Product Security and Telecommunications Infrastructure Bill (Third sitting) Debate

Full Debate: Read Full Debate
Department: Department for Digital, Culture, Media & Sport
None Portrait The Chair
- Hansard -

We are now sitting in public and the proceedings are being broadcast. Before we begin, I have a few preliminary announcements. Hansard colleagues would be grateful if Members could email their speaking notes to hansardnotes@parliament.uk. Please switch electronic devices to silent. Tea and coffee are not allowed during sittings, but I have no guidance on jelly babies.

We now begin the line-by-line consideration of the Bill. The selection list for today’s sitting is available in the room. It shows how the selected amendments have been grouped together for debate. Amendments grouped together are generally on the same or a similar issue. Please note that decisions on amendments do not take place in the order in which they are debated, but in the order in which they appear on the amendment paper. The selection and grouping list shows the order of debates. Decisions on each amendment are taken when we come to the clause to which the amendment relates.

The Member who has put their name to the leading amendment in a group is called first. Other Members are then free to catch my eye to speak on all or any of the amendments in that group. A Member may speak more than once in a single debate. At the end of debate on a group of amendments, I shall call the Member who moved the leading amendment again. Before they sit down, they will need to indicate if they wish to withdraw the amendment or seek a decision. If any Member wishes to press any other amendment in a group to a vote, they need to let me know.

Clause 1

Power to specify security requirements

Chris Elmore Portrait Chris Elmore (Ogmore) (Lab)
- Hansard - -

I beg to move amendment 6, in clause 1, page 1, line 17, at end insert—

‘(2A) The Secretary of State must exercise the power in subsection (1) so as to specify security requirements which make mandatory each of the first three guidelines in the Code of Practice for consumer IoT security published by the Department for Digital, Culture, Media and Sport on 14 October 2018 (“no default passwords”, “implement a vulnerability disclosure policy” and “keep software updated”).”

This amendment would set out the three security requirements expressly in Part 1 of the Bill rather than it being defined in future regulations.

None Portrait The Chair
- Hansard -

With this it will be convenient to discuss the following:

Clause stand part.

Clauses 2 and 3 stand part.

New clause 3—Report on security risks to UK consumer connectable products

‘(1) The Secretary of State must prepare a report on the security risks to UK consumer connectable products—

(a) within the period 3 months beginning with the day on which this Act receives Royal Assent, and

(b) every 12 months thereafter.

(2) Any report prepared under subsection (1) must be laid before Parliament.’

This new clause would require the Secretary of State to lay before Parliament a report on the security risks to UK consumer connectable products.

Chris Elmore Portrait Chris Elmore
- Hansard - -

It is a pleasure to serve under your chairmanship, Mr Stringer.

This important legislation establishes, through regulations, three core security requirements for “connectable products”. The requirements derive from the voluntary 2018 “Secure by Design” code introduced by the Department for Digital, Culture, Media and Sport. The inclusion of these three requirements is, without doubt, a step that the Opposition welcome. However, we believe that the legislation can be improved, and that the three security requirements, rather than being defined in future regulations at the discretion of the Secretary of State, should be expressly set out in the Bill. That would be beneficial for two reasons. First, it would give manufacturers and distributors a greater understanding of the legal obligations that they face, thus speeding up the entire process. Secondly, it would ensure that the consumer was better protected, which I am sure we all agree would be a good thing. The consumer rights group Which? emphasised that when it gave oral evidence on Tuesday.

New clause 3 would require the Secretary of State to publish a report on the security risks to UK connectable products. On Tuesday, Madeline Carr, professor of global politics and cyber-security at University College London, said that she does not have an Alexa in her house because of the security risks that those devices, and others like them, pose. Tellingly, she also said that the Bill as constituted would not give her sufficient confidence to purchase one. Given that, and given the tragic scenes unfolding following Russia’s invasion of Ukraine, and the willingness of that rogue regime to engage in state-sponsored cyber-warfare, the Opposition believe it is in the public and national interest to understand how secure our connected products really are. We are becoming more reliant on smart devices in our daily life, both professionally and personally. It is imperative that the security of these devices is routinely monitored and reported on.

As I stated on Second Reading, the Opposition support the Bill, but believe it can be strengthened. Amendment 6 and new clause 3 would ensure that consumers were better protected and more aware of the threats facing their connected devices. As such, I believe that all Committee colleagues should support amendment 6 and new clause 3.

Julia Lopez Portrait The Minister for Media, Data and Digital Infrastructure (Julia Lopez)
- Hansard - - - Excerpts

It is a pleasure to serve under your chairmanship, Mr Stringer. I apologise for giving you a dilemma about the advice on jelly babies. I will start with a few words about the importance of the Bill. As we heard from our panels of witnesses this week, and as we know from our increasing dependence on technology, improving protection for consumers and networks from a range of harms associated with cyber-attacks is incredibly important. In the first half of last year, there were 1.5 billion attempted compromises of internet of things devices—double the 2020 figure for the same period. Voluntary standards, such as the 2018 code of practice for consumer IOT security, are not being adopted quickly or consistently enough. That is why we need legislation to progress security in the design of consumer connectable products.

Before turning to amendment 6, I thank the hon. Member for Ogmore for the constructive and helpful way that he has approached the legislation and for the Opposition’s broad support of it. As this is the first Bill that I am taking through the House in its entirety, I am particularly grateful for that constructive approach. It may reassure him that the Government are committed to introducing security requirements based on the first three guidelines through regulations at the earliest appropriate opportunity. We have consulted on those security requirements and have communicated them extensively.

We have not been vague on the matter. In April 2021, we published our response to the call for views on consumer connectable product security legislation. We stated in detail how the three security requirements would work. When the Bill was announced by Her Majesty at the start of the Session, we repeated that commitment. Indeed, as hon. Members will see in the Bill’s explanatory notes, we have again committed to those three requirements. We made that clear from the start for an important reason: we need industry to act and prepare for implementation. We do not want surprises for manufacturers, importers or distributors. They know what they have to do.

Amendment 6 is unnecessary, but might also be dangerous. We are keen to ensure that the legislation retains flexibility, so that it can adapt to and reflect the changing threat landscape, and the security requirements needed to address it. What might seem like a no-brainer security requirement today might become a security threat or barrier to security innovation in years to come.

Amendment 6 reaches back to 2018, when our code of practice was first published. Security requirements have developed since then. When the Bill is implemented, we do not think it should be constrained by what was appropriate five years ago. The requirements we will introduce are based on the first three guidelines in the code of practice, but they also contain necessary improvements. They are up to date, more detailed and have been translated into practical requirements that businesses can implement to get the right security outcomes without unnecessary burden. Stakeholder engagement and impact assessment work conducted since 2018 ensures that the guidelines are nuanced, and are in a robust and enforceable statutory framework that delivers optimal security outcomes.

Finally, hon. Members may not be aware that because this new legislation will impact on manufacturers globally, we have given notice of the Bill to the World Trade Organisation. We invited comments on our proposals two years ago, and when the Bill was introduced to Parliament, we gave notice again. We have worked to ensure that all manufacturers understand our intentions. Amendment 6, if accepted, would cause confusion by taking us back to 2018, and away from the more developed position we have reached on the three principles. That would cause market confusion, require new notification to the WTO, and potentially delay this vital regime from coming into force. With those reassurances, I hope the hon. Member will feel able to withdraw his amendment.

Clause 1 is needed to provide the Government with the necessary powers to specify and mandate security requirements, through secondary legislation, that businesses must comply with. There is a common notion that Governments are behind the curve when it comes to regulating technology. not in this case. By establishing a flexible and futureproof regulatory framework in this way, the Government can be agile and proactive in amending and introducing security requirements through regulations, in lockstep with tech innovation. Parliament will be able to scrutinise any future security requirements designated through the secondary legislation process and, as new threats emerge and international standards develop, we can act and set new security requirements, keeping consumer connectable product security up to date and fit for the future.

The purpose of clause 2 is to provide further detail about how the Secretary of State’s power to specify security requirements can be used. Clause 3 is essential because it provides the Secretary of State with powers to specify circumstances in which a person is deemed to have complied with the security requirements. The clause, when exercised, would provide more than one route to compliance and would provide the necessary flexibility to accommodate and recognise international standards and mutual recognition agreements where appropriate.

I turn to new clause 3. In practice, it would commit the Government to reporting on a fixed basis on the security risks posed by products affected by the Bill. Those reports would be laid before Parliament. Cyber-security is definitely not an area where the Government hold back on publishing information. If we are to raise the cyber-resilience of the nation, we need to ensure that everyone is clear about the threat. In December, we published our national cyber strategy. The Government will continue to publish regular reports on our progress on that strategy, as we did with regard to the previous strategy. The Government also publish an annual report that surveys cyber-breaches across the economy. This report, together with others, forms a key part of the evidence base used to inform organisations about action to take to raise security standards. Indeed, the breaches survey meets the quality threshold to be managed as a set of official statistics.

Our National Cyber Security Centre is also a model of transparency. It is there to advise businesses, and guide them towards better managing cyber-threats. It publishes an annual report, and for those who want to focus on consumer connectable products, it provides specific advice on those, too. Parliament is already regularly kept informed of cyber-security matters; our regular publications are placed in the Library. Our national strategy, implemented with £2.6 billion of investment, is overseen by the Public Accounts Committee. The Intelligence and Security Committee and the Joint Committee on the National Security Strategy provide further oversight. Also, there are mechanisms for holding the Government to account in the manner intended by the provision, such as regular parliamentary debates and questions.

Cyber-security is a fast-moving and sensitive topic. A fixed-period reporting clause that imposes an obligation to report on security risks may duplicate existing activity. Such a system would also lack the agility necessary to enable us to report quickly when threats are identified. It may reassure the hon. Gentleman to know that the Secretary of State will be required to review the effectiveness of the Bill’s enforcement regime; they, or the designated enforcing authority, will be required to report on that to the relevant departmental Select Committee after Royal Assent. The enforcement authority will also report its activity and findings, where appropriate. The measures already in place will likely meet the intention behind new clause 3. For the reasons that I have set out, I do not accept the need for the new clause.

I turn to the points that the hon. Gentleman raised about Dr Carr’s concerns about Alexa, which I also found eye-catching. A lot of secondary legislation comes with this Bill, and that will hopefully reassure Dr Carr. I also note the comment made by a lot of our witnesses: we can never have 100% security with those devices. I therefore commend clauses 1 to 3 to the Committee.

--- Later in debate ---
Julia Lopez Portrait Julia Lopez
- Hansard - - - Excerpts

I thank the hon. Member for Cardiff West for his contribution and his kind comments. I will have to get back to him on the precise figures that he identified in the impact assessment. However, in relation to the breadth of the impact assessment, he will know from this legislation that we are taking a broad range of powers. As we debated earlier, that is very deliberate because this is a fast-moving area. Technology is developing faster than Parliament can regulate it, which is a major challenge for Governments around the world. The Bill will help us to be nimble and agile in how regulate that technology.

A lot of the issues that the hon. Gentleman has concerns about will be something for secondary legislation, which we will be developing hand in glove with businesses so that we understand what is changing in the technological world and what impact that will have on matters such as the disposal of devices. I share his concerns about the environmental impacts if we get the regulations on that wrong—none of us wants to see a lot of technology become redundant.

We are trying to help consumers have more information so that if someone buys a device, they do not necessarily have to dispose of it simply because the period for which the manufacturer says it is covered has expired. It will be up to the consumer to decide whether to keep that device if they think it is less secure than it otherwise might be. It has been controversial to take these broad powers. We understand the concerns that any Parliament would have about the level of scrutiny it will have. However, the Government think that this is right because, as I say, we have to maintain that agility.

The hon. Member for Cardiff West referenced the points raised by Dr Carr. As I said earlier, I share those concerns. What we are trying to do is raise the level of security overall; we want to help consumers and manufacturers to understand this as an issue. This was initially a voluntary code, which did not do enough to make manufacturers take the cyber obligations seriously. There was an interesting discussion on the panels earlier this week when one contributor—I cannot remember who it was exactly—said that the legislation will give boards the spark or impetus to discuss and get funding for these kinds of cyber-security requirements for their products. If it is voluntary, it is very hard for anybody to make the case within their company that they need to take cyber-security seriously.

We hope that the secondary legislation will allay some of Dr Carr’s concerns. We will never have 100% security, but we hope that these provisions will raise the bar overall and help to raise consumer and manufacturer awareness of cyber as a whole. I hope that those comments will reassure the hon. Gentleman. I also assure him that we will look at how to get the balance right in the secondary legislation, and we will be in close contact with businesses as we do so.

Chris Elmore Portrait Chris Elmore
- Hansard - -

I listened to what the Minister had to say, in particular in relation to amendment 6. I take her at her word; it is a probing amendment, so I will withdraw it on the basis that she will bring forward secondary legislation in relatively short order. As she mentioned, cyber-security is a fast-paced and changing environment, so it is important that we do not wait a number of years for additional improvements to legislative competence.

On the basis of what the Minister said, I am also happy not to move new clause 3. However, I wonder whether she could write to me setting out the reporting periods that she mentioned, particularly in terms of the DCMS Committee, following Royal Assent—assuming that the Bill gets Royal Assent, which I am sure it will—as well as the other reporting obligations that she says the Secretary of State or reporting officer will have. The new clause seeks to place a requirement on the Secretary of State specifically in this new legislation. If the Minister feels that those things are already in train or are part of the reporting process, that is fine, and I am happy not to move the new clause. However, it would be good to have that list for future understanding—particularly if reporting does not take place, in which case the Opposition will hold the Government to account.

Julia Lopez Portrait Julia Lopez
- Hansard - - - Excerpts

I am happy to write to the hon. Gentleman and offer those assurances. A new body will also be set up, which will probably have its own reporting requirements in relation to this legislation. These things will be developing, but I am happy to offer him the assurances he requested.

Chris Elmore Portrait Chris Elmore
- Hansard - -

I beg to ask leave to withdraw the amendment.

Amendment, by leave, withdrawn.

Clauses 1 to 3 ordered to stand part of the Bill. 

Clause 4

Relevant connectable products

Question proposed, That the clause stand part of the Bill.

None Portrait The Chair
- Hansard -

With this it will be convenient to discuss clauses 5 and 6 stand part.

Julia Lopez Portrait Julia Lopez
- Hansard - - - Excerpts

Clauses 4 to 6 define the products to which the new regulatory regime will apply. Clause 4 introduces the terms “internet-connectable product”, “network-connectable product” and “excepted product”. Clause 5 defines the terms “internet-connectable” and “network-connectable”. It is a pivotal clause in capturing the necessary products that make up a huge part of the internet of things threat landscape. Any network is only as secure as its weakest link, and that could be a single consumer connectable product.

Focusing on a product’s capabilities—instead of attempting to exhaustively list all consumer connectable products—is part of our agile, future-proof approach. We are ensuring that the Bill will remain relevant and effective by capturing new consumer technologies that come to market, based on their capabilities and the risks they present.

Many products captured by the Bill are capable of connecting to the internet, exposing them to remote access and attack. Those are “internet-connectable products”, such as routers, smartphones and certain smart appliances. Some products captured by the Bill are not able to connect to the internet directly, but can connect to other products. In doing so, they can form, and contribute to the formation of, networks, meaning that vulnerabilities in those products can open the door to cyber-attack. Those are “network-connectable products”, such as certain smart lightbulbs, smart home products, and headphones.

Clause 6 defines the term “excepted product”. It allows the Secretary of State to except products from the scope of the Bill via regulations. The Government intend to except products from the scope of the Bill where inclusion would subject them to double regulation or be disproportionate to their risk profile. The Government have consulted on that approach. Products such as electric vehicles, medical devices and smart meters will be excepted from scope because they are already, or soon will be, covered by alternative regulation. I therefore commend clauses 4 through 6 to the Committee.

Question put and agreed to. 

Clause 4 accordingly ordered to stand part of the Bill. 

Clauses 5 and 6 ordered to stand part of the Bill. 

Clause 7

Relevant persons

Chris Elmore Portrait Chris Elmore
- Hansard - -

I beg to move amendment 7, in clause 7, page 5, line 24, at end insert—

“(5A) A person who provides an online facility through which a distributor makes a product available in the United Kingdom is also a distributor.”

This amendment would ensure that online marketplaces are considered to be distributors and are thus subject to the security requirements of the Bill.

None Portrait The Chair
- Hansard -

With this it will be convenient to discuss clauses 7 to 25 stand part.

Chris Elmore Portrait Chris Elmore
- Hansard - -

The amendment itself is fairly self-explanatory. However, I will take the opportunity to speak briefly on it in the hope of persuading Conservative Members—and indeed the Minister—to support it.

Clause 7 defines the relevant persons subject to the security requirements as being manufacturers, importers and distributors. Crucially, however, online platforms such as eBay and Amazon are not defined as falling under any of those categories. To my mind, that is both deeply concerning and preposterous, given that, under any definition, online platforms such as the two I have just mentioned are without doubt distributors themselves.

I am sure everyone in this Committee has either sold or bought something through eBay or Amazon. The oversight in the Bill has real-world consequences, as products sold on those online platforms will not be policed in the same way. That is problematic, as research by groups such as Which?—which we heard evidence from earlier this week—has consistently shown that online marketplaces are flooded with insecure products, while the Bill would do nothing to increase the legal responsibility online marketplaces have for the safety and security of products sold through them.

In tabling the amendment, we are merely expanding the number of organisations that the security requirements would apply to, in order to better protect all our constituents, which is the expressed aim of the Bill according to the Minister’s opening remarks and indeed those of the Secretary of State at Second Reading. I therefore urge the Minister and all Committee members to support the amendment.

Kevin Brennan Portrait Kevin Brennan
- Hansard - - - Excerpts

I support my hon. Friend in pressing the amendment to a vote. As we heard from the Minister, the Bill covers quite a lot of different devices. The examples given by the Government in their impact assessment include the following:

“Smartphones; connectable cameras, TVs and speakers; connectable children’s toys and baby monitors; connectable safety-relevant products such as smoke detectors and door locks; Internet of Things base stations and hubs to which multiple devices connect; wearable connectable fitness trackers; outdoor leisure products, such as handheld connectable GPS devices that are not wearables; connectable home automation and alarm systems; connectable appliances, such as washing machines and fridges”

and, as we have heard, “smart home assistants”, including things such as Alexa-type smart speaker products.

--- Later in debate ---
Julia Lopez Portrait Julia Lopez
- Hansard - - - Excerpts

As I say, we are putting requirements on not just manufacturers, but the importer. The importer would be under an obligation to check whether the product fulfilled some of the requirements we would have for it, as would the distributor. I would hope that, along the chain, that product would have been checked several times to make sure it complies.

We have done a lot of work on general cyber-resilience. I will take this opportunity to add that it is also important that we as Members of Parliament try to make our constituents aware of the increasing challenges we face with cyber-resilience, and that we all need to have our own cyber-hygiene in that regard.

The amendment is well intentioned—we understand where the hon. Member for Ogmore is coming from—but it is drafted in a way that would have a much broader reach than just online marketplaces. It would impose security requirements on businesses that cannot comply with them, such as advertising platforms and website hosting services. Distributors use many online facilities offering a vast array of cloud services to support e-commerce to make their products available. As drafted, the amendment would extend duties beyond what is intended.

The Government have carefully considered the amendment. It is clear that our intention is to secure consumer connectable products in the most effective and proportionate manner, without hindering business growth and the online retail facilities enjoyed by consumers. For the reasons I have set out, I am not able to accept the amendment. I hope the hon. Gentleman will consider withdrawing it.

I turn now to chapter 2 of the Bill and clauses 8 to 25. These clauses place duties on businesses in the supply chain of a consumer connectable product to comply with security requirements. Compliance is fundamental to the operation of the regulatory regime. Under these clauses, manufacturers, distributors and importers must prepare, or ensure the presence of, a document to accompany the product that states that, in the opinion of the manufacturer, it has complied with the security requirements, before that product is made available in the UK. I note the point that was made about baby monitors. I hope that, in that process, there would be clear information and a record provided with the product that stated compliance.

The clauses in chapter 2 also require that businesses take all reasonable steps to investigate a compliance failure or potential compliance failure. That is vital to hold businesses accountable for complying with their security requirements and to mandate investigation of potential compliance failures. If compliance failure has occurred, businesses in the supply chain must take all reasonable steps to prevent the product from reaching UK customers and remedy the compliance failure. The measure is needed to ensure that insecure products do not remain on the market and that those that have not yet reached UK customers are prevented from doing so.

Finally, the clauses in chapter 2 require manufacturers and importers to retain records of compliance failures and investigations for at least 10 years. The Secretary of State is able to request this information to investigate and to enforce the legislation. These duties encourage ongoing compliance and accountability. The records will allow a clear audit of the importer’s and manufacturer’s activities, so that we can have effective enforcement.

Chris Elmore Portrait Chris Elmore
- Hansard - -

I have listened to the Minister. The Opposition are not in any way suggesting that the Government do not do an awful lot on cyber awareness-raising. All Governments could do more—that is the nature of teaching and learning and of being able to get our constituents to understand the cyber-security space and the impact that it can have on their homes.

In response to my hon. Friend the Member for Cardiff West, the Minister mentioned the belt-and-braces approach. However, organisations such as Which? say that there is an exemption for online marketplaces such as Amazon and eBay. The Online Safety Bill has of course been published today, and there are economic crime impacts linked to this. If this is a belt-and-braces approach, as the Minister says, surely another level of protection would be to include the online marketplaces. She says there are three stages that could be protected—importer, product design and distribution—but there is this gap through which some products could come. Therefore, I am not minded to withdraw the amendment and would ask the Committee for a decision.

Question put, That the amendment be made.

--- Later in debate ---
Julia Lopez Portrait Julia Lopez
- Hansard - - - Excerpts

Clause 58 deals with the sharing of telecommunications apparatus between operators within the electronic communications code. It inserts a right to share apparatus into paragraph 3 of the code, which sets out a list of rights that are statutory “code rights.” The code rights in paragraph 3 must be conferred on an operator by an occupier or imposed by a tribunal. The 2017 code reforms introduced paragraph 17 automatic rights, allowing operators to upgrade or share their apparatus without the need for an agreement. Those automatic rights are separate from the paragraph 3 code rights and are subject to strict limitations.

Since their introduction, there has been confusion about the interaction between the paragraph 17 automatic rights and the paragraph 3 code rights. In particular, while “upgrading” is a paragraph 3 code right, sharing is not. Clause 58 addresses this by making apparatus sharing a paragraph 3 code right that an operator—the “first operator”—can request to be included in an agreement to which the code applies. Clause 58 also amends the statutory purposes in paragraph 4 of the code to include sharing activities.

Apparatus sharing is a cost-effective way for operators to extend their networks without having to build extensive infrastructure themselves, helping to deliver greater coverage, capacity and consumer choice, while reducing impacts on the environment and disruption caused by installation works. As with the other code rights, if agreement on rights to share cannot be reached consensually, an operator may ask a tribunal to impose the requested rights. In those circumstances, the tribunal will apply the public benefit test and the statutory valuation regime, as it already does for other code rights.

If the right to share is a statutory code right, the factors that a tribunal will consider in deciding whether such a right should be imposed—and if so, on what terms—will be the same as those for all other code rights. Including a right to share apparatus in the paragraph 3 code rights will therefore provide greater certainty for all parties and support smoother negotiations.

Code rights can only be obtained in relation to land. Consequently, the new right to share apparatus can be requested only by the first operator that is keeping apparatus installed on, under or over land. A second operator that wishes to share the use of that apparatus will not be able to request from an occupier a paragraph 3 right permitting them to do so. Instead, once the occupier has conferred such a sharing right on the first operator, the second operator will need to negotiate the sharing of the apparatus with the first operator.

The first operator’s right to share their apparatus will, like other code rights, be exercisable only in accordance with the wider terms of the agreement. It will therefore be important for the first operator to consider carefully any terms that it may need included in its agreement with an occupier, such as additional access rights, to enable any subsequent sharing of the apparatus with other operators. To that end, clause 58 inserts corresponding code rights for the first operator to enter and carry out works on the land for the purpose of such apparatus sharing.

Finally, it should be emphasised that the new right to share introduced by clause 58 is entirely separate from the automatic rights to share that are currently available under paragraph 17 of the code, and to the rights introduced by clauses 59 and 60. Those are automatic rights—subject to specific conditions—that do not need to be agreed with a landowner or imposed by the courts. The rights in clause 58 cover situations where the operator wants rights to share over and above those automatic rights.

Government amendment 1 is a consequential amendment that reflects the restructuring of paragraph 3 provided for by clause 58(2)(a) of the Bill. It replaces cross-references to paragraph 3 of the code with cross-references to sub-paragraph 3(1).

Clause 58 introduces rights to share apparatus to the menu of code rights that is currently set out in paragraph 3 of the code. In doing so, new sub-paragraph 3(2) will be inserted into the code, setting out who can obtain a right to share apparatus. The current paragraph 3 will therefore become sub-paragraph 3(1) of the code. As there are references to paragraph 3 in other parts of the code, consequential amendments are necessary so that anyone reading the code is referred instead to the new sub-paragraph 3(1).

Amendment 1 agreed to.

Clause 58, as amended, ordered to stand part of the Bill.

Clause 59

Upgrading and sharing of apparatus: subsisting agreements

Chris Elmore Portrait Chris Elmore
- Hansard - -

I beg to move amendment 9, in clause 59, page 41, line 42, after “agreement” insert

“other than with a private landlord”.

This amendment, together with Amendments 10, 11 and 12, would apply a different regime under the Electronic Communications Code to private landlords, giving automatic upgrade rights for operators to properties owned by private landlords subject to the condition that the upgrading imposes no additional burden on the other party to the agreement.

None Portrait The Chair
- Hansard -

With this it will be convenient to discuss the following:

Amendment 10, in clause 59, page 43, line 26, at end insert—

“5B (1) This paragraph applies where—

(a) an operator (‘the main operator’) keeps electronic communications apparatus installed on, under or over land, and

(b) the main operator is a party to a subsisting agreement in relation to the electronic communications apparatus.

(2) If the conditions in sub-paragraphs (3), (4) and (6) are met, the main operator may—

(a) upgrade the electronic communications apparatus, or

(b) share the use of the electronic communications apparatus with another operator.

(3) The first condition is that any changes as a result of the upgrading or sharing to the electronic communications apparatus to which the agreement relates have no adverse impact, or no more than a minimal adverse impact, on its appearance.

(4) The second condition is that the upgrading or sharing imposes no additional burden on the other party to the agreement.

(5) For the purposes of sub-paragraph (4) a burden includes anything that—

(a) has an adverse effect on the person’s enjoyment of the land, or

(b) causes loss, damage or expense to the person.

(6) The third condition is that, before the beginning of the period of 21 days ending with the day on which the main operator begins to upgrade the electronic communications apparatus or (as the case may be) share its use, the main operator attaches a notice, in a secure and durable manner, to a conspicuous object on the relevant land.

(7) A notice attached for the purposes of sub-paragraph (6) must—be attached in a position where it is reasonably legible,

(a) be attached in a position where it is reasonably legible,

(b) state that the main operator intends to upgrade the electronic communications apparatus or (as the case may be) share its use with another operator,

(c) state the date on which the main operator intends to begin to upgrade the electronic communications apparatus or (as the case may be) share its use with another operator,

(d) state, in a case where the main operator intends to share the use of the electronic communications apparatus with another operator, the name of the other operator, and

(e) give the name of the main operator and an address in the United Kingdom at which the main operator may be contacted about the upgrading or sharing.

(8) Any person giving a notice at that address in respect of that electronic communications apparatus is to be treated as having been given that address for the purposes of paragraph 91(2).

(9) Any agreement under Part 2 of this code is void to the extent that—

(a) it prevents or limits the upgrading or sharing, in a case where the conditions mentioned in sub-paragraphs (3), (4) and (6) are met, of any electronic communications apparatus to which the agreement relates that is installed on, over or under land, or

(b) it makes upgrading or sharing of such electronic communications apparatus subject to conditions to be met by the operator (including a condition requiring the payment of money).

(10) Nothing in this paragraph is to be read as conferring a right on the main operator to enter the land which the main operator would not otherwise have, when upgrading or sharing the use of the electronic communications apparatus.

(11) References in this paragraph to sharing electronic communications apparatus include carrying out works to the electronic communications apparatus to enable such sharing to take place.

(12) In this paragraph—

‘the relevant land’ means—

(a) in a case where the main operator has a right to enter the land, that land;

(b) in any other case, the land on which works will be carried out to enable the upgrading or sharing to take place or, where there is more than one set of works, the land on which each set of works will be carried out;

‘subsisting agreement’ has the meaning given by paragraph 1(4) of Schedule 2 to the Digital Economy Act 2017.”

This amendment, together with Amendments 9, 11 and 12, would apply a different regime under the Electronic Communications Code to private landlords, giving automatic upgrade rights for operators to properties owned by private landlords subject to the condition that the upgrading imposes no additional burden on the other party to the agreement.

Clause stand part.

Amendment 11, in clause 60, page 43, line 38, after “land” insert

“not owned by a private landlord”

This amendment, together with Amendments 9, 10 and 12, would apply a different regime under the Electronic Communications Code to private landlords, giving automatic upgrade rights for operators to properties owned by private landlords subject to the condition that the upgrading imposes no additional burden on the other party to the agreement.

Amendment 12, in clause 60, page 44, line 47, at end insert—

“17B (1) This paragraph applies where—

(a) an operator (‘the main operator’) keeps electronic communications apparatus installed on, under or over land owned by a private landlord,

(b) the main operator is not a party to an agreement under Part 2 of this code in relation to the electronic communications apparatus, and

(c) the electronic communications apparatus was installed before 29 December 2003.

(2) If the conditions in sub-paragraphs (3), (4) and (6) are met, the main operator may—

(a) upgrade the electronic communications apparatus, or

(b) share the use of the electronic communications apparatus with another operator.

(3) The first condition is that any changes as a result of the upgrading or sharing to the electronic communications apparatus to which any existing agreement between the operator and the landlord relates have no adverse impact, or no more than a minimal adverse impact, on its appearance.

(4) The second condition is that the upgrading or sharing imposes no additional burden on the landlord.

(5) For the purposes of sub-paragraph (4) a burden includes anything that—

(a) has an adverse effect on the person’s enjoyment of the land, or

(b) causes loss, damage or expense to the person.

(6) The third condition is that, before the beginning of the period of 21 days ending with the day on which the main operator begins to upgrade the electronic communications apparatus or (as the case may be) share its use, the main operator attaches a notice, in a secure and durable manner, to a conspicuous object on the relevant land.

(7) A notice attached for the purposes of sub-paragraph (6) must—

(a) be attached in a position where it is reasonably legible,

(b) state that the main operator intends to upgrade the electronic communications apparatus or (as the case may be) share its use with another operator,

(c) state the date on which the main operator intends to begin to upgrade the electronic communications apparatus or (as the case may be) share its use with another operator,

(d) state, in a case where the main operator intends to share the use of the electronic communications apparatus with another operator, the name of the other operator, and

(e) give the name of the main operator and an address in the United Kingdom at which the main operator may be contacted about the upgrading or sharing.

(8) Any person giving a notice at that address in respect of that electronic communications apparatus is to be treated as having been given that address for the purposes of paragraph 91(2).

(9) Nothing in this paragraph is to be read as conferring a right on the main operator to enter the land which the main operator would not otherwise have, when upgrading or sharing the use of the electronic communications apparatus.

(10) References in this paragraph to sharing electronic communications apparatus include carrying out works to the electronic communications apparatus to enable such sharing to take place.

(11) In this paragraph ‘the relevant land’ means—

(a) in a case where the main operator has a right to enter the land, that land;

(b) in any other case, the land on which works will be carried out to enable the upgrading or sharing to take place or, where there is more than one set of works, the land on which each set of works will be carried out.”

This amendment, together with Amendments 9, 10 and 11, would apply a different regime under the Electronic Communications Code to private landlords, giving automatic upgrade rights for operators to properties owned by private landlords subject to the condition that the upgrading imposes no additional burden on the other party to the agreement.

Clause 60 stand part.

Chris Elmore Portrait Chris Elmore
- Hansard - -

These amendments would apply a different regime to private landlords under the 2017 electronic communications code, giving operators automatic upgrade rights for properties owned by private landlords, subject to the condition that the upgrading imposes no additional burden on the other party to the agreement.

When we talk of the digital divide in our telecommunications infrastructure, we often speak of it in terms of a divide between rural and urban areas. Indeed, it is true that a divide exists between rural and urban areas in levels of connectivity, and the Bill has been designed to help reduce the rural-urban connectivity gap, which the Labour party wholeheartedly supports.

However, a division also exists within urban areas themselves. Catherine Colloms, the managing director of Openreach, said in evidence that it is particularly difficult for Openreach and similar organisations to upgrade properties that are owned by private landlords to full fibre. Openreach alone currently has 55,802 multi-dwelling unit premises on hold. Based on this, it is forecast that 1.5 million MDU premises could be unserved by the end of the commercial roll-out.

--- Later in debate ---
Chris Elmore Portrait Chris Elmore
- Hansard - -

I have listened to the Minister and the debate that followed her speech. The argument is slightly confused, because in the oral evidence sessions, CityFibre and Openreach were in agreement on the need to address the issue. They were also in agreement on the huge deficit in meeting the Government’s targets because of issues in gaining access to flats and properties through leaseholders and site owners.

In answer to the question about the response of tenants or property owners inside the flats, the providers said that it was overwhelmingly positive; they wanted to gain fibre roll-out. As I mentioned in my opening remarks, nearly 56,000 MDU premises are on hold through the roll-out, so what is the plan? What is the solution to deal with the digital divide that is forming in cities and towns across the UK? It was mentioned in evidence that my Ogmore constituency has only 3% MDUs. If I recall correctly, the hon. Member for Hastings and Rye’s constituency was above 13% or 14%—higher again, she is indicating. The numbers increase depending on the area. How will we solve that problem?

Equally, I agree with my hon. Friend the Member for Cardiff West. We cannot simply say that, as we move to more online learning, and more remote working or working from home—business is supportive of that following the pandemic, even if the Government are asking everyone to come back to the office—people now have far greater understanding of their broadband, including its bandwidth, who installed it, who runs it and the costs, than they ever did before the pandemic because everyone needed to use Zoom and Teams; although, personally, there are days when I would rather not use them ever again.

I am minded to press the amendment to a Division, for the reasons that I and my hon. Friend set out. I am not hearing from the Minister what the plan is to rectify the problem. According to Openreach and other providers, the figure for premises on hold is going up year after year, and therefore the target will be missed, despite the Government reducing it at least twice since 2019.

Question put, That the amendment be made.