Draft Online Safety Act 2023 (Priority Offences) (Amendment) Regulations 2025
Debate between Ben Spencer and Kanishka Narayan(4 days, 16 hours ago)
General CommitteesRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Kanishka Narayan
I thank Committee members for their valuable contributions to the debate. The update in the regulations will bring us closer to achieving the Government’s commitments to improve online safety and strengthen protection for women and girls online. We believe that updating the priority offences list with the new cyber-flashing and self-harm content offences is the correct, proportionate and evidence-led approach to tackling this type of content, and it will provide stronger protections for online users.
I will now respond to the questions asked in the debate; I thank Members for the tone and substance of their contributions. The shadow Minister, the hon. Member for Runnymede and Weybridge, raised the use of VPNs. As I mentioned previously in the House, apart from an initial spike we have seen a significant levelling-off in the usage of VPNs, which points to the likely effectiveness of the age-assurance measures. We have commissioned further evidence on that front, and I hope to bring that to the House’s attention at the earliest opportunity.
The question of chatbots was raised by the shadow Minister, by the hon. Member for Bromley and Biggin Hill, and by the Liberal Democrat spokesperson, the hon. Member for Harpenden and Berkhamsted. Let me first clarify what I previously mentioned in the House: the legislation covers not only chatbots that allow user-to-user engagement but those that involve one-to-AI engagement and live search. That is extensive coverage of chatbots—both those types are within scope of the Online Safety Act.
There may be further gaps in the Act that pertain to aspects of the risks that Members have raised, and the Secretary of State has commissioned further work to ensure that we keep up with fast-changing technology. A number of the LLMs in question are covered by the Act, given the parameters that I have just defined. Of course, we will continue to review the situation, as both scope and risk need to evolve together.
Dr Spencer
I hope the Minister takes this in a constructive spirit. Concerns have been raised across the House as to the scope of the OSA when it comes to LLMs and the different types and variations of chatbots, which are being used by many people right now. Is he not concerned that he as the Minister, and his Department, are not able to say at the Dispatch Box whether they believe LLMs are completely covered in the scope of the OSA? Has he received legal advice or other advice? How quickly will he be able to give a definitive response? Clearly, if there is a gap, we need to know about it and we need to take action. It surely puts the regulator and the people who are generating this technology in an invidious position if even Her Majesty’s Government think there is a lack of clarity, as he put it, on the scope of the applicability of the OSA to new technologies.
Kanishka Narayan
Let me be clear: there is no lack of clarity in the scope of the Bill. It is extremely clear to a provider whether they are in scope or not. If they have user-to-user engagement on the platform, they are in scope. If they have live search, which is the primary basis in respect of many LLMs at the moment, they are in scope. There is no lack of clarity from a provider point of view. The question at stake is whether the further aspects of LLMs, which do not involve any of those areas of scope, pose a particular risk.
A number of incidents have been reported publicly, and I will obviously not comment on individual instances. The Online Safety Act does not focus on individual content-takedown instances and instead looks at a system. Ofcom has engaged firms that are very much in scope of the Act already. If there are further instances of new risks posed by platforms that are not currently within the scope of the Online Safety Act, we will of course review its scope and make sure we are moving fast in the light of that information.
The hon. Member for Harpenden and Berkhamsted asked about child sexual abuse material. I was very proud that we introduced amendments last week to the Crime and Policing Bill to make sure that organisations such as the Internet Watch Foundation are engaged, alongside targeted experts, particularly the police, in spotting CSAM content and risk way before AI models are released. In that context, we are ensuring that the particular risks posed by AI to children’s safety are countered before they escalate.
On the question about Ofcom’s spending and capacity more generally to counter the nature of the risk, the spending cap at Ofcom allows it to enforce against the offences that we deem to be priority offences. In part, when we make the judgment about designating offences as a priority, we make a proportionate assessment about whether we believe there is both severity and the capacity context for robust enforcement. I will continue to review that situation as the nature of the offences changes.
Finally, I am glad that the Government have committed throughout to ensure that sexually explicit non-consensual images, particularly deepfakes, are robustly enforced against. That remains the position. I hope the Committee agrees with me on the importance of updating the priority offences in the Online Safety Act as swiftly as possible. I commend the regulations to the Committee.
Question put and agreed to.
Draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025
Debate between Ben Spencer and Kanishka Narayan(2 weeks, 4 days ago)
General CommitteesRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Kanishka Narayan
I thank hon. Members for their contributions. I will address first the questions that were asked.
I thank the hon. Member for Runnymede and Weybridge for his warm welcome. On the question of how assurances were sought about the equivalence of the Japanese and Singaporean standards, the maturity of those standards and the time for which the countries have been implementing them have been particularly material assurances. Japan and Singapore have aligned their security requirements and labelling schemes to the globally accepted ETSI EN 303 645 standard, which happens to be the same standard that underpins the UK’s PSTI regime. Therefore, products that have a valid label issued by Japan or Singapore will meet the security requirements specified in our regime. The Office for Product Safety and Standards, as the regulator of the regime as a whole, is equipped with a comprehensive set of enforcement powers and will continue to keep under review any mutual recognition agreements.
Of course the Government recognise the strategic importance of the European Union as the UK’s largest trading partner, and we will explore opportunities to reduce technical barriers to trade in the security space in that context, too.
On the question of benefits, my understanding is that we have had representations from a number of small and medium-sized businesses, in particular, about how this measure will open up export markets in Japan and Singapore, allow Japanese and Singaporean firms to trade, and ensure that British consumers can benefit. I do not have a number to give, but I hope very much that we will see the benefits of that freer flow of trade in connected devices very soon.
On the cyber-security context, more everyday products than ever before are connected to the internet, ranging from smart TVs to fitness trackers and voice assistants. From April 2024 to March 2025, we surveyed the participation of consumers and found that 96% of folks personally owned and used a smartphone, 76% a smart TV, and 68% a laptop computer. It is now very rare to find a UK household that does not own a connected device in the scope of these regulations; less than 1% of people reported that they did not own a smartphone, laptop, desktop PC, tablet, games console, smart printer or smart TV.
This growing connectivity brings convenience but also new risks. The Government have taken action to ensure that UK consumers and businesses purchasing consumer connectable products are better protected from the risk of cyber-attacks, fraud or even, in the most serious cases, physical danger. The cyber-security regulatory landscape is evolving, with countries around the world, including Japan and Singapore, introducing similar regimes. The UK must remain agile and forward-looking to maintain its leadership in this space. The draft regulations will ensure that the UK remains a global leader in product cyber-security, while strengthening our position as an attractive destination for digital innovation and trade.
By recognising Japanese and Singaporean IOT labelling schemes, we are reducing unnecessary regulatory burdens, supporting UK businesses to expand internationally and enabling Japanese and Singaporean manufacturers to bring compliant products to our market more efficiently. This measure is a practical step forward in delivering the Government’s mission to drive economic growth and build a more resilient digital economy. It also complements our efforts to harmonise security standards across major economies, in partnership with Brunei, the United Arab Emirates, Australia, Germany, Finland, South Korea, Canada, Japan, Singapore and Hungary, via the global cyber-security labelling initiative. With forecasts suggesting that the global IOT market will grow to 24.1 billion devices by 2030, generating more than £1.1 trillion in annual revenue, it is more essential than ever that we enhance the security of connected products on a global scale.
Dr Spencer
The Minister has referred a few times to cyber-security strategy. Can he update us on when we will see the Government’s cyber-security and resilience Bill?
Kanishka Narayan
I am afraid that I cannot commit to a legislative timeline, but we want to move very fast on the Bill and are looking for the right opportunity in Parliament to introduce it.
The draft regulations are a significant step in achieving our goal for cyber-security. I look forward to continuing this work and building on the momentum we have established.
Question put and agreed to.