Dr Ben Spencer (Runnymede and Weybridge) (Con)

- Hansard -

Copy Link

-

It is a pleasure to serve under your chairmanship, Mr Vickers.

This statutory instrument represents an important development in the obligations on platforms regulated under the Online Safety Act to protect people from encountering illegal content online. The OSA was enacted by the last Government with the primary aim of safeguarding children and removing serious illegal material from the internet. Tackling the most harmful content, such as that which is the subject of today’s discussion, goes to the heart of the Online Safety Act’s aims. His Majesty’s Opposition therefore welcome and support the draft regulations.

The experiences and opportunities offered by the online world change rapidly. It is right that legislators are responsive when new risks emerge or when certain types of unlawful content proliferate on the internet. Under the last Government, the OSA amended the Sexual Offences Act 2003 to criminalise several forms of sexual misconduct and abusive behaviour online. The new offences included cyber-flashing and the sharing of or threatening to share intimate images without consent. The amendments were made to keep pace with novel threats and forms of abuse, the victims of which are too often women and girls.

Baroness Bertin’s independent review of pornography, which was published in February this year, highlighted the damaging impact on victims of intimate image abuse, ranging from physical illness to mental health effects such as anxiety, depression, post-traumatic stress disorder and suicidal thoughts. The effects of cyber-flashing and intimate image abuse on victims is severe. It is therefore right that this statutory instrument brings cyber-flashing within the scope of the priority offences in schedule 7 to the Online Safety Act, while retaining as a priority offence the sharing of or threatening to share intimate images.

We also strongly support the addition as a priority offence of encouraging or assisting serious self-harm, which is the other important component of this statutory instrument. Desperate people who contemplate self-harm need early intervention and support, not encouragement to self-harm. Under this SI, regulated services will be obliged to proactively remove the material when they become aware of it on their platforms and take measures to prevent it from appearing in the first place. One can only wonder why it has taken so long to get to this position. I am sure we will have a unanimous view not only in the House but in society of the importance of removing such material.

The regulations will work only if they are adopted by the industry and subject to rigorous oversight, coupled with enforcement when platforms fail in their obligations. That is a necessity, and why we had to introduce the Online Safety Act in the first place. It is right that Government regulators should look to identify obstacles to the implementation of the OSA and take action where necessary. Since the introduction of Ofcom’s protection of children codes in the summer, important questions have arisen around the use of virtual private networks to circumvent age verification, as well as data security and privacy in the age-verification process.

Dr Spencer

- Hansard -

Copy Link

-

I thank my hon. Friend for his question on a very important point, which was raised just last week in Department for Science, Innovation and Technology questions by my hon. Friend the Member for Harrow East (Bob Blackman) and others. The Lib Dem spokesperson, the hon. Member for Harpenden and Berkhamsted, also raised questions about the importance of the scope of regulations for chatbots.

The Government seem all over the place as to whether the large language models, as we understand them, regulate the content that comes into scope. Given the response we received last week, it would be helpful to have some clarity from the Minister. Does he believe that LLMs are covered by the OSA when it comes to encouraging self-harm material? If there is a gap, what is he going to do about it? I recognise that he is commissioning Ofcom to look at the issue, but in his view, right now, is there a gap that will need someone to fix it? What are his reflections on that? This is increasingly becoming a priority area that we need to resolve. If there is a gap in legislation, we need to get on and sort it.

Dr Ben Spencer (Runnymede and Weybridge) (Con)

- Hansard -

Copy Link

-

It is a pleasure to serve under your chairmanship, Mr Turner. I thank the hon. Member for Perth and Kinross-shire (Pete Wishart) for securing this timely and important debate, as well as his characteristically forceful and measured speech. It has been a fun debate with lots of contributions. I am sure there will be plenty more opportunities going forward, but I want to draw out a few particularly powerful contributions.

First, my hon. Friend the Member for South Shropshire (Stuart Anderson) pointed out the issues around the prevalence of digital exclusion and the use of the veteran card. Secondly, my right hon. Friend the Member for Goole and Pocklington (David Davis) rightly pointed out the issues that the gov.uk One Login has had. Thirdly, my hon. Friend the Member for Farnham and Bordon (Gregory Stafford) pointed out the problem of the prevalence of digital poverty among the elderly. Finally, the hon. Member for Dewsbury and Batley (Iqbal Mohamed), who always speaks with great wisdom in these debates, spoke about the issue of multiple NHS logins.

This plan will make Government-issued digital ID compulsory to access work. Ignore the piffle—this is de facto mandatory. Given the contentious history of mandatory ID schemes in this country, one might have expected a policy of such weighty constitutional importance to appear in the Government’s manifesto, but it was conspicuously absent—like most current Government policy.

Earlier this year, I stood across the Dispatch Box from the previous Minister, debating the digital verification system brought in by the Data (Use and Access) Act 2025. That scheme created a trust framework for a register of approved providers of digital identity verification services. Building on the competitive ecosystem established by the last Government, private sector companies are already providing right to rent, right to work and many other identity checks.

Dr Spencer

- Hansard -

Copy Link

-

The point is that we have a sector that is already developing voluntary ID schemes. It is now being let down by the Government, who are bringing in their own mandatory scheme. Not once in the course of previous debates did the Minister mention that the Government intend to launch their own mandatory digital ID system for the right to work or anything else, but the concerns with this policy go beyond questions of democratic legitimacy.

The National Audit Office’s report on Government cyber-resilience, published early this year, contains a number of concerning findings about serious gaps in cyber-security amongst Government Departments and public sector bodies. One of the most concerning is that the Cabinet Office does not have a strategy for how Government organisations could become cyber-resilient by 2030.

There is no current plan to secure the Government’s cyber-resilience over the very same timeframe that this mandatory Government-run identity scheme, which will host the data of every working person in the UK, will be rolled out. We are yet to hear from the Government a clear timescale for bringing their cyber-security and resilience Bill forwards.

Digital inclusion remains a challenge for many across this country and impacts vulnerable groups, such as those on low incomes and those with disabilities, the most. The Government’s policy of making digital ID mandatory to access work flies in the face of digital inclusion. The consideration given to digital exclusion being, “Well, we are going to consult on what to do,” as an afterthought is frankly shameful.

Digital inclusion was at the heart of the previous Government’s levelling-up ambitions. The Government published their own digital inclusion plan in February, which will be implemented over several years. Why not concentrate on putting that plan into effect, rather than diverting resources towards their own costly digital identity programme? Universal digital inclusion and robust cyber-security must be conditions precedent to any Government-run ID scheme. At the moment, we have neither.

We are left with a number of pressing questions. Why was this flagship policy not part of the Government’s election manifesto last year? Why has it been brought forward now? Why should it be mandatory rather than optional? Why are the Government pursuing a costly, Government-run ID scheme when the private sector infrastructure for digital ID services exists already? What is the Government’s plan to keep citizens’ data secure? Can the Minister guarantee that no one lawfully eligible to work will be excluded from employment by this scheme?