Draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025 Debate
Full Debate: Read Full DebateDepartment: Department for Science, Innovation & Technology
Ben Spencer
Main Page: Ben Spencer (Conservative - Runnymede and Weybridge)Department Debates - View all Ben Spencer's debates with the Department for Science, Innovation & Technology
Draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025
Ben Spencer Excerpts(1 day, 15 hours ago)
General CommitteesRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Dr Ben Spencer (Runnymede and Weybridge) (Con)
As always, Dr Murrison, it is a pleasure to serve under your chairmanship. His Majesty’s official Opposition welcome this statutory instrument, which establishes alternative routes to achieve cyber-security compliance for manufacturers of products within the scope of the product security and telecommunications infrastructure regime. It serves to remove non-tariff barriers to trade in digital products and devices with our strategic partners in Asia—Singapore and Japan.
I recently visited Japan with the British-Japanese all-party parliamentary group, supported by the Japan Society, to strengthen UK-Japanese relations. It was a fantastic visit. It is not yet declared in the Register of Members’ Financial Interests, but it will be in due course and Members should refer to my entry if interested.
Regulations such as these build on and complement the strong free-trade foundation established by the last Government through their negotiation of UK accession to the comprehensive and progressive agreement for trans-Pacific partnership trade bloc and other bespoke bilateral trade agreements with Japan. I am glad the Minister welcomed the Product Security and Telecommunications Infrastructure Act 2022. I think he said it was a world-leading piece of legislation. Given that it was put together by the previous Government, I am glad that he has demonstrated today the same wisdom as his predecessor. I very much welcome him to his place.
Several significant cyber-attacks recently have demonstrated the need for Government and industry alike to increase their cyber-resilience without delay. It is becoming increasingly evident that our cyber-security is a vital component of our national security. We are yet to have sight of the Government’s cyber-security and resilience Bill, which we understand will be targeted at supply chains and providers of digital services to our critical industries. We also eagerly await the Government’s national cyber-security strategy, which they have said will be published by the end of this year.
However, what attracts significantly less public attention is the routine and widespread cyber-risk to consumers of internet-connectable devices in their homes and pockets, such as smartphones, wearable health devices and home sound systems. The last Government recognised that risk and the UK’s consumer connectable product security regime was brought into effect in April 2024. The changes were intended to reduce consumer exposure to cyber-threats and raise the baseline of product security.
Diversifying the supply chain and the market for internet-connectable products has benefits for price competition, product choice and consumer confidence. It also reduces over-reliance on exports from individual states in an era of increasing geopolitical tensions. Charles Parton, senior research fellow in international security at the Royal United Services Institute, has highlighted the multifaceted risks of over-reliance on Chinese cellular internet of things modules, or CIMs. Those are hardware components that enable internet of things devices to connect to the internet via cellular networks, and they are essential for devices that need remote connectivity without relying on wi-fi or wired networks. Chinese products already have more than 50% of the international market for those components. While the use of CIMs is widespread, the option of purchasing products from strategic partners with common security concerns and goals is likely to assist in improving consumers’ ability to choose the most secure products.
For the reasons that I have stated, we are supportive of the regulations. Nevertheless, I would be grateful if the Minister could answer a couple of questions. What assessment was undertaken to determine the equivalence of the Japanese and Singaporean regimes? Can the Government quantify, either in value or in volume, the trade that the regulations are expected to deliver in the first year, if not in coming years?
Kanishka Narayan
I thank hon. Members for their contributions. I will address first the questions that were asked.
I thank the hon. Member for Runnymede and Weybridge for his warm welcome. On the question of how assurances were sought about the equivalence of the Japanese and Singaporean standards, the maturity of those standards and the time for which the countries have been implementing them have been particularly material assurances. Japan and Singapore have aligned their security requirements and labelling schemes to the globally accepted ETSI EN 303 645 standard, which happens to be the same standard that underpins the UK’s PSTI regime. Therefore, products that have a valid label issued by Japan or Singapore will meet the security requirements specified in our regime. The Office for Product Safety and Standards, as the regulator of the regime as a whole, is equipped with a comprehensive set of enforcement powers and will continue to keep under review any mutual recognition agreements.
Of course the Government recognise the strategic importance of the European Union as the UK’s largest trading partner, and we will explore opportunities to reduce technical barriers to trade in the security space in that context, too.
On the question of benefits, my understanding is that we have had representations from a number of small and medium-sized businesses, in particular, about how this measure will open up export markets in Japan and Singapore, allow Japanese and Singaporean firms to trade, and ensure that British consumers can benefit. I do not have a number to give, but I hope very much that we will see the benefits of that freer flow of trade in connected devices very soon.
On the cyber-security context, more everyday products than ever before are connected to the internet, ranging from smart TVs to fitness trackers and voice assistants. From April 2024 to March 2025, we surveyed the participation of consumers and found that 96% of folks personally owned and used a smartphone, 76% a smart TV, and 68% a laptop computer. It is now very rare to find a UK household that does not own a connected device in the scope of these regulations; less than 1% of people reported that they did not own a smartphone, laptop, desktop PC, tablet, games console, smart printer or smart TV.
This growing connectivity brings convenience but also new risks. The Government have taken action to ensure that UK consumers and businesses purchasing consumer connectable products are better protected from the risk of cyber-attacks, fraud or even, in the most serious cases, physical danger. The cyber-security regulatory landscape is evolving, with countries around the world, including Japan and Singapore, introducing similar regimes. The UK must remain agile and forward-looking to maintain its leadership in this space. The draft regulations will ensure that the UK remains a global leader in product cyber-security, while strengthening our position as an attractive destination for digital innovation and trade.
By recognising Japanese and Singaporean IOT labelling schemes, we are reducing unnecessary regulatory burdens, supporting UK businesses to expand internationally and enabling Japanese and Singaporean manufacturers to bring compliant products to our market more efficiently. This measure is a practical step forward in delivering the Government’s mission to drive economic growth and build a more resilient digital economy. It also complements our efforts to harmonise security standards across major economies, in partnership with Brunei, the United Arab Emirates, Australia, Germany, Finland, South Korea, Canada, Japan, Singapore and Hungary, via the global cyber-security labelling initiative. With forecasts suggesting that the global IOT market will grow to 24.1 billion devices by 2030, generating more than £1.1 trillion in annual revenue, it is more essential than ever that we enhance the security of connected products on a global scale.
Dr Spencer
The Minister has referred a few times to cyber-security strategy. Can he update us on when we will see the Government’s cyber-security and resilience Bill?
Kanishka Narayan
I am afraid that I cannot commit to a legislative timeline, but we want to move very fast on the Bill and are looking for the right opportunity in Parliament to introduce it.
The draft regulations are a significant step in achieving our goal for cyber-security. I look forward to continuing this work and building on the momentum we have established.
Question put and agreed to.