Investigatory Powers (Codes of Practice, Review of Notices and Technical Advisory Board) Regulations 2025 Debate
Full Debate: Read Full DebateDepartment: Home Office
Lord Hanson of Flint
Main Page: Lord Hanson of Flint (Labour - Life peer)Department Debates - View all Lord Hanson of Flint's debates with the Home Office
Investigatory Powers (Codes of Practice, Review of Notices and Technical Advisory Board) Regulations 2025
Lord Hanson of Flint Excerpts(1 day, 17 hours ago)
Grand CommitteeRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Hanson of Flint
That the Grand Committee do consider the Investigatory Powers (Codes of Practice, Review of Notices and Technical Advisory Board) Regulations 2025.
The Minister of State, Home Office (Lord Hanson of Flint) (Lab)
My Lords, it is a pleasure to be here today to bring forward these regulations. The Government have published an Explanatory Memorandum alongside them, and I shall begin with some brief background as to how we have got to where we are.
The Investigatory Powers Act 2016, known as the IPA, provides a framework for the use and oversight of investigatory powers by the intelligence services, law enforcement and other public authorities. I recall it well, having served on the Bill, in both draft and original form. It never fails to surprise to me that it is almost 10 years ago since the Act came into being. It helps to safeguard people’s privacy by setting out stringent controls over the way in which the powers are authorised and overseen. The IPA is considered to be world-leading legislation that provides unprecedented transparency and substantial protections for privacy.
The IPA was intentionally drafted in a technologically neutral manner, to ensure that public authorities could continue to acquire operationally relevant data as technology evolved. While this approach has largely withstood the test of time, a combination of new communication technologies and the changing threat landscape continues to challenge the effective operation of the Act.
The Investigatory Powers (Amendment) Act 2024 was introduced by the previous Government and received Royal Assent in April last year. To ensure that the legislative regime remains fit for purpose, the 2024 Act made a series of targeted changes to the IPA to enable our law enforcement and intelligence agencies to tackle a range of evolving threats in the face of new technologies and increasingly sophisticated terrorist and criminal groups.
That gives rise to the purpose of these regulations. The regulations before us bring into force three new and five revised codes of practice, which provide operational guidance for public authorities to have regard to when exercising their functions under the IPA. As well as including minor updates and changes to ensure consistency, the codes of practice have been revised to reflect various changes made by the 2024 Act under the previous Government.
The new codes on bulk personal datasets with a low or no reasonable expectation of privacy and third-party bulk personal datasets relate to new regimes introduced by the 2024 Act. The new code on the notices regime consolidates guidance from various existing codes into one place. The regulations also contain several provisions relating to the IPA’s notices regime, including defining “relevant change” for the purpose of the new notification notices. They also introduce timelines for the review of technical capability, data retention and national security notices, and amend existing regulations in relation to membership of the technical advisory board.
The regulations and code of practice have been informed by a 12-week public consultation which closed in January 2025. The Government received responses from a range of stakeholders, including interest groups, public authorities, technology companies, trade associations and members of the public. We made several changes following that consultation, including stylistic changes, further clarity on processes and changes to the technology advisory board’s membership requirement. A copy of the Government’s response to the consultation has been published and, should Members wish to see it, is available online or it will be at a future date.
To sum up, these regulations are a crucial step in implementing the 2024 Act. They will ensure that the UK’s investigatory powers framework continues to protect our national security and to prevent, investigate, disrupt and prosecute the most serious crimes. I commend the SI to the Committee.
Lord Deben (Con)
I wonder whether the Minister would be kind enough in his reply to give us some idea of the ongoing arrangements for the updating of this kind of material. He has shown that the constant need for this is because of the speedy change of the world outside. Who is responsible for it? How are they able to keep up to date and how regularly do we think we are likely to have statutory instruments updating the material that we have? We are dealing with an ever-changing scene which is changing ever more quickly. I would like to understand the government structure that enables us to make satisfactory changes rapidly enough to see that we are fully in control.
Lord Davies of Gower (Con)
My Lords, I thank the Minister for introducing these regulations. These regulations implement key provisions of the Investigatory Powers Act 2024, which was passed by the previous Conservative Government. These regulations introduce three codes of practice and revise five existing ones.
The new codes provide a framework for two regimes introduced by the 2024 Act— the treatment of bulk personal datasets where there is a low or no reasonable expectation of privacy, and the authorisation of access to third-party datasets. A third new code consolidates guidance on the notices regime, including the operation of notification notices and what constitutes a relevant change—a key test for when telecoms operators must inform the Secretary of State of technical updates.
The revised codes also enhance oversight and safeguards by clarifying the conditions for lawful access to data, strengthening protection for journalistic material and requiring notification of serious data breaches where it is in the public interest. These regulations also make important structural updates to the technical advisory board, expanding its membership and adjusting its quorum rules to ensure it can operate effectively when dealing with complex or concurrent reviews.
We welcome these provisions and, with that in mind, I raise several broader points. First, on legislative responsiveness, these regulations reflect the speed at which both threats and the technologies behind them are evolving. The 2024 Act rightly introduced flexible tools for handling internet connection records and bulk data. But agile legislation should not rely solely on periodic amendments. Can the Minister confirm whether the Government plan to conduct regular reviews of the framework and whether a structured timetable has been established to ensure that the legislation continues to meet operational needs?
Secondly, on stakeholder engagement, the Government’s consultation included contributions from technology companies, civil liberties organisations and public bodies. Although this engagement is welcome, several respondents raised concerns, particularly regarding the practical implications of notification notices and the definition of “relevant change”. Given that, can the Minister outline how the Government intend to maintain an open and ongoing dialogue with stakeholders as these codes are implemented?
Finally, on oversight and accountability, the powers under discussion are significant. Their legitimacy depends on effective safeguards; this is especially true for third-party bulk datasets, where individuals may not reasonably expect their data to be protected. Can the Minister confirm that the revised codes provide the Investigatory Powers Commissioner with the necessary clarity and authority to ensure that these powers are exercised lawfully and proportionately?
The 2024 Act was designed to safeguard national security in a rapidly evolving digital world. However, the use of investigatory powers must always be lawful, properly overseen and proportionate in its impact. Although these reforms offer practical steps to modernise the existing framework, we must ensure that these powers are used responsibly, reviewed regularly and held accountable, balancing security with our democratic values.
Lord Hanson of Flint (Lab)
I am grateful for those two contributions. First, the noble Lord, Lord Davies, mentioned again how the Government will keep these matters under review. He will know that, basically, the 2016 Act was passed on the basis of cross-party support. The 2024 Act was a review of whether the 2016 Act needed to be amended further, while the regulations before the Grand Committee today are the outcome of some of the changes to that 2024 Act.
The Investigatory Powers (Amendment) Act made a series of targeted changes to ensure that the regime was fit for purpose but, self-evidently, the Home Office will keep under examination the new technology and the need to make any further amendments. I cannot give the noble Lord an assurance as to when and how that will be done, but he can rest assured that if amendments to the 2016 Act, which was amended in 2024, are required, they will be brought to the House as a matter of some urgency.
The noble Lord, Lord Davies, also mentioned public consultation; I very much welcome his welcome for of these regulations today. The responses that the Government received included various suggestions for amendments to the draft codes of practice and the regulations. We have made changes as a result; these are quite wide but include changes to the Technology Advisory Panel’s membership requirement. I know that he mentioned telecommunication companies in particular. Again, we are satisfied that there was sufficient input from them during the passage of the 2024 Act and that the points they raised were taken into consideration when preparing the codes. Obviously, again, we need to examine the wide space between telecommunications companies’ powers and responsibilities, including their responsibility to protect the individual and the consumer. I think that we have got the balance right here.
The noble Lord, Lord Davies, asked about oversight. Strong safeguards are in place to ensure that investigatory powers are used in a necessary and proportionate way. There is independent oversight by the Investigatory Powers Commissioner and the right of redress via the Investigatory Powers Tribunal for anybody who believes they have been the victim of unlawful action by a public authority using covert investigative techniques. The Investigatory Powers Commissioner independently oversees the use of investigatory powers and will ensure that they are used in accordance with the law and in the public interest. Several other powers—I hope this also reassures the noble Lord—are subject to the double lock, where warrants must be signed by the Secretary of State and an independent judicial commissioner. These powers are deployed only in connection with the most serious of crimes or national security.