, we have rarely been thinking beyond a two-year timeframe, let alone a parliamentary term, and we found that our system is completely deficient in assessing and planning for chronic or long-term risks and has a bias against low-likelihood, high-impact risks. In his evidence to us, the noble Lord, Lord Harris of Haringey, chair of the National Preparedness Commission, rightly questioned whether the current political system, with short parliamentary terms and ministerial postings, allows for the proper consideration of risk. Sir Patrick Vallance, who it is clear will be playing an important role in government reforms in this area, was even blunter, saying:
“If you take a two year outlook, you get the wrong answer.”
We discovered that it was not just generational risks where risk assessment and planning were inadequate, such as with climate change or AGI—artificial general intelligence—but that we failed even when it came to the medium term. As we have heard, the great irony is that, prior to the onset of Covid-19, the UK’s approach to risk assessment and management—as the Institute for Government pointed out in its report Managing Extreme Risks—was admired. It is clear, however, that there are both cultural and institutional flaws in planning, assessment, mitigation and prevention. The time is never right for expenditure on prevention and mitigation, as the noble Lord, Lord Rees, says—another plug for his book—in his new introduction.
The risks we face are changing. As we say in the report:
“Technological advances have raised the threat posed by the malicious deployment of technologies which could be used for good or ill, while traditional threats such as those from nuclear or chemical warfare remain.”
We also found that the Government’s risk assessment process through the NSRA looks at only discrete risks and is unable to encompass the complexity of risks facing the UK. It has failed to account for interconnected or cascading risks, which go far beyond the failure of one part of a system.
In his prologue to his book Apocalypse, How?, one of our witnesses, Sir Oliver Letwin, posits a national emergency where the internet goes down, electricity supply fails across the country and no analogue communications backup is available. Given the way that BT’s Digital Voice programme to replace copper telephone lines with fibre seems to be taking place without any assessment of the impact on national resilience, it looks like we are heading for an emergency of exactly that type. Robert Harris, author of The Second Sleep, illustrated this graphically in his evidence:
“Sophisticated societies do collapse. Every civilisation collapses. You cannot think of one that did not face some terrible crisis, partly because they became so sophisticated.”
We further found that the central government risk assessment process has developed a culture of secrecy that impedes thorough scrutiny, expert consultation and information sharing with key partners, as experience with Exercise Cygnus and the DHSC’s more recent report on learning Covid lessons are already showing.
I welcome a great deal of the Government’s response and the new resilience framework, particularly the adoption of the overarching three principles adumbrated by the noble Lord, Lord Arbuthnot, and action relating to local resilience forums and the voluntary sector—and, indeed, relating to the development of skills. But how will the resilience directorate and the new head of resilience be
“providing leadership for this system”?
It seems there will not be any teeth in terms of challenging lead government departments.
Then we have the lack of a statutory duty regarding critical national infrastructure threats, which could be the Achilles heel of our risk planning. How does this square with the commitment to deliver resilience standards in the private sector? What does action to “refresh” the NSRA mean? What methodology will be adopted? Why is there no commitment to looking more than five years out? These proposals all aim to ensure that we have a much better handle on the future. As Professor William MacAskill says in his recent book, What We Owe the Future, sacrifices can actually be win-wins for posterity. I hope the Treasury takes note.
Baroness Neville-Rolfe (Con)
I always like to be the bearer of good news from the Dispatch Box.
We are going to be updating the risk register, as everybody has talked about. I cannot give an exact date, but I can say that we are working on these issues with energy. I am delighted to be working now in this area, and obviously very keen to make progress. I do not think that I can say anything today about the very important issue of powers, because I was on the Back Benches during all the Covid measures, so I very much understand the points that have been made. We have got a Covid inquiry that is taking place, and there has to be some sort of interaction between the Covid inquiry and what we do for the future.
I am very grateful to my noble friend Lord Arbuthnot for his positive comments on the resilience framework. I am pleased that he recognises elements of his committee’s recommendations within it—in fact, nearly all the recommendations were accepted in whole or in part. My noble friend rightly raised transparency and challenge. We set our commitment to both in the framework and are already working to embed the principles across my departments, and across others. As an example, the national risk register, when it is published in the coming months, will include more detailed risk information and guidance than previous iterations, and it follows the new classified version of the national security risk assessment.
Noble Lords will be pleased to know that the development of the latter involved a great deal of external challenge this time, and the NSRA is more robust as a result. My colleague the Chancellor of the Duchy of Lancaster will be chairing the next UK resilience forum in February—just one way in which we are incorporating more independent challenge and expertise from outside government. I hope that further work on resilience this year will demonstrate more progress, and we will update Parliament through our inaugural annual statement on resilience.
The noble Lord also raised the committee’s recommendation, as others did, for an office for preparedness and resilience, and the accountability issue was emphasised by the noble Lord, Lord Browne of Ladyton, who sadly had to slip away. It is a key factor of the framework and, while have not chosen to establish a new body, we are taking steps to address the spirit of the committee’s recommendations. We agree with the noble Baroness, Lady Brinton, on the need for culture change—a point that she rightly often makes—and that is already happening.
The strength and function at the centre of government build on the approach that we have got under way on things like procurement and infrastructure, and I am sure that it will lead to much better coherence and accountability in the resilience system. We are also strengthening the lead government department model of risk ownership and are establishing a sub-committee of the National Security Council to enable Ministers to focus on national resilience, because ministerial involvement is important in getting things effectively progressed. I need hardly say that the Government also agree with the report’s emphasis on training, conducting exercises and performing dummy runs as a fundamental part of our collective resilience.
We are not just going to carry on as before, as the noble Lord, Lord Berkeley, rather mischievously said, and I look forward to giving evidence to his Built Environment Committee on infrastructure next week and to discussing the improved way we now monitor the progress of hundreds of infrastructure projects.
I am sorry that it has been over a year since the committee’s report was published, but the Government, as I have already outlined, have taken a number of steps to address the points that were raised. It is worth reiterating three key themes. On finalising a new classified national security risk assessment, the changes were informed by recommendations from the committee, but also by an external review from the Royal Academy of Engineering in September 2021. The intervention of the noble Lord, Lord Mair, showed the importance of bringing in the engineers.
Lord Clement-Jones (LD)
My Lords, I apologise for interrupting the Minister but one of the key points is about the methodology adopted for the NSRA, and one of the key issues that appears to be emerging is that the Government do not seem to be committing to go beyond a five-year horizon. What assurance can the Minister give about the methodology that is going to be used, and whether we are going to be looking further into the future?
Baroness Neville-Rolfe (Con)
I think the noble Lord is right that the main focus is on the next five years, but I will perhaps come back to him to discuss that point further. It is clear from what I have been saying that we are looking at extreme risks, and they are not necessarily going to arrive tomorrow, so I understand and sympathise with the point he has made.
The second step is strengthening the crisis and resilience structures in the Cabinet Office with the creation, as I have said, of the resilience directorate and the COBRA unit. We are responsible for resilience planning and national crisis response, working closely with departments which have sectoral responsibilities. This includes identifying, planning and preparing for risks, and building capacity to respond effectively. The changes to how it is organised will help to ensure that the Government have the capacity and capability to respond to emergencies, which is obviously particularly important in the wake of Covid-19.
Thirdly, we are working to improve our resilience to chronic risks and vulnerabilities, such as climate change—which was emphasised by the noble Viscount, Lord Thurso—and artificial intelligence. We have recognised that this type of risk poses continuous challenges over time to communities, the economy and security, and requires a different type of response to more acute risks, such as flooding or terrorism.
The scale of the risks we face has required a new strategic approach to resilience. That is why we published the UK Government Resilience Framework in December, which previously had the working title of “national resilience strategy”, to respond to a point made by several noble Lords. It is a new strategy which is already being implemented across government. It reflects our ongoing commitment to resilience which we made in last year’s integrated review, and the new strategic approach will be reflected in further publications this year, with the refreshed national risk register, the updated biological security strategy, and the update to the integrated review itself, which has also been promised.
Procurement Bill [HL]
Lord Clement-Jones ExcerptsWednesday 30th November 2022
(2 years, 10 months ago)
Lords ChamberRead Full debate Procurement Act 2023 View all Procurement Act 2023 Debates Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: HL Bill 63-II Second marshalled list for Report - (28 Nov 2022)
Baroness Neville-Rolfe (Con)
My Lords, forgive me; I thought I could move this amendment formally too. I try to find a sensible and reliable pathway through, as your Lordships know. I look forward to debating this group, which discusses the single digital platform and transparency.
Transparency has been central to the development of this Bill, and it should be noted that there is a significant extension to transparency under the regime. The publication of documents and notices that follow the award stage will allow interested parties to see how contracts are being implemented. While we have stated publicly that it was always the Government’s intention to create a central digital platform to host this data, we acknowledge the concerns raised by noble Lords during Committee around the importance of the online platform. Amendment 129 therefore creates a new duty requiring a Minister of the Crown to provide an online system for the purpose of publishing notices, documents and other information under this Act.
In addition, the duty requires that the platform has to be accessible to people with disabilities—a point we were debating on Monday—and provide access to procurement information that is published under the Act, free of charge. This means everyone will have access to public procurement data and can track contracts as they progress through the commercial lifecycle from tender to award and delivery. Citizens will be able to scrutinise contracting authority decisions; suppliers will be able to identify new opportunities to bid and collaborate; and buyers will be able to analyse the market and benchmark their performance against others, for example on their spend with SMEs.
In addition to the principal amendment, Amendment 132 is a technical amendment which removes an existing statutory power as this platform is expected to be delivered through common law powers. Since becoming the Minister responsible for this Bill, I have been keen to ensure that it strikes the right balance between transparency and not imposing undue burdens on contracting authorities. Contracting authorities will continue to be bound by the obligation to publish opportunities for all advertised procurements that are above a threshold of £12,000 for central government authorities or £30,000 for others. This will ensure that there is a high degree of transparency for SMEs, so that they can bid.
However, at the other end of the commercial process, the Bill introduces additional transparency requirements after the award of the contract. I have reflected on these, and Amendments 78, 80 and 104 all seek to raise the original threshold for the publication of contract key performance indicators, public contracts and modifications to a public contract from £2 million to £5 million. This will reduce the administrative requirements for contracting authorities while ensuring transparency of the public sector’s larger contracts. I am pleased to say that these amendments have been welcomed by the Local Government Association in the briefing note it published on 25 November.
I will turn to the other amendments tabled in this group in closing, having heard the points raised by noble Lords. Meanwhile, I beg to move Amendment 78.
Lord Clement-Jones (LD)
My Lords, I rise to speak to Amendment 130 to government Amendment 129. Many of us will be pleased that the Minister has decided to put the new online system for procurement information on the face of the Bill. At the same time, however, we need some assurance that it will be fit for purpose and achieve the objectives set for it, otherwise the Government seem to have carte blanche to construct whatever system they see fit to inflict on the vendor community, without any required standards or reporting duty. Let us face it: even the modest database under the Subsidy Control Act is subject to a form of reporting duty, and this system will be of far greater significance.
The amendment in my name and that of my noble friend Lord Fox is designed to provide assurance but in very simple terms. There would be the requirement for a report, first, on the performance standards expected and, secondly, on the standards achieved in the relevant period, including metrics on satisfaction and the accessibility experience of stakeholders. This is a modest proposal; how can the Minister possibly argue against it?
Baroness Noakes (Con)
My Lords, I support the single digital platform which is now covered by government Amendment 129 in this group, but I have one caveat. The benefits of the platform, in terms of efficiency—having all the procurement details in one place—will be undermined if contracting authorities are required also to publish tender information in other ways. That is what lies behind my Amendments 166 and 168 in this group. Like some of the amendments I spoke to on our first day in Committee, these have been suggested by the Local Government Association. I am grateful to my noble friend Lord Moylan for adding his name to them.
These amendments propose two additional repeals within Schedule 11, the repeal schedule. Subsections (4)(b) and (5) of Section 89 of the Transport Act 1985 require local authorities to issue notices of tender individually to anyone who has given written notice that they wish to be notified. Amendment 166 would repeal that, because it should no longer be necessary. Amendment 168 would repeal Regulations 4 and 5 of the Service Subsidy Agreements (Tendering) (England) Regulations 2002 so that information on tenders will no longer be required, for example, to be published locally, including in local newspapers.
I hope my noble friend will see these two amendments as supporting the importance of the digital platform. I also hope that she will be able to assure the House that the Government will ensure that later legislation will not be allowed to undermine the platform by adding new and additional requirements, once it is up and running.
Baroness Neville-Rolfe (Con)
My Lords, Amendments 79, 81 and 105 have been tabled by the noble Baroness, Lady Hayman, and the noble Lord, Lord Coaker, to amend to £3 million the financial threshold above which contracting authorities would be required to publish contracts and contract modifications, and set and publish KPIs. The government amendments raise these thresholds to £5 million. The intention of this is to reduce the administrative burden on contracting authorities, while still providing increased transparency on larger contracts. Redacting contracts for publication where they contain commercially sensitive information is particularly burdensome for smaller contracting authorities, requiring detailed and costly checking by legal teams that they may not have or expensive legal advisers.
Where does the figure come from? I do not know exactly; that is the honest answer. I was offered options of £50 million, £10 million and £5 million. I chose £5 million because that is quoted in the Sourcing Playbook, which seemed a reasonable point. I believe that a threshold of £5 million balances the benefits of transparency with the costs and burdens of implementation.
The higher threshold in the government amendment has been welcomed by the Local Government Association. We want the arrangements to work, so we will monitor them carefully. We have powers to change the thresholds if we need to do so—for example, to bring in extra contracts as the system grows and matures—and if analysis of the new data gathered allows us to better understand how to ensure that the obligations are effective and proportionate; or, to go the other way, if we end up with a lot of difficulties. It seems a reasonable approach.
Amendment 130 tabled by the noble Lords, Lord Clement Jones and Lord Fox, seeks to require the Minister of the Crown to report annually on performance standards and feedback on the online system, including stakeholder satisfaction and accessibility. The data on the platform will be available in real time, and interested parties—of which there will be many—will be able to access information by using the tools available on the platform and by downloading the data for external analysis, such as statistics on the publication of notices and the progress of contracts. The platform will be accessible, as I have said, and will comply with the relevant legislation, including the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018, on which I am not, I fear, an expert. The Government are continuously monitoring the existing online platform that supports noticing under the current regulations and will continue to do so under the new regime and make changes as they are needed, so we are not inclined, on this occasion, to write in a review clause.
Lord Clement-Jones (LD)
What mechanism will there be for feedback from vendors and so on?
Baroness Neville-Rolfe (Con)
We have talked several times about the PRU and the role it will have in looking systematically at things. It seems to me that one of the main sources of information for it will be this online system. It has the merit of largely being an all-singing and all-dancing system. I will come on to my noble friend Lady Noakes’s amendment in a minute. I think, therefore, that this is going to work well, but if the noble Lord discovers in the fullness of time that it is not doing so, I am sure he will come back and ask the Cabinet Office what it is up to.
Amendments 166 and 168 in the names of my noble friends Lady Noakes and Lord Moylan have been tabled to remove provisions in two pieces of transport legislation, both relating to contracts for subsidised public passenger transport services. The first repeals two subsections from Section 89 of the Transport Act 1985—that is a long time ago—dealing with the obligation to invite tenders for such contracts. This change would remove the requirement to issue invitations to tender individually to anyone who has given a written notice requesting this. The second amendment revokes two regulations from the Service Subsidy Agreements (Tendering) (England) Regulations 2002, dealing with information to be published regarding accepted tenders and where no tenders are accepted. These amendments were raised in Committee and, while both rightly seek to reduce the burden on contracting authorities, there are further considerations for the Department for Transport.
Not all transport is covered by the Bill, and we have carved out certain public passenger transport services under Schedule 2. The Department for Transport is reviewing procurements that fall under this separate regime as part of its review of retained EU law and its legislation more widely. It is important that what we do in our schedules does not impinge on that review. We are therefore unable to accept my noble friend Lady Noakes’s repeals today, but I have asked my officials to work with the Department for Transport to see whether it is possible to sort this out and bring forward a government amendment in the Commons to address her concerns. In the light of those various assurances, I respectfully request that noble Lords do not press their amendments.
Procurement Bill [HL]
Lord Clement-Jones ExcerptsMonday 24th October 2022
(3 years ago)
Grand CommitteeRead Full debate Procurement Act 2023 View all Procurement Act 2023 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 4-VII Seventh marshalled list for Grand Committee - (24 Oct 2022)
Lord Clement-Jones
“(c) if the contract is not included in a framework agreement.”
Lord Clement-Jones (LD)
My Lords, I would be very happy if the Minister introduced my amendment, but in moving it I will also speak to Amendment 243A and Clause 40 stand part. My noble friend Lord Fox will speak to other Liberal Democrat amendments in this group that are in the names of my noble friends Lord Wallace and Lady Brinton. I know that my noble friend Lord Fox has congratulated the Minister already but it is the first time that I have spoken since I saw her on the Back Benches in our previous proceedings. I must congratulate her on her seamless move to the Front Bench—again.
Given the controversy surrounding these direct contracts, the removal of Clause 40 on direct awards would, pending greater transparency and equity for SMEs, be the preferable course. But these are specific amendments to Clauses 40 and 42, which would prevent direct awards being used within framework agreements and instead open all such awards to competition. This issue is seen all the time within the G-cloud framework; it prevents proper competition from British SMEs and simply reinforces the dominance of certain key foreign players in the market. These amendments would provide the opportunity to redress the balance and help support UK SMEs.
We will debate the role of frameworks later, but these amendments seek to highlight the blurring of direct award rules by smuggling in large, uncontested contracts within framework agreements. The notion that there is a ceiling above which such awards must be competed for, and below which they can be awarded directly, is theoretically sound if it is rigorously adhered to. We on these Benches would argue that the threshold of £250,000 is too high and that a figure of £100,000 would be more appropriate. I seek the Minister’s view on thresholds and how they are arrived at. However, thresholds are pointless if they are ignored or bypassed, which is what seems to be happening.
One very good example of where this system has completely gone off the rails is cloud computing. This important service is central to the Government’s digital plans. It seems that rarely is the ongoing cloud service bid seen as a separate service; rather, it is wrapped in a package being competed for through a framework agreement by the consulting giants. These consultants always seem to partner with one or other of the dominant, non-UK cloud services companies.
This has gradually led to a disproportionate level of awards to these companies. For example, in 2012-17, one company, Amazon Web Services, was awarded £25.5 million-worth of contracts from a total market worth £381.7 million—a market share of 7%. By 2018-22, its market share had ballooned to just a shade under 40%. In the current financial year alone, 2022-23, AWS has seen £87.7 million-worth of contracts from a total market of £137.6 million—a market share of 64%. The US federal Government estimate that the UK public cloud market was worth $12 billion in 2020 and growing, so AWS can expect a healthy $5 billion-plus, with Microsoft Azure not far behind. Almost none of this would have been opened up to competition.
Of course, in the UK, a company is deemed to have monopoly power if it holds more than 25% of the market. At the same time, the SME share of the market has fallen from more than 50% to just 20% in the last five years, and barely 10% this year. It simply reinforces the dominance of certain key foreign “hyperscalers” in this market. To be clear, it seems that these services are available from UK-based suppliers. We are not asking for preferential access for these UK suppliers, just that they are not locked out by the use of framework agreements in this way and the awards of direct contracts under them.
The Government talk about building a UK digital future, yet they systematically underwrite the development of non-UK businesses by ignoring their own rules. The Procurement Bill is supposedly designed, according to the Queen’s Speech, so that
“Public sector procurement will be simplified to provide new opportunities for small businesses.”
On top of this, the Crown Commercial Service’s own guidance on direct awards suggests that the procedure is suitable only for low-value, low-volume commodity products. In the case of AWS, some of the contracts, such as the Home Office contract, top £100 million in value, so they cannot be considered low-volume or low-value, nor can cloud hosting be considered a commodity, given the proprietary nature of the service and the consequences of that.
If the Government are true to their word, they will accept these amendments to ensure that the balance is redressed and UK SMEs are given a chance to compete on a level playing field. I beg to move.
Baroness Noakes (Con)
My Lords, I have Amendment 236 in this group. It probes the relationship between direct contract awards and framework contracts.
Direct awards are allowed under Clause 40 if they satisfy one of the justifications in Schedule 5, paragraph 8 of which allows them if they are similar to existing contracts for goods and services that have been entered into in the previous five years and in which the initial tender set out the intention to use the direct award justification. My amendment would change those five years to four years, specifically to probe the differences between a repeat direct award under Clause 40 and an award under a framework contract, as covered in Chapter 4 of Part 3.
Clause 45 says that a framework contract has a maximum duration of four years other than for defence and utilities contracts. Doubtless this is my ignorance speaking but I hope that my noble friend the Minister can explain to me the rationale for allowing five years for direct awards under Chapter 3 as opposed to four years for framework contracts under Chapter 4. My question is pretty simple: is there a substantive distinction between direct awards and awards under framework contracts, where the justification for the direct award is in paragraph 8 of Schedule 5?
It seems to me that this is another example of how the designers of this new procurement system have lost sight of simplicity and underlying principles in designing the system. However, there may be a good reason for that, of course; I look forward to my noble friend the Minister explaining it.
Lord Clement-Jones (LD)
My Lords, it falls to me as the mover of the lead amendment to respond to the Minister. Clearly, there was quite a lot in what she said and we will need to brood over Hansard when the time comes because there are a large number of issues here. I recognise the Minister’s track record on SMEs but I am somewhat amazed that the Government have been commended on bringing greater clarity, as she put it, because our intention was to provide much greater clarity—and, indeed, equity—in all of this for SMEs. In terms of the addition of more time, burden and so on, I believe the Minister would normally think that we should go the extra mile for SMEs in these circumstances.
Baroness Neville-Rolfe (Con)
Certainly. We have discussed SMEs before; we have gone away to have a look at that issue. I recently held a round table with SMEs. Basically, they were positive about the Bill. Clearly, we have to see through and teach them about the new proposals. The basic point is that there are fewer different ways forward. I was quite surprised that that was the case but clearly there is complexity, and we have got to make sure that the Bill is in the right form.
Lord Clement-Jones (LD)
My Lords, I think it partly depends on the market that is covered by particular SMEs. I could probably produce a range of SMEs that are not quite as pleased with their lot. Of course, that is partly the theme that the noble Baroness, Lady Hayman, and I have been talking about in terms of the UK cloud market.
I appreciate the fact that—stop press—it appears that the intention of Clause 41 is to prevent VIP lanes, because, let us face it, that is lesson number one from Covid. I hope that that is correct, but no doubt we will read carefully how and in what respect it gets rid of VIP lanes.
More broadly, virtually everyone who contributed to this debate wants to see a much clearer set of underlying principles—the noble Baroness, Lady Noakes, was clear on this—around how direct awards relate to framework agreements. I do not believe that we have seen that yet. Assurance from a Minister is one thing but seeing it in black and white in the legislation is another. I thought that the phrase “safe from challenge”, used by the noble Baroness, Lady Hayman, was exactly right. We have seen only too clearly what happens when there is no clarity; the Randox contract was an absolutely classic example of that. All of us hope that that will not happen again and hope to see a competitive market for our SMEs. However, I think we will probably have to return to this issue on Report.
In the meantime, I beg leave to withdraw the amendment.