The Minister for Media, Data and Digital Infrastructure (Julia Lopez)

- Hansard -

Copy Link

-

Q Thank you for coming, Anna. It is good to see you again, and I am grateful to you for taking the time to meet me earlier. It would be helpful to understand how the curve of difficult cases has changed. You will know that in 2017 a lot of reforms were made to the electronic communications code and, initially, there were difficulties in finding the right balance between the rights of landowners and the interests of telecoms operators. A larger a number of cases arose, but certainly from my experience as a Minister, the number of difficult cases seems to have evened out. Is that the experience of Protect and Connect?

Anna Turley: Thank you for meeting us to discuss our campaign. I should have mentioned at the outset that we represent all the site owners around the country who host telecoms communication infrastructure on their land.

I am afraid that we are not seeing the same tailing off of difficult cases; a number of cases are continuing to come to us where leases are up for renewal, yet telecoms companies are behaving in quite an appalling way. We have cases of rent reductions, often starting at 90% to 95%, and that is par for the course—it is not a small handful of extreme cases. In a large number of cases across the country telecoms companies are coming in often with very aggressive legal notices, which are quite intimidating and making people feel that they are being steamrollered by those large companies. People feel that they have no ability to participate in the legal process, and are obliged to take those cuts of 90% to 95%. If you are small community group, a church or a sports club, the difference between £4,000 and a couple of hundred is huge and has a great impact, especially when you believed that you had that income for the next 10 years. The impact on people has been huge and it has been pretty devastating since 2017.

Our frustration with the Bill is that it fails to address the root causes of that problem. The valuation issue is affecting people deeply, and the Bill will not deal with that. Those cases will continue to arise, and in fact the Bill will expand the number of people who will be affected by the 2017 code through the Landlord and Tenant Act 1954 and the Business Tenancies (Northern Ireland) Order 1996. Between another 3,000 and 4,000 people in Ireland will be affected by the 2017 code changes, as well as thousands of others across the UK. Those cases will not diminish, nor will the huge drops in rent, and that is having a devastating effect on a lot of small landowners and property owners around the country.

Julia Lopez

- Hansard -

Copy Link

-

Q Could you be a little bit more precise on case numbers? How many people have directly approached Protect and Connect to ask you to lobby on their behalf? You have said that there are still a large number of cases, so can you put a number on that?

Anna Turley: I would say that we are dealing with in the region of a few thousand. I have a number of case studies from Members’ constituencies around the country. I am afraid that I do not have a total overall figure, but there are 33,000 site owners around the country who are affected by this. Thousands of affected people have come forward to us via social media and lobbied their MPs. I would be happy to write to the Committee with a full number, but as I said, it is in the thousands. This is not a small number of unique people; this is par for the course. Colleagues here will represent their members in such cases, too. They are not a small minority that we have cherry-picked; this is happening across the board.

The campaign was set up because there was no way for, say, a church in Scotland, a rugby club in Wales and a farmer in Surrey to come together to stand up for their rights as landlords, to talk about how this was affecting them, and to have their voice heard by Government. Legislation was continuing to be developed, through pressure from mobile operators, which have long-standing and strong connections with Government through their large lobbying organisations. The views of ordinary people about the impact of the legislation on them were not being heard.

Julia Lopez

- Hansard -

Copy Link

-

Q Thank you, Mr Stringer, and thank you to all the witnesses who have come here today.

John, you rather touched on the challenge: this is an area that is very dynamic. All of us are learning what the security risks are, and in Government—which often moves very slowly—it is a particular challenge to manage such a dynamic, changing picture. That is why in this legislation, we have set out some broad principles and basic requirements, but a lot of this has to be secondary legislation so we can keep up to speed with all the changes that are going to be happening to connected devices, and some of the risks that will come with that. I think it would be very helpful if you could set out for the benefit of the Committee how this picture has changed over the past few years, where you think things will be moving, the extent to which connected devices will be in our homes in future, and some of the security risks that will present.

John Moor: When I started out seven years ago, I was invited to take a look by the chairman of the organisation I was working for at the time, the National Microelectronics Institute. He was the CEO of an IoT company. I confess, I had not seen what the challenge was, so when he invited me—“John, go and take a look at IoT cyber-security”—I thought, “Why me? What’s the challenge? Isn’t this thing just a tiny part of a well-established body of knowledge about cyber-security, and why me?” My background is in electronic engineering—semiconductors.

As it turned out, when I went and had a look, it did not take me very long to realise, “My goodness, there is a real problem here.” I remember that at the time, a word I was using often was “egregious”. As effectively a student coming into it, trying to understand the space, I looked at the evolution of computing, broadly speaking. In one era, we had computers—desktops, laptops—and we connected them up, and the security around those was pretty dire at one point, but we started to get on top of that. It is not perfect now, but it is a lot better than it used to be, and we are all very familiar now with doing security updates. The next phase was mobile. Mobile was not quite as bad as the era of PCs. It was better—still a few problems, but much, much better. Then we got to this thing called IoT, and it took a complete reset. It was totally egregious.

I come from the world of embedded systems engineering, and one of the first events we did was a summit we ran at Bletchley Park in 2015, just to do a landscape piece—just to try to understand it from chips to systems, bringing in the regulator. We had a representative of what was then the Communications-Electronic Security Group, but is now the National Cyber Security Centre, to try to understand where the issues are. Part of the problem, I think, is what I learned there as an embedded systems guy. We had a pen tester there, and he said, “If a researcher comes knocking on your door, don’t turn him away.” I thought, “That is a really interesting thing. What is he talking about?” We were talking about vulnerability disclosure. For someone who comes from embedding air gap systems, security was not a thing. It does not take you long to realise that when you start connecting things up, suddenly you expand this thing called an attack surface. Attackers can come from many sources, not in proximity to the thing that you are working on. Suddenly, you have this massive attack surface.

The whole idea about IoT—internet of things—is about connecting things up, so by its very nature, you are vulnerable. These things can come at you from many angles. What does that mean? It means different things to different people. I tried to understand what this thing called security was about. I immersed myself in the security community and straight away I realised there were different groups. If people start talking to me about data, they are usually coming from a data security or information assurance-type background. If they talk to me about availability of systems—keeping systems up—they usually come from an operational technology. What I mean by that is the sort of things we find in industry—process and manufacturing.

Then we have this thing called IoT. One of our board members expressed it very well. He called it the “invasion of IoT”. What I took from that is that this technology is coming at us, ready or not. We established in those early days that we needed to have a response. The need is now. We could not wait for new standards and regulation, which is why we set up the IoT Security Foundation. Our centre of gravity is in best practice. It is saying, “Can we help manufacturers who do not yet see that the very fact that they are starting to connect things up poses a risk?” They did not, but now we are in a much better state. The body is developing.

I am delighted to be here to talk about this regulation. More needs to be done, without a doubt. A seminal moment for me was at the very first summit that I talked about. We had the chief technology officer of ARM, a chap called Mike Muller, give a talk in which he said, “The ugly truth is this: you will get hacked.” That was quite an epiphany for me, because coming from an engineering background, we engineer our systems to be virtually perfect, but what we are witnessing now is that security is a movable feast that evolves. Out in the wild, things change. New vulnerabilities are discovered. Yes, you can do all you can to engineer it up front, but guess what? Once it is in the wild, this thing called resilience is so important. What that means, especially in terms of this regulation, is the software updating part and especially the vulnerability disclosure. They are absolutely essential parts. That is part of what I have learned on the way.

I come to refer to IoT security as a “wicked challenge”. By that I mean that I do not think we will ever perfectly fix it, because it is always moving, but we can address it. We can mitigate the risks to a level that we are comfortable with and can accept. Again, another phrase I learned is, “Don’t let perfect be the enemy of the good.” This is all good. This is progressive. This is what the world needs. Being part of the regulatory process to get here today, it became apparent that getting regulation right is so difficult. It is so easy to get it wrong, but going through the process, this is a regulation that we can wholeheartedly back. We think it is absolutely the right thing. It takes a step; it gets us on that security journey. We often talk about an on-ramp of security. It is about maturity. In terms of regulation, this is a fantastic first step, but more will come. The way it has been set up is exemplary. We can evolve it over time as we have to ratchet up the security for the benefit of consumers and society. I hope that little ramble gives you some idea about my journey and where I think we are at.

Julia Lopez

- Hansard -

Copy Link

-

Q It would be helpful if the other witnesses could also set out the context from their perspective. I am particularly interested in Google’s view, given it is a company with vast resources and a lot of expertise. There is a challenge for smaller operators about how to fulfil basic security requirements and how you think the basic set of requirements will help start that conversation with people who may not have even thought about the security of their devices before the legislative requirements come in.

Dave Kleidermacher: Let me start by saying I am so appreciative of the leadership role that the UK Government have taken to help us get to a better place for IoT security. I have been working closely with the Department for Digital, Culture, Media & Sport and NCSC for the past couple of years leading up to this. I have worked on how to measure security in digital technology for almost 20 years, and I believe that the lack of transparency in what the security ingredients are for digital technology has been one of the headwinds facing the entire digital world, even before the IoT was called the IoT. Of course, the IoT has made it much more urgent that we address this.

I agree that the minimum requirements we are talking about here are a really good starting point, but as we move forward and look at the secondary legislation, the really big challenge is how we scale this. The question about smaller developers is something that I am quite concerned about. At Google, we build our own first-party products but we also develop global-scale platforms. On Android, we have many manufacturers of devices across all different price points. We have millions of app developers across the world with whom we connect and work in all sorts of different environments.

One of the biggest challenges is how to monitor and measure these requirements, and how to make that work for small businesses in particular. That is the area I have personally been putting a lot of time into over the past couple of years. How do we build and establish an actual practical mechanism or scheme for measuring security at scale? There are a lot of details that go into that, but at the end of the day, we need a hub and spoke model. I can give you an example of a failure mode. The UK is, again, taking a leadership role, but many countries are looking at similar kinds of ideas and legislative concepts. The problem is that if every single country decides to create its own testing scheme for how to measure this, imagine how difficult it would be to have, say, a webcam or smart display, and then go to each country and provide documentation, provide the test results, explain how it works and go through a testing mechanism for every country.

As an example, for our Nest Wifi products, Google has had public commitments and transparency about our desire to have third-party independent security labs to test the products and assess compliance to these common-sense requirements. We have been doing that for a while now. We certify all of our products that way, but then a couple of countries at the leading edge of this started to ask us to certify again their schemes, and we did. That was a lot of work, to test to one scheme and certify and then do the same for another country with a different set of rules. The product did not change at all; it did not get any better because we were already certifying it. However, the work and the cost of doing that were significant. If we scale that to the full IoT, to all the countries which are interested in this—they all should be—then you can imagine how quickly it breaks down.

The hub and spoke model is looking at how we can work together to build a public-private partnership where there are non-government organisations, typically well-regarded international standards bodies, which take the great standards that we are developing, such as the ETSI EN 303 645 international specification on security requirements, which the UK has led in developing, and translate that into a practical conformance regime. An NGO can take that specification and the test specification—a sister specification, ETSI TS 103 701—and test a product once to have it certified for use in all of the different nations which adopt the same standard. That is the trick to this—the hard part that has to be solved as we move forward.

Dan Patefield: I think John and Dave have already mapped out the ever-growing risk landscape, so I will not reiterate that. From an industry perspective, there is clearly strong support for the ambitions of the Bill we have been discussing today, in implementing a minimum baseline that everyone should work to. Certainly, large swathes of industry are going beyond that, as Dave has outlined. I think I would join the other panellists in commending DCMS on the leadership that it has shown in developing the framework, not just with this legislation, but with the code of practice in 2018. I also commend it for playing a key role in developing the globally recognised standard in this space, EN 303 645—I always get that number wrong. The challenge that we have, and I am sure that we will come on to this, is that the code of practice—we supported its development and engaged industry in it—created an outline for best practice. However, it was never prescriptive; it was broadly focused. The practical challenge now is translating that into regulation that is workable for industry and consumers. I am sure we will move on to that, so I will leave it there.

Julia Lopez

- Hansard -

Copy Link

-

Q Dan, you touched on the challenge about the need for simplicity, so that this very complex area is at least understood on a basic level—a general hygiene that everybody needs to apply. Ultimately, there is a need to thrash out a lot of this via secondary legislation. I wondered to what extent that basic requirement has helped you have conversations with other members of your organisation who may not have been aware of some of the challenges coming down the line. Also, does the basic three-point requirement that we will be introducing help the conversation with consumers about what they need to do, and some of the things that they need to be demanding of products when it comes to security?

Dan Patefield: Going back to the code of practice, I am confident that across all 13 of those areas many companies have made good progress, and will continue to develop best practice that goes far beyond those requirements. I think it is a good approach to start with the three requirements that are included in the Bill; it is not the case that industry will be surprised by what comes out in secondary legislation. The practical challenge is translating the non-prescriptive code of practice into something that will be more prescriptive by definition.

There are a number of areas where I think there is more work to be done to smooth the path to compliance, if you like. We have got various elements. We have got the standard—that is not going to be a surprise. We know the security requirements—they are not a surprise. What we have not got is the boring bit—the technical specification that people in compliance teams within manufacturers are worried about. Quite often they have to then communicate that to their HQs—which are often in different parts of the world—and say, “We have got legal certainty that this is how it is going to work and this is how we achieve compliance”. That is the bit that we have not yet got.

Julia Lopez

- Hansard -

Copy Link

-

Q Just one final question for Dave Kleidermacher. You talk in your submission about not having static labels, but live labels. Can you take me through how that would look in practice for the consumer?

Dave Kleidermacher: It is a really important distinction, as we look at the so-called security ingredients in digital products. The analogy to food is a good one—but it also has its limits. What is good about it is that consumers deserve to have information at their disposal to be able to make better decisions about their health; in the case of food, that is their physical health, but in the case of digital technology it is their digital health. The concept that a consumer should easily be able to get a sense of the security status of a product is a very good idea. However, the main challenge is that food contents do not typically change—there can be a printed label that works okay. However, in the digital world, it could happen that you ship a product today and then there is a severe critical vulnerability, perhaps a hardware problem, that cannot effectively be mitigated or even patched. If that happens in the future, even a day after you have shipped it—this is a worst-case scenario—then if you try to put an attestation on the static label that the product is “secure” or meets these requirements, that attestation could be immediately incorrect. In fact, it could be dangerously misleading, and give consumers a false sense of security, so I believe that, while the ingredients label is essential, the user needs to have transparency. The consumer needs to have visibility here.

That label needs to be a live label. A simple example would be a QR code on packaging, although I am not sure how much consumers really go back to their packaging. We should also stress in-product experience wherever that is practical. It will not be practical in the case of every electronic product, but there is typically an app to manage many of our consumer IoT products. The app can provide an experience where the consumer can get the real-time, current status. That status can be as simple as a link that takes you to the certification page. As I mentioned earlier, we can have NGOs that establish the conformance programmes that we need to help to measure the security. It could just take you to the certification page to see the real-time status. If a product is deemed unsafe for use, it will become decertified, and the user will then know it.

The Minister for Media, Data and Digital Infrastructure (Julia Lopez)

- Hansard -

Copy Link

-

Q29 It would be helpful if, for the Committee’s benefit, you could set out your own background and interest in this area. I would specifically like to ask you about how this fits with international regulation of this space. What are other countries doing? Some of the witnesses on the last panel discussed the potential challenges if different countries are doing different types of regulation in this area. How can the UK show leadership in this space and try to minimise the burdens on businesses while protecting, and maximising the protection of, consumers?

Professor Carr: That is a very good question. In terms of international alignment, aligning these kinds of laws across jurisdictions is a challenge. I want to say from the outset that regulating emerging technology is understood to be a deeply problematic and challenging area. It is something that the UK in many ways has led on. A lot of thought leadership has come out of the UK on this. As David said, the work that has led into the Bill has been going on for many years in the UK, and has been funded by the UK Government through universities and industry. A tremendous amount of background work has gone on. There is the PETRAS—privacy, ethics, trust, reliability, accessibility and security—consortium, which was originally the cyber-security of the IoT consortium. We have worked on that for many years with David and others. The UK really has led on this. When we look at what is happening here and now, you would have to say that this is a country that is able to confront those kinds of difficult challenges and think about ways through them. No one is saying that it is easy; it will not be, but this is a very good start.

When it comes to looking at international alignment and the impact on industry, and particularly the manufacturers of these devices, there is already a lot of alignment. I have been doing some work through the World Economic Forum, where I am chair of the Council on the Connected World. On 15 February, we launched a global statement that spoke to the three initiatives that are being considered here, and an additional two in terms of IoT consumer devices. That statement has been endorsed by more than 110 organisations around the world, including Microsoft, Google, Qualcomm, DCMS, RISCS—my institute—and indeed David’s organisation. There is a tremendous amount of international support for these initiatives and more. A lot of them are big industries, so I do not think there is necessarily a disconnect between governance of emerging technology and what is helpful for industry actors; I think there is actually a lot of alignment.

David Rogers: I will just point to some specifics. There is work ongoing in India, Australia, Singapore, Turkey, and the US, and many of those countries—and many I have not listed—base their work on what was originally the UK code of practice. The UK’s code of practice was taken to ETSI, the European telecoms standards body, and was made into a European norm. That really, I think, has given the confidence for other countries to be able to adopt that as a scrutinised and good piece of work.

That is obviously not in isolation. ETSI is an industry-led organisation, and a lot of the work that has gone into that in advance, including through DCMS and NCSC, has been about looking at industry-based best practice. Organisations such as the GSMA worked on this in 2014, and, prior to that, in the smartphone world, have been building in hardware security and other measures, which have hardened connected consumer devices, so that work is certainly not in isolation. We are really standing on the shoulders of giants here, because a lot of the work is done; it is in endorsing good practice, and I think that is what the other countries are seeing, and they really have seen leadership from the UK in this space.

Julia Lopez

- Hansard -

Copy Link

-

Q I wonder if you could set out some of the challenges in this space, in relation to the fact that there is such a breadth of devices that need to be governed, with different vulnerabilities, and how we try to ensure that we keep pace with all of the changes in technology that will be coming down the line. There are also the specific requirements of different types of connected devices, whether watches or fridges.

David Rogers: I will address that. The beauty of the IoT is that there are all these fantastic things being developed. When we started to look at what we could do, and a code of practice, we wanted to ensure that we did not constrain innovation by mandating specific technical measures that might prevent some fantastic product being created. That is why we took quite a high-level outcome-based approach.

That also meant that it was measurable, even by consumers. If you look at the top three guidelines of the code of practice that have made it into the draft legislation, a consumer can look at those things, which I would call “insecurity canaries”. If you see that a manufacturer does not have a vulnerability disclosure policy—so hackers and security researchers, for example, cannot report things to them—that is a big red flag, and I would not be buying that product. It is the same if the product does not have software update support, and so on.

We took a proportionate approach to the code of practice, and I think that that also led to the industry endorsement of it. This morning, I heard the techUK gentleman saying it is not specific enough; well, actually, the ETSI EN 303 645 is quite specific, and the compliance specification that goes with it is even more specific. For some bad practices, I do not think that we could be more specific than saying “Don’t have default universal passwords”. We want to get rid of “admin” and “admin”. That is a ridiculous situation, in some parts of the market, that is unacceptable, and we must eliminate it from the market.

Julia Lopez

- Hansard -

Copy Link

-

Q Do you have anything to add on this, Madeline?

Professor Carr: Just to say that we cannot anticipate all of the new devices that will come on to the market, of course. I think what David is saying is that it is necessary to have that kind of flexibility to adapt and accommodate those, as they come on to the market. However, it is really long overdue that we do something about this.

There are two types of security in these devices that we understand at this point, which need to be taken into account. The first is the security of the data that flows through them. Although they are very different devices, that is, in many ways, a common problem in securing data—particularly, of course, personally identifiable data. The second issue arising from IoT devices is that many of them have an impact in the physical world. That then begins to blur cyber-security with safety, and we have very different ways of approaching cyber-security and safety. What we tend to do with safety is test things, over and over again, until they break; then we know how they need to be built or constructed. That kind of homogeneity in an approach to design is very bad for cyber-security, because that is what gives us vulnerabilities across the whole landscape. Those are the kinds of issues that we need to grapple with. The devices themselves will continue to emerge and evolve, but the problems that we are grappling with now are common across devices, in a way. Legislation such as this will go some way towards addressing those problems.

Julia Lopez

- Hansard -

Copy Link

-

Q David, I was interested to know that you were involved in the kind of practice being drawn up. I would be interested to understand the journey we have been on here; there has been an acknowledgment that a voluntary code of practice is not enough and legislation is required. Can you take us through that journey to legislation?

David Rogers: Yes, originally there was a “secure by design” committee set up with various companies—Madeline and I were on that committee. There were various discussions about the best way forward. I remember one suggestion being that all we needed to do was to educate consumers. After I banged my head on the table quite a lot, I think that in the end we realised that it should not be on consumers. They are not the ones who are creating the insecurity in the product and they are not in a position to do anything about it either—they are mainly victims. It was recognised that a lot of those issues have been in products for many years; I go back to the default password issue, but there are many issues around things such as lack of support for software updates.

I drew up the original code of practice and worked closely with National Cyber Security Centre and the Department for Digital, Culture, Media and Sport. I also worked with academia and the security research community, who are hackers from around the world who have been campaigning for those issues to be dealt with for years, because they are seeing it directly in their work. We spent a lot of time getting it right; we worked at the Information Commissioner’s Office on some of the elements related to GDPR.

A voluntary code was published in 2018. However, manufacturers were put on notice at that point. By 2018, it was made public that this was the expectation; we expected the industry to improve. Some quarters were probably already compliant; you heard from Dave Kleidermacher this morning, who led the way in security improvements on mobile devices—from their perspective a lot of the stuff in the 13 requirements was already done. However, many parts of the industry have done nothing. It seems to me that they are quite happy to sit back and do nothing. That is why I think this work is necessary; there is a need for the big stick of enforcement, to be honest with you. They have been given plenty of chances, and not just since 2018—it is since the 1990s. It seems acceptable to them to carry on doing the same things that they have always done, such as buying in the really cheap software that is completely open and has old protocols and legacy issues that should have gone years ago. I am entirely supportive of taking action now— they have been given enough time. They should not wait for the 12 months—or whatever it is—for certain things to become mandatory. They should be doing this because it is the right thing to do for their customers.

My company carried out some research for the IoT Security Foundation on vulnerability disclosure. Again, that is something that is very visible; you can go to the website and see whether that company is open to security researchers and hackers reporting security issues to them. There is then a process that has been ISO-defined since 2014; it is dealt with and then the issue is made public once it is fixed so that consumers are secure. We discovered that about one in five of the companies that we surveyed—there were about 330 companies from around the world, representing thousands of products—was actually providing that to security researchers. That means that four in five IoT manufacturers did not have any way for security researchers to contact them. That is totally unacceptable, so we do need to take action. The companies have been given enough chances.

Julia Lopez

- Hansard -

Copy Link

-

Q Finally, I just wonder how we use this as a moment to increase consumer awareness. You both suggest that the onus should not be on consumers, but as a Minister I am still concerned that people do not entirely understand what we mean by “internet of things” and the extent to which we will have even more connected devices in the future. Could you set out what the security challenge will be in the future, in your opinion, and how we try to use this to educate consumers so that there is an informed customer base when product decisions are made in this area?

Professor Carr: I think the element that will impact consumer decision making the most will be the length of time for which the product will be supported. I remember having the conversation in a room in DCMS all those years ago about how we could possibly be expected to spend £1,000 on a phone that will not work in 18 months, that the company knows will not work in 18 months—it will not be supported—and to not have access to that knowledge. This is not just about putting labels on things; it is about the fact that we could not find out even as an informed consumer. I think the length of time for which the device is supported will have a major impact on consumer decision making and probably more than the other two things, because a lot of people do not care about passwords and a lot of people do not know what a vulnerability disclosure agreement is or what that means. Knowing for how long the device will be secure is like having an expiry date put on it.

That is an example of where a kind of market driver can impact consumer decision making, but one of the things that we know about cyber-security more generally is that, very often, market drivers do not work in this space. There is not really, to be honest, all that much of a market for cyber-security, as people do not really care about that. That is why we need to think about moving beyond the dominant narrative over the last 50 years that Governments stifle innovation. Even if we go right back to the beginning of digital technologies and the ARPANET and DARPANET, those things were wholly supported by the US Government. They were funded by the US Government; they were invested in by the US Government for decades before the private sector came on board. So there are these points where it is absolutely necessary for Governments to be involved and for governance to happen, because we cannot see the future. If people begin to lose confidence in these devices and they begin to fear—“I don’t want my child to have something like that. I don’t want Alexa in my house. I don’t want people listening to my conversations etc.”—all the incredible benefits that we can extract from those technologies will go by the wayside.

I will give just one very clear example of this. If you think about the huge effort that the banking sector put into making sure that people felt confident about banking online, spending money online and tapping their card—“When something goes wrong, the bank will take care of you”—the reason, the logic, behind that was that if people began to think, “It’s not safe to bank online; it’s not safe to use my card in these little shops,” they would stop doing it. It was that investment in regulating it, locking it down and making sure it was safe that has allowed us to get to this extraordinary situation where you can walk around with no wallet and just a phone. It is that thinking that is important now.

David Rogers: I think the transparency point is fantastic. This work is not done in isolation. There is lots of work going on about lengthening software updates for lots of types of products, and there are different regulations happening in Europe and so on. Consumers should not have to know about the details. Madeline has said this. They have an expectation, a very reasonable expectation, that they will not be arbitrarily hacked into. We have all read the stories about things like baby cams being hacked into. That is totally unacceptable, because at the end of the day the company that created and sold that product that was insecure at the time it was created is responsible for it. Of course, they did not hack into it, but they left all the doors open, and they sold that product and made money and profit from it.

Yes, I believe that consumers should know that they are being looked after, and the length of time that that is provided for helps them to make an informed decision—it is a free market. Also, security should not be a luxury for the rich. You should not be required to replace your iPhone, for example, just because the support ends. At the end of the day, we are all impacted by security issues. The Mirai attack, for example, was an extremely large distributed denial of service attack, which basically took down large parts of the internet. It was all those small IoT devices, routers and things that had been taken over. The attack did not discriminate between who had those devices, those older devices or whatever, but the impact and scale of that attack was the problem.

That is why we need to ensure on an ongoing basis that, as the technology develops, we can put new requirements through the standards bodies and endorse them. This is the start of that lifecycle, to ensure that those products do not enter markets like the UK.

Julia Lopez

- Hansard -

Copy Link

-

Q Thank you for attending the session. I do not know whether you watched this morning’s session, but Protect and Connect and other witnesses put it that, since 2017 and the changes to the electronic communications code, roll-out has been even more difficult and slow, and that no progress has been made as a result. What is your response, as providers, to those concerns? Do you believe that the approach by operators has been too heavy-handed in the negotiations with landowners?

Mark Bartlett: On behalf of Speed Up Britain, we very much believe that the changes proposed in the Bill are needed to speed up the roll-out of digital connectivity across the country. Therefore, we believe that changes are required.

In that sense, though, we need to look back to before 2017 to understand the policy behind the changes originally made, and to understand that those were made in order to achieve the outcomes that the Government were already trying to establish. Without the changes in the policy of 2017, this ambition will not be met. Speed Up Britain continues to support the policy ambitions as laid out in 2017, but the fact is that the law as put down at the time is not working and created loopholes, which have been exploited, and that has meant that we have been unable to proceed at the pace we wanted.

Catherine Colloms: To give you a bit of context, Openreach is the national broadband network. We are in the process of upgrading the existing network, which is a hybrid copper-fibre network, to a new full-fibre network. The ambition is to build 25 million full-fibre homes and businesses by the end of 2026. That is a hugely ambitious target. It underpins the Government’s 85% manifesto commitment, but we have to get to a ramp of building 4 million premises a year.

We are currently building at 50,000 premises a week, so we are heading up towards the 3 million a year kind of ramp, but from pretty much a standing start in about 2017, as there was very limited full fibre in the UK at that stage. We had finished building the old network and had not transitioned through. It is a really serious challenge. If you think about the pace of build and what we are trying to achieve, being able to do things really rapidly and operationally simply becomes incredibly important.

For us, the two big pieces that the Bill can potentially help us with enormously and help supercharge that fibre build is around access, that is access to multi-dwelling units—the approximately 6.1 million blocks of flats in the UK—and access to rural parts of the UK. There are some urban as well, but if you think about how we build, we have a duct infrastructure but we also have a very extensive pole infrastructure. For most of our rural build—we have committed to building 6.2 million commercial rural, which goes beyond the Project Gigabit programme that the Government are talking about to the hardest-to-reach areas—we are going to have to do most of that over our existing pole network. At the moment, the Bill makes some changes that are helpful and which progress us forward by allowing us access to upgrade our current infrastructure on underground ducts. What it does not do is allow us to upgrade the infrastructure we have in place, either over the pole network or in those blocks of flats.

If you think about what we have in place today, we have our existing network, so we have the ubiquitous either copper or hybrid copper network that is there today in pretty much all of these premises, all across our poles. We are trying to upgrade that network to full fibre as rapidly as possible and to do so, it would be incredibly helpful if we were able to upgrade our existing infrastructure. The Bill at the moment allows us, as I said, to do that through underground ducts. It is not going to allow us to get into either MDUs to upgrade more rapidly—we estimate that something like 1.5 million MDUs could be at risk based on our experience of unresponsive landlords and our inability to get in—and it also does not allow us to automatically upgrade our property and the infrastructure that we have over the pole network.

To give you a bit of context, we have 1 billion metres of cable over poling at the moment. The vast majority of the rural network is served over poles, so for us it is really important to be able to deliver those 6.2 million commercial rural, but also potentially the Project Gigabit programme. We have been working in Scotland on the R100 programme—the “Reaching 100%” Scottish Government programme. We need one wayleave for every 16 premises, to give you the sense of scale. We are finding the ramp very challenging and because of the scale and pace that we are trying to build at, what we really need is ease of access, ease of upgrade and that is the opportunity we think with the Bill.

Simon Holden: I think we are talking about two different sets of infrastructure here, which is worth explaining. We are talking about mobile and then we are talking about fixed-line fibre access. CityFibre is rolling out a fibre access network, mostly to consumers in the home. We are doing that across a footprint of 8 million households in the UK. The reason I wanted Catherine to go first is because we are utilising Openreach’s duct and pole infrastructure for three reasons. First, because it will allow us to go faster because we do not have to dig up the streets and lay ducts ourselves or put many more telegraph poles down. Secondly, because we are reusing and so can lower our cost, which means ultimately lower prices for the consumer. Thirdly, because it is just much more environmentally friendly if we can reuse those assets.

We are in favour of that, but at the moment we have this split between pre and post-2017 access. Our view at the time was that that made a lot of sense. Five years on from that now, it is a somewhat arbitrary split. So we think dealing with that is the right thing to do. In particular, the draft Bill’s proposals on ducts look fine to us. We would echo the point about poles. For us, poles are really important in rural, but also in Scotland. It turns out that in Scotland there are a lot of poles sitting in people’s backyards and just being able to access those to put our infrastructure on means that we can accelerate getting fibre access to all those homes. In our footprint, there are probably up to about 200,000 homes that we can access quickly if we can get that right, so we think that there is a real advantage to doing that.

For us rolling out fibre, there is a balance that you have to have here between access all the way through into the home, back to the public domain where, as a code operator, we can build in the public domain. I think we would say that our experience of getting landlords to come to the table is mixed and that the alternative dispute resolution mechanism proposed here is a good one to push that timetable down, so we can get to an answer.

I would also say, however, that when we get into the home, into a block of flats, the tenants really want the service. We have found that, once we have got the landlord and the landlord has given us the wayleave so we can connect into the front door of the block of flats, then wiring up inside is not particularly an issue. We are concerned a little with somehow grandfathering old wayleaves inside buildings, first because it does not seem balanced, but also because it will entrench the people who have those, which I would say is mostly Openreach.

In trying to promote competition and accelerate growth—to your question earlier, Minister, about whether growth has accelerated—the answer is that growth has clearly accelerated in rolling out fibre. That is absolutely happening. We have vibrant competition now, with billions of pounds being invested in this sector. Here is an opportunity to make it go faster, for us all to benefit with a frankly lower-cost solution.

We feel that what is on the table with that landlord dispute resolution mechanism is good. We do not feel that we need to go inside the building, frankly because once tenants have access to it, landlords are more than willing to give that connectivity, because they have happier tenants as a result. We have not found that that is a real impediment to us.

Julia Lopez

- Hansard -

Copy Link

-

Juliette, did you want to add anything? You do not have to.

Juliette Wallace: I was not going to add any more to what Mark said on behalf of mobile.

Julia Lopez

- Hansard -

Copy Link

-

Q This morning, a rather unflattering depiction was created of the behaviour of operators towards landowners. “David and Goliath” was a term that was used: using financial might to bully landowners. Do you accept that characterisation of operators’ behaviour? It was also suggested that people might be disincentivised to have any infrastructure on their land, because of low rents, and that that will therefore slow roll-out to the detriment of everybody who shares our aim of better digital connectivity. It would be helpful to have your response to some of those assertions.

Mark Bartlett: Speed Up Britain represents the MNOs: Cornerstone, MBNL, Cellnex, which is a towerco, and DMSL, WIG and the industry as a whole. I will put some facts, some numbers, on the table to help us understand what we are doing.

Since 2017, we have completed about 1,000 agreements, of which 85% have been consensual and reached without any recourse to any of the processes associated with the legislation. Over and above that, 14.5% approximately required some form of exchange of letters of notice, but then moved quickly to agreement, and only 0.5% of any of those discussions ended up in the tribunal. In my experience, those that ended up in the tribunal have been the industry—us—versus the industry, or land aggregators, to be blunt.

The facts speak for themselves. In the main, as an industry, we run over 30,000 towers, which are visited frequently in order to upgrade, to maintain and to support the connectivity of the country. We do not see a landowner community, a landlord community, our partners as such, in a wall of non-co-operation, but almost the opposite. We speak to our landlords very frequently, we interact with our landlords very frequently, and therefore I do not recognise the characterisation as stated this morning.

Catherine Colloms: I am happy to talk from a fixed perspective. Generally, we have pretty good relationships with a large number of our landowners. Fibre and the copper and duct infrastructure we have is not a revenue generator for most landlords. You will have heard Charles Trotman this morning, from the CLA. We have agreements and rate cards, which were negotiated with the CLA and the NFU. We work closely in particular with those kinds of rural players to ensure that we have those in place. They are very effective and seem to work very well.

Just to give some kind of context for fixed, we do not tend to have these kinds of disputes, to the extent that you are not going to make a ton of money, frankly, by having a few poles on your land. A pole rental is between £10 and £20 a year, so even if you had a couple hundred poles, which would be unusual, that would mean only a couple of grand. If you think about ducting and cabling going through, that is anything from 19p to 49p a metre, so it is not a revenue generator per se. For us, the conversation with landowners is predominantly about access.

To Simon’s point, we find that we do have quite a lot of issues when it comes to MDU access, especially given the scale at which we are trying to build. We obviously have a machine of people who sit behind to try to negotiate, wherever possible, consensual agreements or wayleaves, but we would genuinely need an army of people to try to get stuff done.

For example, some of you will know that a couple of years ago we fully fibred Salisbury, which became one of the first full-fibre cities in the UK. We tried experimenting to test the limits of access and find out what would or would not be a problem with the roll-out. After two or three years of really concerted effort, including with John Glen, the local MP, being super-supportive and with loads of local PR, we could still get into only about 79% of MDUs, because of non-responsive and non-communicative landlords. If we were to scale the MDU team that we had for dealing with the amount of time it would have taken to tackle those unresponsive landlords, we would effectively be scaling from a team of about 17 to over 300.

As Simon says, the ADR processes are helpful predominantly when there are larger landowners, such as housing associations or local authorities. They are less helpful when it comes to the hundreds of thousands of wayleaves that we need in order to get into all the individual MDUs. That is why we think that the ability to upgrade the existing infrastructure, and therefore to give tenants the connectivity they deserve, is still the right mechanism to try to ensure that we can get the upgrade as quickly as possible.

Juliette Wallace: We do recognise, as the operator side of the industry, that in the very early days of the code—early 2018, for instance—the interpretation that we were trying to explore may have been a little too over-enthusiastic, shall we say. A lot of time has passed and we have learnt from that. I think that a lot of the examples that are provided to try to support the allegation of a David and Goliath approach are from very early in 2018, and they do not exist today. I think that we have moved on a lot, but we cannot be stuck with all the allegations of the past as well.

I do not agree that the David and Goliath approach is correct. As Mark said, to the extent that it is, what we are finding with the tribunal element of the approach is that it is actually industry arguing with industry; it is not small farmers, necessarily, who are behind that negativity. It is not David and Goliath; it is Goliath and Goliath.

Julia Lopez

- Hansard -

Copy Link

-

Q Catherine, you set out some ambitions on roll-out. Were those ambitions based on the presumption that this legislation will go through, or were they based on the status quo? What would be the impact on the ambitions of your members and your company if the legislation did not go through? What would be the impact on rural connectivity, in particular?

Catherine Colloms: The current target of 25 million full-fibre premises by 2026 did bake in some assumptions about access, particularly in relation to the upgrade rights in clauses 59 and 60, through MDU and through poles. On the impact of not having it, I think there is a kind of overarching impact. If you think of the challenges of the build and the scale of what we are trying to do, the harder it is to build and the slower it is, the less we can do. We are having to re-phase and re-look at the build that we are currently targeting, as a result of potentially not getting some of the elements in the legislation.

If I take the MDU point in particular, we have re-phased some of our MDU work to the back end of the 2026 target, the reason being that at the moment we just feel we are not going to get the access. As I said, our experience is that up to 1.5 million of those total 6.1 million MDU premises will be at risk. We are seeing that in a day-to-day aspect as we build, so we have re-phased 300,000. That will go to the end of the build, which means it does not count towards the 2025 manifesto target. It will still be planned within our build, but I think what will happen is we will just have to build different bits.

When we are building this rapidly, we cannot afford to sit and wait—wait to negotiate a wayleave, wait for an unresponsive landlord to come back, wait for an ADR process. Even though we have some of these mechanisms in place, we frankly do not use them, because there is not the time and we do not have the scalability to be able to wait for all these landlords, so while we are trying to build at such pace and scale, we effectively move on. What will happen in the short term is that we will still aim for our big 25 million target, but you will get a different mix, and we are already seeing that you will have less MDU in the mix. Obviously, the concern with that is that MDU is often urban and is often local housing or in more deprived areas, so there is a risk of creating a new digital divide—in particular, if you happen to live in a block of flats versus not—because of the access issues.

On rural land, we have this ambition to get to 6.2 million. Effectively, the way that we plan and build the network is we will pick an exchange, and we will survey that area and have a plan to build, but if we cannot get the wayleave, we will not build to the village that is beyond the wayleave. We will still get to our target, but you will get more pockets left behind in different places as we build, because instead of being able to build to 80% or 85% of an exchange area, one landlord might potentially be blocking the access that gets you to the village that is over there. If you cannot cross the land, the expense of having to circumvent it and go all the way around it means that that village build is prohibitive.

Julia Lopez

- Hansard -

Copy Link

-

Q It would be helpful to know how your members believe they stand to benefit from the Bill. You say that there is a strange degree of unity among them on this legislation, but in so far as there is any disparity of view among your members, it would be helpful if you could characterise that for us, so that we have an understanding of where commercial interest sits for different types of internet providers here.

Till Sommer: Yes, sure. The Bill basically does three different things: it is access to third-party land in rural areas; it is the alternative dispute resolution mechanism on a voluntary basis; and the third area is upgrade rights. Upgrade rights, as you heard from the previous panel, is one area where there is slight disagreement because, depending on how you fix that, it might give one set of providers a competitive advantage over the others. For that reason, I do not want to go into too much detail there.

At the basic level, we want more upgrade rights, because it helps to use the infrastructure that is already there, rather than digging up the road again, putting up new telegraph poles or, as was said, just not doing something at all because the money is not there to build in that area if you cannot reuse the infrastructure. Beyond that, I do not want to go into too much detail, or I will get into trouble with my members and they will all talk to you separately.

I will take the other two areas, including access to third-party land. We have a few members who are specifically focused on rural areas. They are effectively going at the moment where Openreach does not have a strong build. They are very ambitious. They have told us quite early on that this Bill is game-changing for them. Access to third-party land in rural areas is simply the one thing that will unlock additional properties in their roll-out plans.

The reason for that is that this part of the Bill effectively mirrors something that was done a year ago for multi-dwelling units in urban areas, because it looks at a problem that our members face; I will use a very simple example. Let us say they want to reach a rural hamlet and there are three routes to it—one across a farmer’s field, one across a railway line and one across a hilly area. The most economical route is across the farmer’s field, but that field might be owned by someone who is not living in the UK, or who does not look at their emails or their post; that farmer just does not respond. At the moment, there is no mechanism to get any sort of forward movement in that situation.

So, what happens is that the provider either moves on, because they decide that it is not economically viable to take one of the other routes to that hamlet, or they say, “Actually, no, we do go across the railway line, but we descope parts of the hamlet. The money just isn’t there any more to connect every single house. It’s still economically viable to go there, round the field, but it doesn’t quite reach the whole village.”

Third-party land access provides a mechanism to get access to wayleaves, or access to land, for a limited period in those very limited circumstances. That will unlock those properties that at the moment are at risk of missing out. I am sure some of you will have seen in the past an announcement from a broadband provider—you might have even done a press release with them—saying that they are building out to x number of houses in the constituency. Then, after two years—after the roll-out programme is done—the number is not quite there. Quite often the reason for that is because the build has been more difficult than expected, there have been unresponsive landlords and the money that was allocated for that area does not quite match the ambitions.

It is worthwhile keeping in mind that roll-out is privately funded. There is Government support for the hardest-to-reach areas and we appreciate that, but outside of that it is privately funded infrastructure, with a return on investment over 20 or 30 years. We need to make an investment case. The companies, our members, need to make the investment case for their investors, for their shareholders and for their owners, that they will at some point get that money back. That is why we sometimes need to make those difficult decisions where stuff is being descoped. That is why the Bill is so important; it helps avoid those areas and unlock that bottleneck.

I mentioned alternative dispute resolution; some of our members are a bit sceptical about it, and that is largely because they roll out on a very large scale. Having to deal with thousands and thousands of ADR processes can be quite daunting, time-intensive and costly. For that reason, we believe it is good that it is done on voluntary basis, with the clear incentive provided in the Bill that the tribunal will take ADR into account. It will help a lot when it comes to negotiations with large landowners; that can include local authorities, where our members often have to negotiate a headlease or a head wayleave agreement. That can be super-complicated, because there is part of the local authority that is really keen on getting broadband, but the people dealing with the wayleave stuff do not really care because it is not in their portfolio. There are then mixed messages coming from the local authority. On the one hand they are saying, “Can you please roll out broadband as quickly as possible,” but on the other hand there are people saying, “It takes another year to negotiate the agreement.” ADR will be really useful to make progress in those very large wayleave cases.

Julia Lopez

- Hansard -

Copy Link

-

Q The legislation will make it easier to share infrastructure. What is your analysis of how that will change the economics of roll-out, but also reduce visual impairment from having new infrastructure in post? As MPs, we are all familiar with some of the concerns that constituents have about that kind of infrastructure in their vicinity. Will this help maximise the existing networks, such that we do not see more masts and so on?

Till Sommer: Yes, that is exactly right. If you cannot use existing infrastructure but you are still going to roll out the network, you need to dig up the roads. I assume you have all received lots of letters about roadworks and the problems that they cause. You either dig up the roads or put up new telegraph poles, which is more expensive and is another element of visual impairment and disruption. For that reason it is much more economical—and from a visual aspect, less intrusive—to reuse existing infrastructure.

Julia Lopez

- Hansard -

Copy Link

-

Q Do your members have any views on the cyber-security aspects of the legislation?

Till Sommer: We do. Basically, a key bit that our members provide to your constituents—their customers—is a router, plus other equipment, that is classed as an internet-connected device under part 1 of the Bill. We are in regular contact with your civil servants on that, to clarify timelines and how the Bill might bite. We do not have any concerns about the idea. We support the idea of the Bill; it is more about the implementation, and ensuring that the supply chain is aware of the new provisions that are coming in.

I have heard from a lot of our members that they have started to talk to their supply chain to say, “By the way, in a year, or in one and a half years, depending on when the Bill will be done, we need to ensure that your products comply with these rules.” Because a lot of the manufacturers are overseas, they are not yet aware of them. Anything that can be done to raise awareness among consumer product providers would be welcome. There are a couple of other bits that go very much into the detail around associated software, when it comes to parental controls, which could be affected. I am happy to write to you on that if you want, but we will talk with the Department about it anyway. It is very much nitty-gritty stuff.

Julia Lopez

- Hansard -

Copy Link

-

Q Thank you both for attending. As a Minister, I am concerned about the general lack of awareness of the risks and vulnerabilities when it comes to internet of things devices. To what extent do you believe that the legislation will help to stimulate a consumer discussion about how we best protect ourselves against some of the threats that are emerging as the technology develops? It would be helpful, Ms Eagleton, if you could set out your own interests in terms of Refuge and the vulnerabilities that have been highlighted in your work when it comes to the impact that an insecure connected device can have on an individual.

Jessica Eagleton: Of course. The first thing to say is that we are seeing technology-facilitated domestic abuse becoming ever more prevailing. Technology in all its varieties is providing domestic abusers with a host of new means and methods to perpetrate abuse—to monitor survivors, track their whereabouts, harass them and stalk them—so much so that, as I said, we set up a tech abuse specialist team a couple of years ago. Of the women and children who we supported last year, 59% said that they experienced abuse involving technology, so we are seeing a growing threat.

The specific devices that we are talking about, which are covered by part 1 of the Bill, offer a whole host of ways for abusers to abuse. I am thinking about home security cameras and home security devices such as doorbells, which provide almost 24/7 oversight of a survivor’s movements in the home. Camera and microphone functions can be used to listen in on survivors and capture intimate images without consent, which can then be used later to threaten and coerce the survivor. There are also things such as smart plugs and smart thermostats, which can be remotely accessed and used to frighten survivors—for example, by turning alarm systems on, or putting blaring music on, in the middle of the night. That is happening in the relationship and after it as well, so we are seeing remote access being used in that way.

Some of our concerns about devices relate to access. Thinking about the power imbalance in a domestic abuse relationship, it is the perpetrator who often sets up such devices. They have the password and full admin access, which means that the survivor therefore has limited ways to access a device. We have had some difficulty when talking to companies to try to support survivors to take back control of devices, particularly once a relationship has ended and a survivor has fled. Where they have devices in their home to which the perpetrator still has full admin access, it is particularly difficult to get companies to override that. That is something that we would welcome further work on, in terms of companies taking steps to support survivors to make changes to settings.

Julia Lopez

- Hansard -

Copy Link

-

Do you have anything to add?

Rocio Concha: Your question was on whether the Bill will help consumers to understand these issues, and it will. As you know, one of the principles in the Bill is transparency—when you buy these products, you will know for how long they will be supported. That will help with awareness. There is a lot more that can be done to raise awareness of these issues. There is a limit on what consumers will know about how to protect themselves, so the direction in the Bill about banning default passwords is quite important, as is the point of contact for security vulnerabilities.

Jessica has explained very clearly the harms. There is an opportunity for the Bill to be more assertive. At the moment, the Bill says that the Secretary of State “may” include baseline security requirements. We know that these are not the right baseline security requirements, so the Bill should be clearer that they will be included. We also think that the Bill needs to list the three security requirements, which would give a clear steer to the industry that they are to be introduced. We are worried that the Bill as drafted could lead to more delays in introducing things.

If we want the Bill to achieve its objective, we must be careful to ensure that online marketplaces are within scope. I would argue that they have to be because, as a consumer, it makes no difference whether you buy your smart product on the high street or from Amazon, eBay or AliExpress; you assume that the product is compliant with the regulations in the UK, so it is important that the Bill also covers that area. Otherwise, you know where the bad actors will go—they will be selling insecure products on those online platforms.

Julia Lopez

- Hansard -

Copy Link

-

Q Do you have any view on the enforcement powers in the legislation? Do you think that they are sufficient to deal with non-compliance?

Rocio Concha: On enforceability, if you do not include online marketplaces, you are leaving a big gap, because these products can come from any country in the world when they are being sold in these online marketplaces.

Another area that is not clear in the Bill is how consumers can get redress. As part of the transparency requirement, suppose that you buy a product that says that it will be supported with security updates for four years, but two years down the line, the manufacturer decides to change its mind and to support the product for only two years. Where would the consumer go in that instance? They bought the product on the basis that it would be supported for a set amount of years.

The other thing that is not clear is who the regulator enforcing this will be. Obviously, we need to make sure that the regulator has the skills, powers and resources to enforce it.

The Minister for Media, Data and Digital Infrastructure (Julia Lopez)

- Hansard -

Copy Link

-

It is a pleasure to serve under your chairmanship, Mr Stringer. I apologise for giving you a dilemma about the advice on jelly babies. I will start with a few words about the importance of the Bill. As we heard from our panels of witnesses this week, and as we know from our increasing dependence on technology, improving protection for consumers and networks from a range of harms associated with cyber-attacks is incredibly important. In the first half of last year, there were 1.5 billion attempted compromises of internet of things devices—double the 2020 figure for the same period. Voluntary standards, such as the 2018 code of practice for consumer IOT security, are not being adopted quickly or consistently enough. That is why we need legislation to progress security in the design of consumer connectable products.

Before turning to amendment 6, I thank the hon. Member for Ogmore for the constructive and helpful way that he has approached the legislation and for the Opposition’s broad support of it. As this is the first Bill that I am taking through the House in its entirety, I am particularly grateful for that constructive approach. It may reassure him that the Government are committed to introducing security requirements based on the first three guidelines through regulations at the earliest appropriate opportunity. We have consulted on those security requirements and have communicated them extensively.

We have not been vague on the matter. In April 2021, we published our response to the call for views on consumer connectable product security legislation. We stated in detail how the three security requirements would work. When the Bill was announced by Her Majesty at the start of the Session, we repeated that commitment. Indeed, as hon. Members will see in the Bill’s explanatory notes, we have again committed to those three requirements. We made that clear from the start for an important reason: we need industry to act and prepare for implementation. We do not want surprises for manufacturers, importers or distributors. They know what they have to do.

Amendment 6 is unnecessary, but might also be dangerous. We are keen to ensure that the legislation retains flexibility, so that it can adapt to and reflect the changing threat landscape, and the security requirements needed to address it. What might seem like a no-brainer security requirement today might become a security threat or barrier to security innovation in years to come.

Amendment 6 reaches back to 2018, when our code of practice was first published. Security requirements have developed since then. When the Bill is implemented, we do not think it should be constrained by what was appropriate five years ago. The requirements we will introduce are based on the first three guidelines in the code of practice, but they also contain necessary improvements. They are up to date, more detailed and have been translated into practical requirements that businesses can implement to get the right security outcomes without unnecessary burden. Stakeholder engagement and impact assessment work conducted since 2018 ensures that the guidelines are nuanced, and are in a robust and enforceable statutory framework that delivers optimal security outcomes.

Finally, hon. Members may not be aware that because this new legislation will impact on manufacturers globally, we have given notice of the Bill to the World Trade Organisation. We invited comments on our proposals two years ago, and when the Bill was introduced to Parliament, we gave notice again. We have worked to ensure that all manufacturers understand our intentions. Amendment 6, if accepted, would cause confusion by taking us back to 2018, and away from the more developed position we have reached on the three principles. That would cause market confusion, require new notification to the WTO, and potentially delay this vital regime from coming into force. With those reassurances, I hope the hon. Member will feel able to withdraw his amendment.

Clause 1 is needed to provide the Government with the necessary powers to specify and mandate security requirements, through secondary legislation, that businesses must comply with. There is a common notion that Governments are behind the curve when it comes to regulating technology. not in this case. By establishing a flexible and futureproof regulatory framework in this way, the Government can be agile and proactive in amending and introducing security requirements through regulations, in lockstep with tech innovation. Parliament will be able to scrutinise any future security requirements designated through the secondary legislation process and, as new threats emerge and international standards develop, we can act and set new security requirements, keeping consumer connectable product security up to date and fit for the future.

The purpose of clause 2 is to provide further detail about how the Secretary of State’s power to specify security requirements can be used. Clause 3 is essential because it provides the Secretary of State with powers to specify circumstances in which a person is deemed to have complied with the security requirements. The clause, when exercised, would provide more than one route to compliance and would provide the necessary flexibility to accommodate and recognise international standards and mutual recognition agreements where appropriate.

I turn to new clause 3. In practice, it would commit the Government to reporting on a fixed basis on the security risks posed by products affected by the Bill. Those reports would be laid before Parliament. Cyber-security is definitely not an area where the Government hold back on publishing information. If we are to raise the cyber-resilience of the nation, we need to ensure that everyone is clear about the threat. In December, we published our national cyber strategy. The Government will continue to publish regular reports on our progress on that strategy, as we did with regard to the previous strategy. The Government also publish an annual report that surveys cyber-breaches across the economy. This report, together with others, forms a key part of the evidence base used to inform organisations about action to take to raise security standards. Indeed, the breaches survey meets the quality threshold to be managed as a set of official statistics.

Our National Cyber Security Centre is also a model of transparency. It is there to advise businesses, and guide them towards better managing cyber-threats. It publishes an annual report, and for those who want to focus on consumer connectable products, it provides specific advice on those, too. Parliament is already regularly kept informed of cyber-security matters; our regular publications are placed in the Library. Our national strategy, implemented with £2.6 billion of investment, is overseen by the Public Accounts Committee. The Intelligence and Security Committee and the Joint Committee on the National Security Strategy provide further oversight. Also, there are mechanisms for holding the Government to account in the manner intended by the provision, such as regular parliamentary debates and questions.

Cyber-security is a fast-moving and sensitive topic. A fixed-period reporting clause that imposes an obligation to report on security risks may duplicate existing activity. Such a system would also lack the agility necessary to enable us to report quickly when threats are identified. It may reassure the hon. Gentleman to know that the Secretary of State will be required to review the effectiveness of the Bill’s enforcement regime; they, or the designated enforcing authority, will be required to report on that to the relevant departmental Select Committee after Royal Assent. The enforcement authority will also report its activity and findings, where appropriate. The measures already in place will likely meet the intention behind new clause 3. For the reasons that I have set out, I do not accept the need for the new clause.

I turn to the points that the hon. Gentleman raised about Dr Carr’s concerns about Alexa, which I also found eye-catching. A lot of secondary legislation comes with this Bill, and that will hopefully reassure Dr Carr. I also note the comment made by a lot of our witnesses: we can never have 100% security with those devices. I therefore commend clauses 1 to 3 to the Committee.

Julia Lopez

- Hansard -

Copy Link

-

I thank the hon. Member for Cardiff West for his contribution and his kind comments. I will have to get back to him on the precise figures that he identified in the impact assessment. However, in relation to the breadth of the impact assessment, he will know from this legislation that we are taking a broad range of powers. As we debated earlier, that is very deliberate because this is a fast-moving area. Technology is developing faster than Parliament can regulate it, which is a major challenge for Governments around the world. The Bill will help us to be nimble and agile in how regulate that technology.

A lot of the issues that the hon. Gentleman has concerns about will be something for secondary legislation, which we will be developing hand in glove with businesses so that we understand what is changing in the technological world and what impact that will have on matters such as the disposal of devices. I share his concerns about the environmental impacts if we get the regulations on that wrong—none of us wants to see a lot of technology become redundant.

We are trying to help consumers have more information so that if someone buys a device, they do not necessarily have to dispose of it simply because the period for which the manufacturer says it is covered has expired. It will be up to the consumer to decide whether to keep that device if they think it is less secure than it otherwise might be. It has been controversial to take these broad powers. We understand the concerns that any Parliament would have about the level of scrutiny it will have. However, the Government think that this is right because, as I say, we have to maintain that agility.

The hon. Member for Cardiff West referenced the points raised by Dr Carr. As I said earlier, I share those concerns. What we are trying to do is raise the level of security overall; we want to help consumers and manufacturers to understand this as an issue. This was initially a voluntary code, which did not do enough to make manufacturers take the cyber obligations seriously. There was an interesting discussion on the panels earlier this week when one contributor—I cannot remember who it was exactly—said that the legislation will give boards the spark or impetus to discuss and get funding for these kinds of cyber-security requirements for their products. If it is voluntary, it is very hard for anybody to make the case within their company that they need to take cyber-security seriously.

We hope that the secondary legislation will allay some of Dr Carr’s concerns. We will never have 100% security, but we hope that these provisions will raise the bar overall and help to raise consumer and manufacturer awareness of cyber as a whole. I hope that those comments will reassure the hon. Gentleman. I also assure him that we will look at how to get the balance right in the secondary legislation, and we will be in close contact with businesses as we do so.

Julia Lopez

- Hansard -

Copy Link

-

I am happy to write to the hon. Gentleman and offer those assurances. A new body will also be set up, which will probably have its own reporting requirements in relation to this legislation. These things will be developing, but I am happy to offer him the assurances he requested.

Julia Lopez

- Hansard -

Copy Link

-

Clauses 4 to 6 define the products to which the new regulatory regime will apply. Clause 4 introduces the terms “internet-connectable product”, “network-connectable product” and “excepted product”. Clause 5 defines the terms “internet-connectable” and “network-connectable”. It is a pivotal clause in capturing the necessary products that make up a huge part of the internet of things threat landscape. Any network is only as secure as its weakest link, and that could be a single consumer connectable product.

Focusing on a product’s capabilities—instead of attempting to exhaustively list all consumer connectable products—is part of our agile, future-proof approach. We are ensuring that the Bill will remain relevant and effective by capturing new consumer technologies that come to market, based on their capabilities and the risks they present.

Many products captured by the Bill are capable of connecting to the internet, exposing them to remote access and attack. Those are “internet-connectable products”, such as routers, smartphones and certain smart appliances. Some products captured by the Bill are not able to connect to the internet directly, but can connect to other products. In doing so, they can form, and contribute to the formation of, networks, meaning that vulnerabilities in those products can open the door to cyber-attack. Those are “network-connectable products”, such as certain smart lightbulbs, smart home products, and headphones.

Clause 6 defines the term “excepted product”. It allows the Secretary of State to except products from the scope of the Bill via regulations. The Government intend to except products from the scope of the Bill where inclusion would subject them to double regulation or be disproportionate to their risk profile. The Government have consulted on that approach. Products such as electric vehicles, medical devices and smart meters will be excepted from scope because they are already, or soon will be, covered by alternative regulation. I therefore commend clauses 4 through 6 to the Committee.

Question put and agreed to. 

Clause 4 accordingly ordered to stand part of the Bill. 

Clauses 5 and 6 ordered to stand part of the Bill. 

Clause 7

Relevant persons

Julia Lopez

- Hansard -

Copy Link

-

I thank the hon. Members for Ogmore and for Cardiff West, and I am happy to address their concerns. The Bill covers obligations on manufacturers, importers and distributors, but I will provide a bit more detail.

Clause 7 specifies which relevant persons will be responsible for ensuring that the security requirements are properly complied with. In that regard, a “relevant person” is defined as a manufacturer, importer or distributor of a relevant connectable product. As a result, amendment 7 is wrong to suggest that online marketplaces are exempt from this new legislation. Online marketplaces do not just offer products on behalf of third parties, but are often acting as the retailer, so in those cases the full security requirements apply. I accept that there may be instances in which the online marketplace is not the distributor. None the less, it is necessary for the third party operating in the marketplace to comply with the security requirements, and it is not just that one party who carries liability under the Bill: the manufacturer and importer also have responsibility. We think we have taken a belt-and-braces approach in that regard.

We have also worked closely with industry to make sure the regulation is proportionate and fits the wider regulatory environment for product safety. Manufacturers care a great deal about these regulatory requirements. On Tuesday, we heard from a representative of Google, who described how it works to comply with requirements in many different jurisdictions. Over the past three years, hundreds of manufacturers have engaged with my Department through the many public consultations and industry discussions we have had. The hon. Member for Ogmore gives the impression that amendment 7 would provide consumers with a vital line of defence, but that is not the case: there are already multiple lines of defence in this Bill.

It is also worth noting that consumers can never be 100% protected by regulation—a point that we have already discussed this morning. We need to have a broader approach to raising national cyber-resilience, which is why in December we published our national cyber strategy. The Cyber Aware campaign is ongoing—hon. Members may have seen the advertisements last weekend, or the ones on the radio and online this week. We also have a range of school programmes designed to reach parents and teachers in order to raise cyber-security awareness, and the Home Office, the police and the NCSC run regular campaigns at a local level in every region of the country. In relation to the comments made about Ukraine, the point is even more important because of the context in which we are operating.

Julia Lopez

- Hansard -

Copy Link

-

As I say, we are putting requirements on not just manufacturers, but the importer. The importer would be under an obligation to check whether the product fulfilled some of the requirements we would have for it, as would the distributor. I would hope that, along the chain, that product would have been checked several times to make sure it complies.

We have done a lot of work on general cyber-resilience. I will take this opportunity to add that it is also important that we as Members of Parliament try to make our constituents aware of the increasing challenges we face with cyber-resilience, and that we all need to have our own cyber-hygiene in that regard.

The amendment is well intentioned—we understand where the hon. Member for Ogmore is coming from—but it is drafted in a way that would have a much broader reach than just online marketplaces. It would impose security requirements on businesses that cannot comply with them, such as advertising platforms and website hosting services. Distributors use many online facilities offering a vast array of cloud services to support e-commerce to make their products available. As drafted, the amendment would extend duties beyond what is intended.

The Government have carefully considered the amendment. It is clear that our intention is to secure consumer connectable products in the most effective and proportionate manner, without hindering business growth and the online retail facilities enjoyed by consumers. For the reasons I have set out, I am not able to accept the amendment. I hope the hon. Gentleman will consider withdrawing it.

I turn now to chapter 2 of the Bill and clauses 8 to 25. These clauses place duties on businesses in the supply chain of a consumer connectable product to comply with security requirements. Compliance is fundamental to the operation of the regulatory regime. Under these clauses, manufacturers, distributors and importers must prepare, or ensure the presence of, a document to accompany the product that states that, in the opinion of the manufacturer, it has complied with the security requirements, before that product is made available in the UK. I note the point that was made about baby monitors. I hope that, in that process, there would be clear information and a record provided with the product that stated compliance.

The clauses in chapter 2 also require that businesses take all reasonable steps to investigate a compliance failure or potential compliance failure. That is vital to hold businesses accountable for complying with their security requirements and to mandate investigation of potential compliance failures. If compliance failure has occurred, businesses in the supply chain must take all reasonable steps to prevent the product from reaching UK customers and remedy the compliance failure. The measure is needed to ensure that insecure products do not remain on the market and that those that have not yet reached UK customers are prevented from doing so.

Finally, the clauses in chapter 2 require manufacturers and importers to retain records of compliance failures and investigations for at least 10 years. The Secretary of State is able to request this information to investigate and to enforce the legislation. These duties encourage ongoing compliance and accountability. The records will allow a clear audit of the importer’s and manufacturer’s activities, so that we can have effective enforcement.

Julia Lopez

- Hansard -

Copy Link

-

Clause 26 gives the Secretary of State responsibility for enforcing the product security provisions in the Bill, and clauses 27 to 52 create the regime. This allows the Secretary of State to authorise another person, and pay them, to carry out enforcement functions. The provisions provide powers to issue enforcement notices—including compliance notices, stop notices and recall notices—as well as powers to forfeit products and issue monetary penalties.

Additional enforcement powers include the power to seize and detain products, publish information about compliance failures and the details of the enforcement action taken, recall products, and disclose information as necessary to conduct enforcement activity. The Bill includes two offences—the offence of failure to comply with an enforcement notice and the offence of purporting to act as authorised to exercise enforcement function—as well as adopting within the PSTI regulatory regime the offences found in schedule 5 to the Consumer Rights Act 2015. I commend the clauses to the Committee.

Question put and agreed to.

Clause 26 accordingly ordered to stand part of the Bill.

Clauses 27 to 52 ordered to stand part of the Bill.

Clause 53

Guidance

Question proposed, That the clause stand part of the Bill.

Julia Lopez

- Hansard -

Copy Link

-

Clauses 53 to 56 cover guidance and interpretation of the Bill. They allow for guidance to be issued to support relevant operators to meet their obligations. They also set out the technical terms and interpretations of the commonly used terms throughout the Bill. I commend the clauses to the Committee.

Question put and agreed to.

Clause 53 accordingly ordered to stand part of the Bill.

Clauses 54 to 56 ordered to stand part of the Bill.

Clause 57

Meaning of “occupier” in relation to land occupied by an operator

Question proposed, That the clause stand part of the Bill.

Julia Lopez

- Hansard -

Copy Link

-

It is crucial that, where telecoms operators have apparatus installed on land, they can request new or additional code rights, allowing them to maintain, expand and improve their existing networks, improving service and connectivity, to the direct benefit of consumers. I hope we all wish to see that. At present, this is not always possible. There are some specific scenarios in which operators with apparatus already installed on land, such that they occupy the land, are unable to obtain new code rights or follow an existing statutory process to have an agreement that has run its course replaced by a new agreement, which I will refer to today as a renewal agreement.

For example, in some cases the parties might have an existing agreement that, for whatever reason, proceeds on a more informal basis and is not set out in writing, or otherwise does not meet the necessary criteria for it to be renewed under an existing statutory process. The operator is therefore still authorised under the existing agreement to keep their apparatus on the land, but under the current legislative framework cannot pursue a renewal agreement through an existing statutory process.

Julia Lopez

- Hansard -

Copy Link

-

As I said, this is a very complex and technical area. I do not want to provide the hon. Member with an incorrect answer, because this is one of the issues on which we are still in discussions with industry to ensure that we get it right. I believe that is the intention, but I will have to get back to him.

Julia Lopez

- Hansard -

Copy Link

-

This is tricky, because I wish I could provide greater clarity, but I cannot, which is obviously an unsatisfactory position to be in. In this case, I think the court would be approached to make a decision if the landowner was not in a position to grant those rights and they could not get a position out of the landowner. The intention, I think, would be for it to be decided at a legal level. I apologise that I cannot provide clarity.

Without the clause, there is a gap in the legislation that prevents operators who need code rights from being able to obtain them. This has potentially adverse consequences for consumers and businesses, with the risk of service disruptions and unnecessary delays in the delivery of improved capacity and enhanced services. As we all increasingly rely on digital services, it is important to address this situation. This is an area of active discussion, because we want to make sure we get it right. I believe it would be the case that, if the landowner were not in a position to offer the rights, the operator would go to the court to seek redress.

Julia Lopez

- Hansard -

Copy Link

-

I acknowledge that this is legally a very complex area. It is something that we have not entirely settled on, and it is under active consideration. We will come back to the Committee if we believe we have not got the policy intention correct. I am sorry that I was unable to address the hon. Member’s point in greater detail, but I am reluctant to provide information that might not be correct.

Question put and agreed to.

Clause 57 accordingly ordered to stand part of the Bill.

Clause 58

Rights under the electronic communications code to share apparatus

Julia Lopez

- Hansard -

Copy Link

-

I beg to move amendment 1, in clause 58, page 41, line 25, at end insert—

‘(4A) In paragraph 13 (access to land)—

(a) in sub-paragraph (1)(a), for “paragraph 3” substitute “paragraph 3(1)”;

(b) in sub-paragraph (2), for “paragraph 3” substitute “paragraph 3(1)”.

(4B) In paragraph 38 (right of landowner or occupier of neighbouring land to require removal of electronic communications apparatus), in sub-paragraph (3), for “paragraph 3(h)” substitute “paragraph 3(1)(h)”.’

This amendment is consequential on the amendment made by clause 58(2)(a) to paragraph 3 of the electronic communications code.

Julia Lopez

- Hansard -

Copy Link

-

Clause 58 deals with the sharing of telecommunications apparatus between operators within the electronic communications code. It inserts a right to share apparatus into paragraph 3 of the code, which sets out a list of rights that are statutory “code rights.” The code rights in paragraph 3 must be conferred on an operator by an occupier or imposed by a tribunal. The 2017 code reforms introduced paragraph 17 automatic rights, allowing operators to upgrade or share their apparatus without the need for an agreement. Those automatic rights are separate from the paragraph 3 code rights and are subject to strict limitations.

Since their introduction, there has been confusion about the interaction between the paragraph 17 automatic rights and the paragraph 3 code rights. In particular, while “upgrading” is a paragraph 3 code right, sharing is not. Clause 58 addresses this by making apparatus sharing a paragraph 3 code right that an operator—the “first operator”—can request to be included in an agreement to which the code applies. Clause 58 also amends the statutory purposes in paragraph 4 of the code to include sharing activities.

Apparatus sharing is a cost-effective way for operators to extend their networks without having to build extensive infrastructure themselves, helping to deliver greater coverage, capacity and consumer choice, while reducing impacts on the environment and disruption caused by installation works. As with the other code rights, if agreement on rights to share cannot be reached consensually, an operator may ask a tribunal to impose the requested rights. In those circumstances, the tribunal will apply the public benefit test and the statutory valuation regime, as it already does for other code rights.

If the right to share is a statutory code right, the factors that a tribunal will consider in deciding whether such a right should be imposed—and if so, on what terms—will be the same as those for all other code rights. Including a right to share apparatus in the paragraph 3 code rights will therefore provide greater certainty for all parties and support smoother negotiations.

Code rights can only be obtained in relation to land. Consequently, the new right to share apparatus can be requested only by the first operator that is keeping apparatus installed on, under or over land. A second operator that wishes to share the use of that apparatus will not be able to request from an occupier a paragraph 3 right permitting them to do so. Instead, once the occupier has conferred such a sharing right on the first operator, the second operator will need to negotiate the sharing of the apparatus with the first operator.

The first operator’s right to share their apparatus will, like other code rights, be exercisable only in accordance with the wider terms of the agreement. It will therefore be important for the first operator to consider carefully any terms that it may need included in its agreement with an occupier, such as additional access rights, to enable any subsequent sharing of the apparatus with other operators. To that end, clause 58 inserts corresponding code rights for the first operator to enter and carry out works on the land for the purpose of such apparatus sharing.

Finally, it should be emphasised that the new right to share introduced by clause 58 is entirely separate from the automatic rights to share that are currently available under paragraph 17 of the code, and to the rights introduced by clauses 59 and 60. Those are automatic rights—subject to specific conditions—that do not need to be agreed with a landowner or imposed by the courts. The rights in clause 58 cover situations where the operator wants rights to share over and above those automatic rights.

Government amendment 1 is a consequential amendment that reflects the restructuring of paragraph 3 provided for by clause 58(2)(a) of the Bill. It replaces cross-references to paragraph 3 of the code with cross-references to sub-paragraph 3(1).

Clause 58 introduces rights to share apparatus to the menu of code rights that is currently set out in paragraph 3 of the code. In doing so, new sub-paragraph 3(2) will be inserted into the code, setting out who can obtain a right to share apparatus. The current paragraph 3 will therefore become sub-paragraph 3(1) of the code. As there are references to paragraph 3 in other parts of the code, consequential amendments are necessary so that anyone reading the code is referred instead to the new sub-paragraph 3(1).

Amendment 1 agreed to.

Clause 58, as amended, ordered to stand part of the Bill.

Clause 59

Upgrading and sharing of apparatus: subsisting agreements

Julia Lopez

- Hansard -

Copy Link

-

I thank the hon. Member for tabling these amendments. I represent an urban constituency and, as the Minister for digital connectivity, I am very alive to any concerns about the digital divide. I have tested the legislation to make sure that we are not exacerbating that. The amendments relate to circumstances in which an operator can upgrade or share the use of their apparatus without specific permission from a landowner or a court order. Crucially, the amendments relate to rights that the Bill grants retrospectively to agreements that are already in place. The amendment seeks to expand those rights in circumstances where apparatus is situated on, under or over land owned by private landlords.

Retrospective legislation must take particular care to strike a balance between impacts on individual rights and any public benefit that the legislation aims to deliver. The Government believe at this time that expanding retrospective upgrading and sharing rights in the way these amendments suggest would not be justified. Upgrading and sharing electronic communications apparatus offers a wide range of substantial benefits. Those are benefits that the Government specifically recognised in their 2017 reforms, when limited automatic rights were introduced for operators to upgrade and share their apparatus. The exercise of the new upgrading and sharing rights was made subject to certain conditions. Those conditions were intended to strike the right balance between the rights of individual landowners hosting apparatus and the public benefits delivered by operators upgrading and sharing their apparatus.

The changes made in the 2017 reforms therefore permit upgrading and sharing to take place without a landowner’s specific consent only where any impacts on that individual will be limited. However, it was recognised that any use of those rights could have some impact, albeit very limited, on individual landowners.

Julia Lopez

- Hansard -

Copy Link

-

I thank my hon. Friend for her intervention. I know that she has considerable expertise in this field. It is a difficult balance to strike, ensuring that we are protecting landowner rights while making sure we are giving telecoms operators the powers they need to make sure all of our constituents have the digital connectivity that they demand—and will increasingly need—going forward.

For the reasons I have set out and will be setting out in further detail, I do not think the amendments will have the desired effect. It was interesting to hear the oral evidence this week, because there was no consensus among the telecoms operators about what powers are required. We have to ensure that we do not give commercial advantage to one player or the other, as that would also trample over some landowner rights.

The changes made in the 2017 reforms permit upgrading and sharing to take place without a landowner’s specific consent only where any impacts on that individual will be limited. However, it was recognised that any use of those rights could have some impact—albeit a very limited one—on individual landowners. The new rights were not applied retrospectively and had no effect on landowners who had entered into agreements before the legislation was passed. The key difference is that agreements made after that date would be completed in the knowledge that the upgrading and sharing rights would apply. Since the 2017 reforms, however, the public need for robust and up-to-date digital services has continued to grow, and was thrown into sharp relief by the recent pandemic, when many of us were reliant on access to those services at unprecedented levels.

Upgrading and sharing apparatus has a more important role to play than ever before. In the light of this and other market developments, we have revisited the position on upgrading and sharing where the rights introduced by the 2017 reforms do not apply. Introducing specific upgrading and sharing rights for such equipment can play an important role in improving coverage and capacity, and amendment 9 appears to agree with that conclusion. However, we need to ensure that the rights of individual landowners are adequately protected. As I said, agreements after the 2017 reforms will have been concluded in the knowledge that they will give rise to automatic rights for apparatus to be upgraded or shared. That is not true of apparatus that is not covered by an agreement concluded after the 2017 reforms. As such, it is only right that any automatic rights to upgrade and share those types of apparatus should be subject to different conditions.

The amendments suggest introducing specific conditions for retrospective upgrading and sharing rights where private landlords are concerned, and those conditions partly reflect those contained in the rights established by the 2017 reforms and those set out in the Bill. However, the conditions in the new rights that we are proposing have been carefully developed to work as a whole; they are intentionally more restrictive and give rise to more limited rights than those available for agreements reached before the 2017 reforms. Taken together, the conditions mean that the operator will have automatic rights only to carry out upgrading and sharing activity that will have no adverse impact on the land or that will put no burden on a relevant individual, but this will still allow activities, such as crucial upgrading work, to be undertaken in relation to historical copper cables installed underneath land.

Julia Lopez

- Hansard -

Copy Link

-

We are looking at rights that will provide easier access to underground and over, but not on. These are very techy points. If my hon. Friend feels that that does not answer her question precisely enough, I would be happy to ask officials to get in touch with her.

The measures in the Bill as drafted ensure that apparatus installed under agreements concluded prior to 2017 can be upgraded and shared quickly and cost-effectively. At the same time, the specific conditions that we are introducing will ensure that the right balance is maintained between the interests of private individuals and the wider public benefit, which is a difficult balance to strike. We are concerned that the amendments would not maintain that balance. I hope that gives the hon. Member for Ogmore assurance that the provisions in the Bill regarding retrospective rights to upgrade and share represent a balanced approach, and I ask him to withdraw his amendment.

Clauses 59 and 60 are vital clauses that support and encourage greater upgrading and sharing of existing apparatus. The 2017 code reforms provided operators with limited automatic rights to upgrade and share their apparatus, subject to certain conditions. However, the 2017 changes did not introduce paragraph 17 upgrading and sharing rights for subsisting agreements, which are agreements completed before the 2017 reforms came into force. This means that a significant proportion of the UK’s existing networks cannot be upgraded or shared without specific permission, despite the fact that apparatus can be upgraded and shared in many situations with no adverse impacts on any individual or private land.

Clause 59 therefore inserts new paragraph 5A into schedule 2 to the Digital Economy Act 2017 in order to introduce rights for operators to upgrade and share apparatus installed under a subsisting agreement. These rights differ from those contained in paragraph 17. They are available in more limited circumstances and will be subject to stricter conditions and specific notice requirements. Taken together, the measures in the clause will ensure that apparatus installed under a subsisting agreement can be upgraded and shared quickly and cost-efficiently, and do so in a way that takes into account both the interests of individuals and the wider public benefit.

Clause 60 deals with the same issue of upgrading and sharing apparatus, but in this case in relation to apparatus installed before 29 December 2003 where there is neither a subsisting agreement nor an agreement concluded after the 2017 reforms. It is right that upgrading and sharing rights should be available for all apparatus installed before the 2017 reforms came into effect. Clause 60 therefore inserts proposed new paragraph 17A into the code, conferring rights to upgrade and share apparatus installed under land before 29 December 2003, where the operator who owns that apparatus is not a party to an agreement under part 2 of the code.

Julia Lopez

- Hansard -

Copy Link

-

I reassure the hon. Gentleman that we do not disagree with the ambition. We all want children in such blocks of flats and other difficult-to-reach premises to have excellent digital infrastructure. As the Member for an urban constituency, I certainly want that. We have been testing this extensively, from legal team to legal team of operators. Some operators tell us that the additional rights are not necessary to be able to access buildings in the way that they hope; others say that they are. As I say, we have been testing this. Some of the suggestions would give greater legal access to property than law enforcement has. We have to get the right balance and we have to test whether this proposal will ultimately speed up the roll-out.

Julia Lopez

- Hansard -

Copy Link

-

It is a difficult balance to get right, between having a roll-out and ensuring that somebody’s property rights are respected. If we are considering giving greater powers to an operator than to law enforcement, we have to ask whether that is necessary. Operators have told us that that is not necessary to get access and to increase roll-out. On balance, therefore, we are not minded to support the amendment.

The Minister for Media, Data and Digital Infrastructure (Julia Lopez)

- Hansard -

Copy Link

-

I thank the hon. Members for Ogmore and for Cardiff West for their contributions and for the amendment. I acknowledge that this is a tricky issue. There have been problems between both parties since the 2017 reforms, but we maintain that the 2017 valuation provisions created the right balance between the public need for digital communications and landowner rights. I think there is agreement that the prices being paid for rights to install communications apparatus before that date were simply too high. With digital communications becoming an increasingly critical part of our daily lives, that needed to be addressed.

The new pricing regime is more closely aligned to those for utilities such as water, electricity and gas. We think that that is the correct position. As I said earlier today, we are not seeking to take sides. We are on the side of good digital connectivity for our constituents, and we firmly believe that landowners should still receive fair payments that, among other things, take into account any alternative uses that the land may have and any losses or damages that may be incurred. I was alive to the concerns expressed to me by the Protect and Connect campaign, but also to those raised by individual Members about tricky constituency cases. When I came into my role in September, I met individual Members to discuss those cases. I also met Protect and Connect.

I tested the cases that were brought to my attention and asked for further details, which often were not forthcoming. There was a catch-all excuse that a lot of them were under non-disclosure agreements and the precise amount of rents settled at could not be disclosed. My broad view is that there were initial concerns and difficult cases where the mobile network operators were too aggressive in their negotiations—I think that was effectively acknowledged in the panel discussions earlier in the week—but we seem to have found an equilibrium now, helped partly by some of the cases that have gone through the courts.

We now have a body of case law that can be referred to in some of these tricky negotiations. We are also trying to deter people from going to the courts in the first place, by introducing more alternative dispute resolution mechanisms. I say that to reassure Members. There were problems initially. As far as I can tell from my case load, the correspondence coming in, the discussions that I have had with Members and the lack of additional noise on the subject in the Chamber, a better equilibrium has now been found between the mobile network operators and the landowners. If that is not the case, I am happy to look at those cases again, and we are introducing mechanisms to provide better negotiations between parties via the legislation.

Turning to the amendment, I am not sure why the hon. Member for Ogmore thinks that a specific limit should be imposed on the percentage by which rent can be reduced when the rental payment is determined by a court. Further, it is unclear why he has chosen arbitrarily to apply a figure of 40%. We have strongly resisted specifically regulating the amount of rent payable under a code agreement. Our preference has been to allow the parties to freely negotiate the amount payable under an agreement, based on a statutory framework either in the code, the Landlord and Tenant Act 1954 or the Business Tenancies (Northern Ireland) Order 1996. Even where the parties cannot reach an agreement and the court has to impose its terms, including the rent to be paid, the court has the freedom to reach its own conclusions using that framework, rather than having its discretion restricted by statutory rent controls. As I said, my understanding is that we now have a much better equilibrium, in that we have amounts of rent that both parties are much more content with.

I understand the concerns about whether this has stymied roll-out. If operators cannot get their infrastructure on to land, I imagine that they would start paying more to try to incentivise landowners to take it on. I think we have also seen cases where it has been in the landowner’s interests to try to drag the process out so that they are on the old rents, rather than the reduced, new rents. I think that has also contributed to some of the delays.

If the amount of rent is controlled in the way suggested in this amendment, we will be heading closer to a regime that will apply reductions on a blanket basis, rather than take into account the broader range of relevant circumstances, as permitted by the legal framework. I suspect that that is something that both site providers and operators would be keen to avoid.

I am aware that it has been alleged that the Government expected rents to fall by in the region of 40% following the 2017 reforms. It is unclear whether it is on that basis that the hon. Member for Ogmore chose the statutory cap of 40% in his amendment. At the time of the 2017 reforms, which I confess predate me, the fact is that the Government were unsure what the level of rent reductions would be. We were clear that that was the case. Independent analysis contained in the impact assessment that accompanied those reforms predicted that reductions could be 40%, but that was never a Government prediction nor a target.

Julia Lopez

- Hansard -

Copy Link

-

That certainly is a fair point to make, and I apologise for not picking that up in the hon. Member’s comments.

A cap is likely to be even more detrimental to constituents in rural communities, who will benefit from the increased connectivity and reliability that we hope the Bill will bring.

As I have explained, agreements to which the code applies can currently be renewed in various ways, depending on the type of agreement and where in the UK it was entered into. The intention of clause 61, along with clause 62, is to create a clearer and more consistent legislative framework under which agreements are renewed. Central to that is ensuring that, no matter where in the UK an agreement is renewed, the financial terms are calculated in the same way. That will help to ensure that there is not a digital divide across the UK, with one country receiving additional investment at the expense of others because operating costs are cheaper.

The amendment suggests limiting any reduction in rent that may be imposed by the court when agreements are renewed under the 1954 Act. While that proposal is well intentioned, we do not believe that it should be allowed to proceed. It is vital that there is fairness throughout the UK. The Bill as drafted provides a clear framework, which will not only result in all payments being calculated in the same way, but in the ability to renew agreements quickly and cost-effectively. We think that will expand the digital network.

Julia Lopez

- Hansard -

Copy Link

-

I accept the point that the hon. Gentleman is making. I also accept that in some cases rent reductions were much greater than expected. As we discussed earlier in the week, some of those were the result of overly aggressive behaviour by mobile network operators. We need to address some of the challenges that were raised by some of the changes that were made. In the body of case law, we now have a better equilibrium between landowners and operators, which should help to address some of those cases.

On some of the more emotive cases that have been raised with me over my tenure, I have sought to understand the details. Those cases are not always as has been presented, and I am led to believe that, in terms of a lot of the initially very difficult cases that came after the 2017 reforms were initially introduced, we are now in a very different place.

It is vital that there is fairness throughout the UK. As drafted, the Bill provides a clear framework that will not only result in all rental payments being calculated in the same way, but in the ability to renew agreements quickly and cost-effectively. We hope that will help us expand the digital network across the whole of our country. In those circumstances, I ask the hon. Member for Ogmore to withdraw his amendment.

I will now turn to clauses 61 to 65, which deal with the renewal of agreements to which the code applies that have expired or are about to expire. There are several ways in which such agreements can be renewed, depending on the type of agreement and where in the UK it was entered into. The aim of the clauses is to make all the routes to renewal as clear and consistent as possible, so that the process is the same across the UK.

Julia Lopez

- Hansard -

Copy Link

-

I am afraid I have to tell the Committee that this does not get any more inspiring.

The clause creates a bespoke process for telecoms operators to seek access to certain types of land where a person repeatedly fails to respond to requests for access to install apparatus under or over land for the purposes of providing an electronic communications service. The clause sets out that process by inserting into the electronic communications code new part 4ZA, which makes provision for a court to impose an agreement where the operator needs that person, “the landowner”, to confer or be bound by code rights. Part 4ZA will apply in situations where an operator intends to provide an electronic communications service and to achieve that must install electronic communications apparatus under or over, but not on, relevant land. “Relevant land” is defined as land that is not covered by buildings, and that is neither a garden, a park nor a recreational area. The provision also takes a power for the Secretary of State to specify through regulations further types of land that may be “relevant land”, but may only do so following consultation.

The provisions will require an operator to have given two warning notices, followed by a final notice. Those three notices all follow an initial request notice, giving a total of four. The Bill sets out that there must be a period of 14 days between the giving of each notice. For the landowner to fall out of scope of proposed new part 4ZA, all that is required of them is to respond to any of these notices in writing, before the operator applies to the court under part 4ZA. If any response is received, the operator will no longer be able to apply for a part 4ZA order and must either negotiate for a code agreement or apply for rights to be imposed by the courts in the normal way.

If granted, a part 4ZA order will impose an agreement between a landowner and an operator, conferring the rights requested in the initial notice. The terms of that agreement are to be specified in regulations. It may reassure the Committee that those regulations will be subject to the affirmative procedure. Furthermore, before the regulations are made, the Bill expressly obliges the Secretary of State to consult with a range of parties.

Importantly, the provisions impose a six-year maximum time limit on the period for which rights conferred under a part 4ZA order may last. I emphasise that detail, because it forms an important part of the Bill’s safeguards for landowners’ property rights. This clause provides a much needed process that will play a large part in ensuring that homes and businesses benefit from the national gigabit broadband upgrade and are not left behind.

I will now turn to the amendments tabled in relation to clause 66, all of which are technical amendments. Amendments 2 and 3 have been tabled in order to make a minor clarification to the text of the electronic communications code, to avoid any possible unintended interpretation of the legislation. Amendments 2 and 3 clarify that the right mentioned in paragraph 26(8) and paragraph 27G(4) of the electronic communications code to require the removal of apparatus applies in relation to apparatus placed under or over land. By inserting the words “under or over” into paragraph 26(8) and paragraph 27G(4) of the code, these amendments clarify that part 6 of the code may be used by a landowner to require the operator to remove apparatus installed “under or over”, as well as on, the land.

Without amendments 2 and 3, paragraph 26(8) and 27G(4) as currently worded may be interpreted to mean that while equipment installed on land under the “interim rights” or “unresponsive occupier” process could be removed via the part 6 process, equipment installed under or over land under these processes might not. That is not the policy intention, and as such this amendment is being introduced to clarify the policy position.

Amendment 4 makes a minor amendment to remove a provision which has been found to have no effect. The provision in question—paragraph 3(9) of the schedule to clause 66 in the Bill—was intended to ensure that part 5 of the code does not apply to the process created by clause 66 in the Bill. Part 5 of the code sets out that code rights may persist even after the agreement which underpins them expires. It was never intended that part 5 should apply to rights gained through part 4ZA, due to the importance of the time limits I have mentioned. The Bill provision that this amendment removes was intended to ensure that part 5 did not apply to rights gained through part 4ZA. However, we are satisfied a different part in the code already ensures this. As such, paragraph 3(9) in the schedule of the Bill has no real effect and ought to be removed.

In practical terms, there is no legal or policy change effected through this amendment, beyond increasing the clarity of legislation. This amendment simply removes a provision which had no effect in the first place, and thus tidies the legislation. I hope that everyone will accept that that is beneficial.

Julia Lopez

- Hansard -

Copy Link

-

I think it being on land is a much more intrusive process. For instance, we could be talking about a cable that happens to be going over somebody’s land, and therefore to do something to it would not require a great deal of intrusion. Similarly, if it was the matter of being able to dig at the side of a road, it is technically access land, but only underneath the surface of the land—I hope this makes sense. It is much less intrusive process. I think it is a process that could be objected to far less by a landowner; they are not being asked if somebody can drive over their land, put something unattractive on it or inconvenience them in any way. We are talking about underground works and cabling works that objectively would have no real impact on their land.

Question put and agreed to.

Clause 66 accordingly ordered to stand part of the Bill.

Schedule

Unresponsive occupiers: consequential amendments

Amendments made: 2, in the schedule, page 66, line 17, at end insert—

“(c) in sub-paragraph (8), after “placed on” insert “, under or over”.”

This amendment clarifies that the right mentioned in paragraph 26(8) of the electronic communications code to require the removal of apparatus applies in relation to apparatus placed under or over land.

Amendment 3, in schedule, page 66, line 18, after “sub-paragraph (4)” insert—

“(a) after “placed on” insert “, under or over”;

(b) ”

This amendment clarifies that the right mentioned in paragraph 27G(4) of the electronic communications code to require the removal of apparatus applies in relation to apparatus placed under or over land.

Amendment 4, in the schedule, page 66, line 20, leave out sub-paragraph (9).—(Julia Lopez.)

This amendment removes the amendment to paragraph 30(3) of the electronic communications code. The amendment to paragraph 30(3) is unnecessary because paragraph 30(2) would not in any event apply to a code right conferred by virtue of an order under new paragraph 27ZE of the code.

Schedule, as amended, agreed to.

Clause 67

Arrangements pending determination of certain applications under code

Question proposed, That the clause stand part of the Bill.

Julia Lopez

- Hansard -

Copy Link

-

The clause deals with situations where once an agreement to which part 5 of the code applies has run its initially agreed course, one of the parties wants it to be terminated, modified or replaced by an agreement with different terms. In those circumstances, the matter can be referred to a tribunal if the parties cannot resolve matters themselves. It can take time for such disputes to be dealt with, and paragraph 35 of the code deals with the circumstances in which an interim order can be requested, which will apply until the full dispute is heard.

Our policy intention for interim orders is to allow any specific priority aspect of a dispute to be looked at, so that temporary arrangements can be imposed where appropriate. At present, however, paragraph 35 of the code is restricted, so that only a site provider can ask for an interim order, and they can do so only in relation to the consideration paid by an operator. The clause widens that provision so that either party can ask for an interim order and can do so in relation to any term of the former agreement. That will enable specific issues to be dealt with at a much earlier stage of the dispute. In particular, it will mean that operators are given the same opportunity as site providers have to ask for the financial terms of an agreement to be reviewed on an interim basis. This will help ensure that once an agreement to which part 5 of the code applies has run its initially agreed course, there are no unnecessary delays to the valuation framework of the code being applied to new financial arrangements.

It will also provide the courts with greater flexibility to look at situations where a party needs an urgent change to any term of their agreement. We think that will be particularly helpful where an operator needs urgent changes to terms so that they can upgrade or continue using an existing site. There are likely to be situations where this will also benefit site providers. However, the clause is not to be used as a way of circumventing the usual negotiation process. Parties will be expected to negotiate in the usual way before making an application to the court, and to comply with the ADR requirements that the Bill introduces.

We think the clause will help many operators benefit from the full code framework at a much earlier stage, which will allow them to take advantage of provisions to upgrade and share apparatus and the code valuation framework as introduced in 2017. That will result in more investment in the expansion and upgrading of digital networks, ensuring that consumers receive the best coverage and connectivity possible.

Question put and agreed to.

Clause 67 accordingly ordered to stand part of the Bill.

Clause 68

Use of alternative dispute resolution

Question proposed, That the clause stand part of the Bill.

Julia Lopez

- Hansard -

Copy Link

-

I will now speak to clauses 68 and 69, which introduce measures on alternative dispute resolution and complaints relating to the conduct of operators. The purpose is to encourage more collaborative discussions between landowners and telecoms operators, and to ensure that litigation is used only as a last resort where an agreement cannot be reached.

Clause 68 sets out two new requirements for operators and one new requirement for courts. Together, they will encourage the greater use of alternative dispute resolution processes. The requirements are as follows. First, when a request notice is sent for access to land or other rights under the electronic communications code, all operators must inform the landowner of the availability of ADR processes if the landowner is unhappy with the offer made. Secondly, in cases where an agreement cannot be reached operators must consider using ADR processes before applying to the courts. If the matter relates to modification of an expired agreement, either party must consider ADR before applying to the court. Finally, when awarding costs, the courts will be required to take into account any unreasonable refusal to engage in ADR by either party.

Some landowners and their representatives have told us that they find negotiations for code rights difficult. In some cases, landowners have felt pressured to accept any terms offered, to avoid the risk of being taken to court—this relates to the David and Goliath situation that we discussed earlier in the week. The measures in clause 68 address this issue by encouraging the use of ADR in order to minimise the risk of landowners feeling such pressure, and to facilitate co-operative discussions between landowners and telecoms.

Clause 69 inserts new subsection (ca) into paragraph 103 of the electronic communications code, which lists the issues that Ofcom’s code of practice must deal with. Subsection (ca) adds to the list

“the handling by operators of complaints relating to the failure of operators to comply with the code of practice”.

Landowners and their representatives have reported to the Government that, in some cases, they are reluctant to enter into code agreements because they are concerned about how the operator or their contractors will behave when they access the relevant land. The clause works to address the issue by requiring Ofcom to prepare guidance, following consultation, regarding operators’ handling of conduct. To complement that, we will bring forward secondary legislation to introduce a new statutory requirement for operators to have a complaints process for code matters, enforced by Ofcom.

Question put and agreed to.

Clause 68 accordingly ordered to stand part of the Bill.

Clause 69 ordered to stand part of the Bill.

Clause 70

Power to impose time limits on the determination of code proceedings

Julia Lopez

- Hansard -

Copy Link

-

I beg to move amendment 5, in clause 70, page 60, line 15, at end insert—

“, and

(b) amend or repeal any of the following provisions (which provide signposts to those regulations)—

(i) paragraph 2A of Schedule 3 to the New Roads and Street Works Act 1991;

(ii) section 107(1A) of this Act;

(iii) paragraph 97 of Schedule 3A to this Act;

(iv) section 69(5A) of the Marine and Coastal Access Act 2009;

(v) section 27(6A) of the Marine (Scotland) Act 2010.”.

This amendment ensures that the power conferred by the new section 119A of the 2003 Act includes power to amend or revoke certain signposts in primary legislation which might otherwise be rendered otiose by the exercise of that power.

Julia Lopez

- Hansard -

Copy Link

-

It is clearly desirable that legal disputes relating to code rights be dealt with as quickly as possible; that will minimise delays to network deployment and expansion in a number of ways.

Fast dispute resolution will make sure that, where the public interest test is satisfied, operators can get the rights they need for network deployment and expansion as soon as possible. It also means that where that test is not satisfied, that is identified promptly, so that operators know they have to explore different options. Finally, fast dispute resolution is in the best interests of all parties. Protracted legal proceedings take time, cost money and harm ongoing stakeholder relationships.

However, while we recognise that fast dispute resolution has a lot of benefit, it is important that there be no undue interference with the judicial process and the ability of courts to deal with cases justly. Time limits should not, for example, interfere with a court’s ability to provide the parties with sufficient opportunities to identify, locate or produce evidence. Any statutory provisions relating to the time within which disputes must be determined therefore require careful consideration and close scrutiny.

Legislation already makes limited provision for certain applications relating to new code rights to be heard within six months, but this provision sits outside the code; it is in the Electronic Communications and Wireless Telegraphy Regulations 2011. It was introduced in the course of our transposing European legislation, rather than as a specific element of the domestic code framework.

The new power in clause 70 will enable the Secretary of State to make regulations that are broader in scope, and can specify a period within which a full range of code-related disputes must be determined. As the clause makes clear, regulations made under it may amend or revoke provisions made under the 2011 regulations. That gives the Secretary of State flexibility to consider a full range of approaches, including having no time-limited period at all, if appropriate.

Other, wider measures that we are introducing in the Bill, and potentially in subsequent secondary legislation, will affect court resources. In many cases, the changes will ensure that caseloads are more evenly distributed, particularly between the first-tier and upper-tier tribunals. Rather than seeking to make changes relating to dispute time limits now, we are therefore putting in clause 70 a power permitting the Secretary of State to make regulations on this issue in future. That will enable the Government to revisit the measures as a whole, once the other measures in the Bill come into force, so that their overall impact can be assessed when considering whether changes are appropriate. We will, of course, work closely with the Ministry of Justice and the Northern Ireland and Scotland Governments before making any further proposals on this issue.

Amendment 5 provides a very limited power for the Secretary of State to amend a specified list of provisions in primary legislation. The provisions signpost to regulations about time limits for disputes on code rights. It is clearly desirable that legal disputes relating to code rights be dealt with very quickly. Any statutory provision relating to the time within which disputes must be determined requires careful consideration. The amendment ensures that, if changes are made to the existing regulations, corresponding amendments can be made to legislation that signposts those regulations.

Julia Lopez

- Hansard -

Copy Link

-

I think it is implicit in what I said that we will keep all of this under close review, because we do not want any of the changes we make to slow the roll-out. We hope that the changes have their intended effect, which is ultimately not about any particular group’s interests, beyond their getting better digital connectivity. We are always happy to keep this under close review. We do not think a mandatory ADR would serve our overall goal. If problems come up over the next few years, these powers will enable us to make changes.

Amendment 5 agreed to.

Clause 70, as amended, ordered to stand part of the Bill.

Clause 71

Rights of network providers in relation to infrastructure

Question proposed, That the clause stand part of the Bill.

Julia Lopez

- Hansard -

Copy Link

-

Sharing infrastructure in the roll-out of gigabit-capable networks can greatly reduce the cost of deploying networks, increase the pace of roll-out and reduce the frustrating need to dig up streets, preventing unnecessary disruption to the local populations we represent and reducing carbon emissions. The Communications (Access to Infrastructure) Regulations 2016 enable sharing of information about access to physical infrastructure across the utility, transport and communications sectors. They include the right to access that infrastructure on fair and reasonable commercial terms and conditions. The 2016 regulations were implemented in the UK, following the European broadband cost reduction directive, to reduce the cost of deploying high-speed electronic communications networks.

We recently published our response to a call for evidence on a review of those regulations. We set out that there may be areas where the 2016 regulations could be made easier to understand and use. We said we would legislate to allow future changes to the 2016 regulations via secondary legislation, rather than having to rely on primary legislation. This legislation would be subject to a further consultation with Ofcom and such other persons the Secretary of State considers appropriate. It would also be scrutinised in the Parliament through the affirmative procedure.

Clause 71 grants the Secretary of State the power to make provisions, through regulations, conferring rights on network providers in relation to infrastructure for the purpose of developing communications networks. These provisions include the power to amend, revoke or replace the 2016 regulations. The clause details the areas in which provisions may be made by the Secretary of State through regulations. These areas include: provisions relating to grants of access to relevant infrastructure; the carrying out of work as specified; procedures and forms of request by network providers for rights conferred by the regulations; and disputes under the regulations.

Question put and agreed to.

Clause 71 accordingly ordered to stand part of the Bill.

Clause 72

Power to make consequential amendments

Question proposed, That the clause stand part of the Bill.

Julia Lopez

- Hansard -

Copy Link

-

Clause 72 confers on the Secretary of State a power to make any changes to other legislation that are required as a consequence of part 2 of the Bill coming into force. By way of example, changes may be needed to ensure that legislation that references the electronic communications code continues to work correctly after the Bill is passed. The power can be used to amend any legislation. In the case of primary legislation, it is limited to legislation passed or made before the end of the parliamentary Session in which the Bill is passed.

Clause 72 requires that any regulations made using this power that amend or repeal primary legislation be subject to the affirmative procedure. The negative procedure will apply to any other regulations made using this power. Where any changes are required to devolved legislation, the UK Government will work with the devolved Administrations to ensure that the wider legislative framework operates as intended. Clause 73 provides a straightforward explanation regarding references in this Bill to the electronic communications code.

Julia Lopez

- Hansard -

Copy Link

-

We have official-level contact frequently, in case something has to be changed. I would like to reassure the hon. Gentleman that I have met my counter-parts in the Scottish and Welsh Administrations, including one of his colleagues in the Labour Administration. I will continue to have those meetings, in case changes that would have any meaningful impact are required as a result of the legislation.

Question put and agreed to.

Clause 72 accordingly ordered to stand part of the Bill.

Clause 73 ordered to stand part of the Bill.

Clause 74

Power to make transitional or saving provision

Question proposed, That the clause stand part of the Bill.

Julia Lopez

- Hansard -

Copy Link

-

Clause 74 allows the Secretary of State to make transitional or saving provisions. This is required to provide for a smooth introduction of the new legal framework by, for example, specifying grace periods before the legislation comes into force. Clause 75 makes provision about a number of technical matters that regulations made under the Bill address, and enables such regulations to be exercisable by statutory instrument.

Clause 76 sets out the extent of the provisions of the Bill. Both cyber-security and telecommunications are reserved matters, and, for the most part, the Bill extends across the UK. Clause 77 sets out the commencement. Clause 27, on matters of enforcement, comes into force on Royal Assent, and the remaining clauses come into force via commencement regulations made by the Secretary of State. Clause 78 is the short title of the Bill.

Question put and agreed to.

Clause 74 accordingly ordered to stand part of the Bill.

Clauses 75 to 78 ordered to stand part of the Bill.

Ordered, that further consideration be now adjourned.—(Steve Double.)

The Minister for Media, Data and Digital Infrastructure (Julia Lopez)

- Hansard -

Copy Link

-

I thank the hon. Gentleman for tabling the new clause, which relates to the automatic rights for operators to upgrade and share existing apparatus. To be clear, those rights are already contained in the code, and apply only to agreements completed after the 2017 reforms to the code came into force. The new clause suggests the introduction of a 21-day notice requirement for operators that want to exercise these rights where apparatus is situated on land owned by an emergency service provider.

I very much appreciate the intention behind the new clause, and am grateful to the hon. Gentleman for briefly sharing with me last week some of the instances that he has in mind. Of course, it is important that emergency service providers are aware of work on their sites that may have an impact on their daily activities; I am sympathetic and alive to that. I have tested the issue with officials in the last week, and they suggest that in that context, it is crucial to look at the scope of the paragraph 17 rights, which authorise only activity that will have no more than a minimal adverse impact on the appearance of the apparatus and will impose no additional burden on the other party to the agreement. Clearly, the rights are therefore available only in very limited circumstances.

Of course, operators may need to upgrade and share apparatus that will have a greater impact on a site provider than paragraph 17 permits, and they should be able to do so, but in those circumstances they must obtain the site provider’s agreement or seek to have the required rights imposed by the courts. In contrast, the automatic rights in paragraph 17 are available only in very limited circumstances. The conditions in paragraph 17 specifically exclude activities that would impose an additional burden on a site provider. Activities that disrupted a site provider’s daily business, or created new health and safety risks, would be very unlikely to satisfy that requirement.

Operators that upgrade or share their apparatus in ways that go beyond the paragraph 17 rights, and which do not have a site provider’s permission or court authorisation, will be acting outside the parameters of the code. As such, they may be liable to any legal remedies or sanctions that are applicable to their actions. If an operator is in doubt as to whether the paragraph 17 conditions are satisfied, it would be sensible for it to discuss the planned works with the site provider. I am not aware of any instances in which an operator has relied on its paragraph 17 rights to carry out upgrading and sharing activities that have gone beyond the scope of what that paragraph allows, but if the hon. Gentleman is aware of occasions when that has happened, I would welcome further details and information about them.

At present, we think that the scope of activities permitted by paragraph 17 is so narrow that a specific notice regime is not required. Putting one in place would undermine the policy intention of the rights, which is to enable limited upgrading and sharing works to be carried out as quickly and efficiently as possible. I therefore hope that the hon. Gentleman will withdraw the new clause.

Julia Lopez

- Hansard -

Copy Link

-

I thank the hon. Gentleman for tabling the new clause and, again, I appreciate the intention behind it. It would require the Government to carry out a review of the 2017 legislation that updated the electronic communications code, which is the overarching legislation that the Bill amends and that we have been discussing in Committee.

I appreciate that the intention behind the new clause is to better understand the impact of the 2017 changes to the code but, unfortunately, such a review clause would have unintended consequences. We are particularly concerned that there might be a chilling effect on the market while the review is carried out, which would lead to delays not just in implementing the measures in the Bill, but in wider deployment. When the 2017 code came into force with reduced rents, a lot of cases went through the courts because operators were still on higher rents as long as negotiations were ongoing. We do not want to see a similar challenge in this case.

If a review takes place, stakeholders will likely delay entering into agreements to enable the deployment of infrastructure. Only when the review has concluded and it is clear whether further changes are to be made to the code will parties be prepared to make investment or financial commitments. That will have a profound effect on our connectivity ambitions, despite our desire to move as quickly as possible to level up the country with world-leading connectivity. It will also have an adverse impact on consumers and businesses, many of whom want to access higher speeds and the latest technologies such as 5G.

The Bill focuses on a few issues that prevented the 2017 changes from having their full impact, such as speeding up deployment while protecting the rights of landowners and site providers. Wider changes to the code will halt all progress made and will risk bringing deployment to a standstill. That would leave many homes and communities without the upgrades to connectivity that they badly need, which I am sure the hon. Member will agree would not be the desired outcome.

Let me clarify what was said in 2017 about reviewing the changes to the code. In the impact assessment that accompanied the reforms, the Government said that they would review the policy by June 2022. They did not say that they would carry out a full economic review of the impact of the reforms on the rental agreements. We have reviewed the policy. Officials have held regular meetings with stakeholders since the 2017 reforms came into force, including facilitating workshops between stakeholders to encourage more collaborative working. My predecessor, my right hon. Friend the Member for Maldon (Mr Whittingdale), held a series of roundtable meetings with stakeholders from both the operator and the site provider communities so that he could understand the situation better.

Since I have been in post, I have been testing some of the concerns of the hon. Member for Ogmore in Parliament to ensure that we are beyond some of the initial challenges that we all accept existed when the code changes were made. Regular engagement and the issues highlighted directly informed last year’s consultation, which preceded this Bill, and led to the provisions in the Bill that are needed to realise the benefits of the 2017 reforms. I hope that this gives the hon. Member reassurance that we have reviewed the policy as a whole, and I ask that he withdraw his amendment.

Julia Lopez

- Hansard -

Copy Link

-

Again, I thank the hon. Member for his suggestions, and I always appreciate the intention behind what he is trying to do. On this matter, we have been consulting with experts throughout the development of the legislation. As he will be aware, a lot of the details about how we shall regulate these products will come in secondary legislation. Here, we are taking broad powers so that, as the technology develops, we can tweak them as things change. We are also considering a wide number of products that will be in scope.

We do not want to take specific powers at this stage, and, as I mentioned in relation to the hon. Gentleman’s amendment 6, which we debated last week, it is important that the legislation retain the flexibility to adapt to and reflect the changing threat and technological landscapes. We have consulted widely on the legislation, and will continue to do so where new requirements are appropriate, but committing the Government to working on requirements framed using terminology that may seem appropriate today could limit the security benefits of such a requirement in the future.

As I reassured the hon. Member last Thursday, we are committed to introducing security requirements based on the first three guidelines of the internationally recognised code of practice for consumer internet of things security. Those will include a requirement for manufacturers to be transparent about the time for which products will be supported with security updates. At its core, that approach demonstrates a shift towards clear transparency that can inform the consumer when purchasing a relevant device. We know that many consumers are security conscious, but, as things stand, not enough manufacturers make that information readily available to them.

Data from Which?, which the Committee heard from last week, highlights that less than 2% of assessed products had clear information on the length of time for which they would receive security updates. We are using legislation to increase the availability of information to UK consumers, so that they can make their own purchasing choices with a clear understanding of security. As consumers learn more, they will expect more, and we hope that that will drive the market approach to embedding minimum periods for security updates. Last week, the Committee heard from Which? that some consumers might be continuing to pay for their devices even after security updates are available to them. That is exactly the kind of thing we want to avoid, and we think that transparency is the key to raising consumer awareness.

As manufacturers raise the bar to the appropriate level, we anticipate that more and more will do the same as a result of that shift to transparency. Should manufacturers fail to respond in that way, the Government may, in the future, consider that there is a case for setting out a requirement for certain products to be covered by minimum security periods. That is all part of the flexible approach we are keen to take to legislation to ensure that our requirements reflect the realities of technologies and the wider market.

Additionally, I have concerns that the new clause would commit the Government to unnecessary work that would only need to be repeated following the implementation of the initial requirements, before a substantiated case for this additional requirement could be made.

For those reasons, I am not able to accept the new clause. We are taking broad powers and a lot of details will be looked at when we consider secondary legislation. We will be looking at this issue as these products develop. If we think that a requirement for the hon. Member’s minimum period comes about, we will look at the issue again. At this stage, though, I hope he will consider withdrawing his new clause.

The Minister for Media, Data and Digital Infrastructure (Julia Lopez)

- Hansard -

Copy Link

-

I beg to move, That the clause be read a Second time.

Julia Lopez

- Parliament Live - Hansard -

Copy Link

-

It is a pleasure to be making such good progress on this Bill, which seeks to deliver world-class connectivity to our constituents and to improve the security of the devices that we all rely on. I will start by explaining the need for the Government amendments tabled in the name of the Secretary of State, as those amendments are relatively straightforward. I will then move on to the more substantial matter of the remaining amendments, which I suspect right hon. and hon. Members are keener to discuss.

Beginning with new clause 1, as I explained on Second Reading, some operators with apparatus on land are currently unable to follow an existing statutory process to renew their agreement once it comes to an end. These operators also cannot use the code to get an entirely new agreement, because only the occupier of land can grant code rights. An operator already occupying land clearly cannot enter into an agreement with itself. Clause 57 was intended to ensure that operators could obtain code rights from another party in these circumstances, but subsequent engagement with stakeholders has made it clear that the clause as drafted would not cover all scenarios and that a more focused approach is required. Some operators would still find themselves effectively stuck once their agreements ended, with no means of renewing their agreement and no reasonable or practical means of obtaining a new code agreement. This can have negative consequences for consumers, and as such it is unacceptable. New clause 1 therefore replaces clause 57.

The new clause will ensure that all operators in exclusive occupation of land who do not have a statutory renewal option can still seek a code agreement. The person who can grant those code rights will usually be the owner of the land, although the new drafting makes provision for less straightforward situations. As well as resolving the problem of “stuck” operators, new clause 1 also assists operators with an existing, ongoing agreement. Where such operators need additional code rights that are not already provided by their current agreement, the new clause ensures they can seek such rights. Currently, some such operators are unable to do so because they are in occupation of the land.

Julia Lopez

- Hansard -

Copy Link

-

Yes. They will be allowed to take out a new agreements, but they still have to be under the existing regime.

To be clear, this will not let an operator unilaterally change, or ask the court to impose a change to, the terms or duration of their current agreement. It allows an additional code right to be conferred on the operator via a new, separate code agreement.

Julia Lopez

- Hansard -

Copy Link

-

I thank the hon. Gentleman for raising the case of his constituent. I would be grateful if he took it up with my officials, as I am keen to look into it. Throughout the passage of the Bill, individuals have raised cases with me. It is fair to say that the number of cases has declined substantially as the Bill has progressed through the House, so I am content that the position is getting much better, but if there are outstanding cases of situations that any MP feels is unfair, I will be grateful if they are brought to my attention.

To return to the case I was making for new clause 1, as with an initial agreement, if a consensual agreement cannot be reached about the additional right needed, operators will be able to ask the court to impose an additional agreement conferring the additional right. Of course, in those circumstances an operator would still have to satisfy the court that its application meets the requirements of part 4 of the code, including the public interest test.

Let me give an example of how the Government intend this to work. An operator may have an existing agreement which contains a code right to install a 3 metre high mast. Subsequently, the operator realises that it needs to install a 5-metre high mast on the same piece of land. That could enable the operator to install 5G technology or to improve or expand its network. The original agreement allowing the 3-metre mast will continue to run for its remaining term, and the operator will ask the site provider to enter into a second agreement, which contains a code right allowing it to install the 5-metre high mast.

Advances in technology occur at pace, whereas a code agreement can last for a number of years. If an operator has to wait until the term of its code agreement is about to expire before being able to obtain additional code rights, it will be unable to install the latest technology on its apparatus, meaning our constituents will be deprived of faster, more reliable services such as 5G and, in time, 6G. We think that the new clause is also vital to give UK businesses access to the technology they need, enabling our economy to thrive. I hope Members will therefore agree that it must be made.

Turning to new clause 2, we want to ensure that disputes relating to the electronic communications code can be dealt with as quickly and efficiently as possible. Currently, paragraph 95 of the code allows the Secretary of State to make regulations that confer jurisdiction on either the first-tier tribunal or upper tribunal in relation to England, but only the upper tribunal in relation to Wales. The current regulations made under paragraph 95 state that all code disputes must commence in the upper tribunal, although in England, appropriate cases may then be handed down to the first-tier tribunal. The first-tier tribunal has greater administrative resources and more judges than the upper tribunal, meaning that code disputes can be processed and heard more quickly.

Moving forward, the Government are therefore considering a greater role for the first-tier tribunal in hearing code disputes, including making further regulations using the power in paragraph 95 of the code where appropriate. The new clause provides the necessary powers so that we can do just that. In future, the Secretary of State will be able to make regulations conferring jurisdiction on both the upper tribunal and the first-tier tribunal in Wales.

The final set of Government amendments is amendments 4 to 7. They have been tabled to make a minor clarification to the text of clause 68 to avoid any unintended interpretation of the legislation. Clause 68 currently makes it clear that an operator can, at any time, give notice in writing to a person from whom they are seeking code rights, stating that the operator wishes to engage in alternative dispute resolution, often known as ADR. However, nowhere is it set out that such a notice can be sent from that person to the operator. The amendments clarify that when an operator seeks code rights from a person, either the operator or that person may give notice to the other expressing a wish to engage in ADR at any time.

Julia Lopez

- Hansard -

Copy Link

-

I am afraid that my right hon. Friend cannot tempt me, and I will say why shortly.

I thank the hon. Member for Hackney South and Shoreditch (Dame Meg Hillier) for bringing forward amendments 14 to 17 to clauses 59 and 60. They would expand retrospective rights to upgrade and share apparatus in buildings owned by private landlords, such as blocks of flats, also known as multiple dwelling units or MDUs. I begin by saying that I have considered this issue carefully. I have been lobbied extremely heavily on it by one operator in particular, and I have tested the proposition with my officials, legal advisers and other operators.

I would not like to pre-empt what the hon. Lady might say as to why she tabled the amendments and their perceived need. However, I reassure her, and any others considering supporting them, that as a fellow London MP with many MDUs in my seat I am concerned about the dangers of a digital divide emerging, and I am doing what I can to avoid that circumstance. If I thought that the amendments genuinely helped on that front, I would do all I could to incorporate them, but there is a glaring lack of consensus among the telecoms industry about their need. Indeed, only one operator has contacted me in support of them, while four separate operators and representative bodies have strongly opposed the amendments, arguing that they are anti-competitive. I will talk a little more about that in a minute.

Julia Lopez

- Hansard -

Copy Link

-

I thank my hon. Friend for raising the great work of KCOM and the importance of competition and how it is driving roll-out. It is changing the dynamic in the market, very much for the better. I am mindful of how we drive extra competitiveness in this field, because that is what is getting us the roll-out and the digital connectivity that our constituents need and demand.

Amendments 14 to 17 are, I think, identical to the proposals tabled in Committee. As I explained then, upgrading and sharing electronic communications apparatus offers substantial benefits. We specifically recognised that in our 2017 reforms and in the new upgrading and sharing rights that clauses 59 and 60 will create. However, as I also explained, any legislation concerning work affecting private land has to take careful care to strike the right balance between public benefit and individual rights. The automatic rights introduced in 2017 were developed to maintain that balance.

Even more careful consideration is needed for legislation that applies retrospectively. It is for that reason that clauses 59 and 60, which have retrospective effect, include tighter restrictions on the rights they confer on operators. Under those clauses, operators will have automatic rights to carry out only limited activities that will not have adverse impacts on the land in question or impose any burden on anyone with an interest in the land. However, conferring these rights will facilitate activities such as crucial upgrading work on cables installed underneath land. Industry stakeholders have confirmed that this has significant potential to provide homes and communities with gigabit-capable connections at pace. The public benefits are therefore substantial, with little to no impact on private individuals.

Further expanding these retrospective measures, as proposed by the amendments, would require us to revisit two fundamental points: first, what would the public benefit be, and, secondly, what would the impact be on individual landowners’ rights? We have considered that carefully, and we do not think that the case has been made for the changes that the amendments propose.

Looking first at the impact on landowners’ rights, if apparatus can be upgraded or shared without material alteration to land or property—for example, if works are carried out solely on or within apparatus, such as a duct—impact on the land can be negligible. Upgrading equipment in a building almost always involves some direct impact, however small, on the building. We think that works that have an impact on property should require either agreement from the landlord or imposition by the courts through the processes provided for in the code.

In any event, if an automatic right of the kind envisaged was introduced, operators would still have to successfully engage with the landlords for logistical purposes, such as to arrange access to the property or to discuss any potential health and safety issues or need for repairs. If these conversations must take place, and we think that they should, it seems sensible that the operator should at the same time ask permission to carry out the works. That brings us again to the question of whether the expanded automatic rights, as proposed by the amendments, would be proportionate. There are other ways that operators can upgrade equipment in multi-dwelling units. They can already ask for the rights to do so, and measures are being introduced that will enable them to resolve matters quickly and cheaply.

Finally, what of the public benefit? Members made the point in Committee that residents in blocks of flats urgently need gigabit-capable connections, particularly if we are to meet our levelling-up ambitions in urban areas, as well as in rural communities. I have explained that the code already contains provisions that would enable operators to seek rights to upgrade apparatus in buildings. In contrast, an automatic right could have adverse impacts that have perhaps not been fully explored. Members suggest that there is consensus in industry that these changes are needed, but that is not the case. I have received direct representations from many fibre providers that strongly oppose these proposals. They say that the proposals would create an unfair advantage for operators with equipment inside buildings, with potentially anti-competitive effects.

I hope that gives the hon. Member for Hackney South and Shoreditch assurance that the provisions in the Bill on retrospective rights to upgrade and share represent a balanced approach, and that there are substantial measures in place and under way to connect residents of multi-dwelling units. I therefore hope that she will not press her amendments to a Division.

Finally, I will address the amendments tabled by my right hon. Friend the Member for New Forest West (Sir Desmond Swayne). First, amendments 12 and 13 seek to remove clauses 61 and 62 from the Bill. This is another matter that I am familiar with. Indeed, as I suggested in response to an intervention, I have had conversations with him and other hon. Members about particular cases, as well as with the campaign group that represents landowners on the issue.

The Government recognise that, since 2017, there have been problems between some landowners and telecoms operators, and a level of discontent about the result of the valuation regime change, but we want to bring that regime more in line with that of other utilities, and we believe there are significant benefits to doing so. I must say that I have found little evidence in recent weeks and months to suggest that the regime requires a radical overhaul.

I have encouraged more collaborative discussions between operators and landowners. I have looked into specific cases, and concluded that the measures that we are introducing to encourage more collaborative negotiations will help to tackle many of the problems that I have seen. Significant information about cases has not always been forthcoming when asked for, but if hon. Members would like to discuss constituency cases, I am always happy to receive the details. Fundamentally, we need a legislative framework that keeps costs low, so that we can encourage investment and protect consumers from price increases. The code valuation framework to calculate the sums payable to landowners by operators, which was introduced in 2017, aimed to achieve that. We maintain that the overall framework creates the right balance between the public need for fantastic digital infrastructure and making sure that landowners receive a fair payment for allowing their land to be used. The purpose of clauses 61 and 62 is to make sure that the valuation framework applies consistently across the UK and to all agreements the code applies to.

Julia Lopez

- Hansard -

Copy Link

-

Most of the people I have spoken to are already in the market and believe that the change will make a big difference to how they roll out. It is a very competitive market with many new entrants. I am not aware of anybody who is just dipping their toe in the water; because it is so competitive, people are already aggressively in the market. We think that the change will really help to accelerate the roll-out to our constituents of fantastic digital infrastructure of the kind that we all understand is fundamental to driving productivity gains, and to reducing the divide between areas that do and do not have that connectivity.

From the contribution of my right hon. Friend the Member for New Forest West on Second Reading, I understand that his concern relates to the effect of clauses 61 and 62 on landowners who already host telecoms apparatus on their land. I recognise that, ultimately, these changes are likely to lead to reductions in the rent received by landowners with a tenancy protected by the Landlord and Tenant Act 1954 or the Business Tenancies (Northern Ireland) Order 1996. I appreciate that that might not have been expected by those entering into such tenancies at the time they were created, but it is also fair to say that market values change over time, and there is never any guarantee that rents received by a landlord will remain constant or increase.

We have also given careful consideration to the effect of clauses 61 and 62, and have balanced the impact that they might have on landowners with the wider, substantial public benefits that we are pursuing. It is also important to recognise that the changes will not happen until any ongoing agreement expires and comes to be renewed. Furthermore, clauses 63 and 64 introduce separate provisions allowing the landowner to recover compensation for any damage to their land, reduction in its value or reasonable expenses resulting from an operator exercising their code rights.

Clauses 61 to 64 ensure that the 2017 framework will apply to all future agreements. It must be remembered that the code has an underlying purpose, which is to support the delivery of robust digital networks. Our constituents increasingly rely on those networks for critical digital services. Only recently, the National Farmers Union’s digital technology survey found that poor mobile signal and unreliable internet access are hampering farming businesses. We know that rural connectivity is a problem for many organisations, and addressing it is one of our priorities as a Government. The Bill, including clauses 61 and 62, aims to address those issues.

I am sure that my right hon. Friend had only noble intentions when tabling his amendments, but although they may benefit some landowners, they have the potential to penalise entire communities by keeping network costs unacceptably high. Clauses 61 and 62 will help to reduce the digital divide between different parts of the country, as they will help to prevent deployment being cheaper in one area than another.

Finally, I turn to amendments 9 to 11 tabled by my right hon. Friend, which would require a party to use alternative dispute resolution processes before making certain applications to a court under the electronic communications code, including where an agreement granting rights under the code is being sought. The provisions on ADR processes in the Bill aim to create more collaborative discussions between landowners and telecoms operators to ensure that litigation is used only as a last resort. I suspect that that is what the amendments seek to ensure as well. Although I sympathise with the intention behind these amendments, the Government oppose them—first, because they are unnecessary; secondly, because ADR is not appropriate in every situation; and thirdly, because they would be counterproductive to the amendments’ overall intentions.

The Bill requires operators, when requesting rights under the code, to inform the landowners of the availability of ADR. Crucially, it also creates a requirement that if an application is made to a court, the court will be required to take into account any unreasonable refusal to engage in ADR when awarding costs. Those requirements strongly incentivise the use of ADR without the need to make it mandatory. The Government therefore believe the amendments to be unnecessary.

It is also important to note that ADR may not be suitable in certain cases, such as where a disagreement is based on differing interpretations of the law. Such points of law must be resolved in the courts, and mandatory ADR would add cost and time to that process without offering any benefit.

The Government also believe that the amendments would be counterproductive to their own goals. If ADR were compulsory, some parties would be compelled to participate in an ADR process they do not want to be involved in, and so would be less inclined to actively engage in the process. That would increase the risk that ADR would fail, which would mean that parties would have to go to court anyway. If that were the case, all that compulsory ADR would have achieved is to add an additional layer of time and costs for landowners, such as charities, sports clubs and farmers. It should also be noted that, when consulted, a clear majority of stakeholders were not in favour of compulsory ADR. I hope that I have given my right hon. Friend assurance that the provisions regarding ADR in the Bill already represent the most effective way of encouraging its use, and I hope that he will not press his amendments to a Division.

Julia Lopez

- Parliament Live - Hansard -

Copy Link

-

I am grateful to all Members who have spoken in this debate, to the Opposition for their support for the Bill, and to the hon. Member for Ogmore (Chris Elmore) in particular for the very collaborative approach he has taken throughout and his acknowledgement of the improvements we have made. I shall test officials on the further points he makes. I am also grateful to the hon. Member for Midlothian (Owen Thompson) for highlighting the product security parts of the Bill. Some of the detail he seeks will be in secondary legislation. Goods sold in online marketplaces, for instance, are not out of scope, because manufacturers, importers and distributors are covered. I would be happy to come back to him on some of the other points he raised.

On criticism of our roll-out, we are making substantial progress on our gigabit roll-out. We are now up to 68% coverage, up from 9% in 2019. I am open to any proposal to make roll-out go even faster. I have set out why competition is so important to that dynamic and why I think the amendments on MDUs are not the right way to go and could even slow the roll-out. I note the comments on BT Openreach. Other providers tell me that they have great teams negotiating wayleaves, that this is a straightforward process and that extra help on MDUs of the kind envisaged is simply not needed. I am grateful to my hon. Friend the Member for Brigg and Goole (Andrew Percy) for using KCOM as a great example of that, and for highlighting not only some of the good work that Openreach does, but the interesting example of his town deal, which I shall take away with me.

My right hon. Friend the Member for New Forest West (Sir Desmond Swayne) made a typically fruity and passionate speech. We believe our legislation incentivises greater collaboration. I set out in detail earlier why that is the case. We believe that rents were too high. As the need for digital infrastructure increases, we think rents need to become more akin to those for utilities. I should never wish to be accused of seeing property as theft. Indeed, I confess to taking umbrage at my right hon. Friend’s assertion on Second Reading. That is why I have tested his proposition—

Julia Lopez

- Parliament Live - Hansard -

Copy Link

-

I thank my right hon. Friend. I am glad that I have convinced him of the case. [Laughter.] As I say, I tested his proposition to death and concluded that there may be a case of creative hyperbole. I am glad he has also acknowledged that.

Question put and agreed to.

New clause 1 accordingly read a Second time, and added to the Bill.

New Clause 2

Jurisdiction of First-tier Tribunal in relation to code proceedings in Wales

In paragraph 95(1) of the electronic communications code (power to confer jurisdiction on other tribunals)—

(a) in paragraph (a), at the end insert “or the Upper Tribunal”;

(b) in paragraph (aa), for the words from “, but only” to the end substitute “or the Upper Tribunal”;

(c) omit paragraph (b).”—(Julia Lopez.)

This new clause gives the Secretary of State power to make regulations providing for a function conferred by the code on the court to be exercisable in relation to Wales by the First-tier Tribunal.

Brought up, read the First and Second time, and added to the Bill.

Clause 57

Meaning of “occupier” in relation to land occupied by an operator

Amendment made: 1, page 40, line 11, leave out Clause 57.—(Julia Lopez.)

This amendment is consequential on NC1.

Clause 58

Rights under the electronic communications code to share apparatus

Amendments made: 2, page 41, leave out lines 23 to 25 and insert—

‘(4) In paragraph 9 (conferral of code rights), after sub-paragraph (2) (as inserted by section (Persons able to confer code rights on operators in exclusive occupation)) insert—”

This amendment is consequential on NC1.

Amendment 3, page 41, line 26, leave out “But”—(Julia Lopez.)

This amendment is consequential on NC1.

Clause 59

Upgrading and sharing of apparatus: subsisting agreements

Amendment proposed: 14, page 42, line 11, after “agreement”, insert

“other than with a private landlord”.—(Chris Elmore.)

This amendment, together with amendments 15, 16 and 17, would apply a different regime under the Electronic Communications Code to private landlords, giving automatic upgrade rights for operators to properties owned by private landlords subject to the condition that the upgrading imposes no additional burden on the other party to the agreement.

Question put, That the amendment be made.

Julia Lopez

- Parliament Live - Hansard -

Copy Link

-

I beg to move, That the Bill be now read the Third time.

The Romans built the roads, the Victorians built our canals and railways, and our generational challenge is to make sure that the UK has world-class digital infrastructure. That is not just about the needs of today, when we depend on reliable connections for online meetings, television streaming or calling friends and family. We are rolling out, at breakneck speed, full-fibre networks that will last for decades and cater for tomorrow’s needs, alongside more extensive wireless infrastructure to end the frustration of terrible signal and slow downloads.

The Bill is one tool that we need to deliver great connectivity for everyone, and I am grateful for the cross-party recognition of the importance of our task. The Government also recognise that greater connectivity brings the greater threat of harm to individuals, organisations and networks through an increased risk of cyber-attack. If networks and devices are not secure or trusted, we undermine their potential benefit to people and businesses.

I thank the consumer group, Which?, for its campaign that supported the development of our Bill. Not only are our measures important to protect people’s online security when enjoying the benefits of technology, but they will help to protect people’s personal safety. I particularly thank Jessica Eagleton of the domestic violence charity, Refuge, for her compelling evidence at the Public Bill Committee. The Bill is backed by industry experts and I thank them for their input. Other countries are already following suit, and with this Bill, the first domestic piece of legislation in the world to introduce security requirements of connected products, we are global leaders in the cyber-security landscape.

In short, this Bill is vital to the success of our digital economy in the decades ahead. Once passed, its measures will make the UK a better connected place and more resilient against cyber-attacks. Before it moves to the other place, I extend my thanks to the departmental officials for their work preparing the Bill; to the Opposition for their pragmatic and collaborative approach; to the members of the Bill Committee and the witnesses for their commitment; to the parliamentary Clerks, without whose efforts we would not be attending this debate; and to Members from across the House, including my Parliamentary Private Secretary, my hon. Friend the Member for Clwyd South (Simon Baynes), for the scrutiny and support they have provided. I look forward to seeing this important piece of legislation come into force. I commend the Bill to the House.

The Minister of State, Department for Digital, Culture, Media and Sport (Julia Lopez)

- Parliament Live - Hansard -

Copy Link

-

I beg to move, That this House disagrees with Lords amendment 17.

Julia Lopez

- Hansard -

Copy Link

-

I am pleased to see the progress that the Bill has made since it left this House before the summer, and I am grateful to Members in the other place for their scrutiny of it. Fast, reliable and secure digital connections are the cornerstone of a competitive economy and thriving society, and the sooner the legislation comes into force, the better. As hon. Members will recall from earlier stages of the Bill, its objective is twofold: first, to speed up the roll-out of 5G and gigabit-capable broadband; and secondly, to protect and enhance the security of consumer connectable products, such as monitors, doorbells, connected kitchen appliances and so on, so that users can get their benefits without being exposed to risk. I am confident that the Bill will do just that.

I will start by explaining the need for the relatively straightforward Government amendments tabled by my now former colleague, Lord Kamall, whom I thank and pay tribute to. I will then move on to Lords amendment 17, with which I hope the House will disagree.

Lords amendments 1 to 11 seek to implement recommendations made by the Delegated Powers and Regulatory Reform Committee. Those recommendations relate only to part 1, on product security. The amendments change the parliamentary procedure for two delegated powers from the negative resolution procedure to the affirmative resolution procedure. Those are the powers in clause 3, the power to deem compliance with security requirements, and clause 9, the power to exempt manufacturers from needing to draw up a statement of compliance. The amendments will also ensure that the Secretary of State is able to authorise another person to exercise enforcement functions only by making regulations rather than by agreement. Those regulations will also be subject to the affirmative resolution procedure. We have carefully considered the Committee’s regulations and we are happy to accept those three.

On part 2 of the Bill, on telecoms infrastructure, Lords amendments 12 to 14 would remove the clause formerly known as clause 57 and make relevant consequential amendments to the version of the Bill that this House sent to the other place. That clause was intended to address difficulties that had arisen following upper tribunal and Court of Appeal decisions on the meaning of “occupier”. However, a judgment of the Supreme Court on this very issue was made during the Bill’s journey through the other place, and the judgment resolves the policy concerns that clause 57 was designed to address. As a result, we think it is no longer necessary to retain that clause, and its removal will ensure clarity and certainty for all users of the code.

Lords amendment 15 was made by the Government following a lot of debate and work by my team of officials, and I expect hon. Members on all sides will be pleased to see it realised in the Bill. It gives operators the rights to facilitate two things. First, the amendment makes it easier for a telegraph pole to be shared that is used by an operator other than the operator that owns the pole. Secondly, it makes it easier for the equipment on a pole to be upgraded—for example, by replacing an old copper line with a fibre-optic one.

This amendment is something that many of my hon. Friends and hon. Members, and indeed the telecoms industry, were asking for. Overhead lines are used to provide a substantial proportion of network delivery across the country, and we think the amendment will therefore play a very important role in delivering better services to our constituents. We have listened carefully to stakeholders, and as well as meeting the needs of operators, I can assure hon. Members that we have included safeguards to protect the interests of private landowners and occupiers. For example, the legislation will not provide operators with an automatic right of entry on to private land. I hope that this amendment will therefore be welcomed.

The final Government amendment, Lords amendment 16, concerns an issue that has not yet been discussed in this House, so I should spend a little more time explaining its rationale. The amendment is intended to protect the autonomy and integrity of our national security, defence and law enforcement sites across the country. As it stands, the electronic communications code allows telecoms operators to seek consensual agreements with landowners to install and maintain telecoms equipment on private and public land, including sensitive national security, defence and law enforcement sites. If an agreement cannot be reached, a telecoms operator may seek a court order imposing such an agreement, potentially giving the operator access to those sensitive sites without consent. The code works in this way to make sure that operators can deliver the 5G and gigabit-capable broadband roll-out at pace.

However, this process does raise some national security concerns, including physical security, technical security and legal risks, which I shall go into a little further. On physical security, the presence of engineers and site surveyors on particularly sensitive sites, potentially without proper security clearance, could pose a national security risk. On technical security, the installation of 5G equipment on particularly sensitive Government sites could pose communications and information security risks.

Finally, on legal risks, the courts that consider proceedings under the code are not able to undertake closed material proceedings. That means that classified national security concerns cannot be evidenced properly, which might lead to courts granting access to sensitive sites without a full awareness of the risks. Lords amendment 16 seeks to address those particular national security risks without undermining our ambitious gigabit-capable broadband and 5G roll-out plans. It will confer powers on the relevant Secretary of State to intervene and prevent a court from imposing an agreement sought by an operator.

Julia Lopez

- Hansard -

Copy Link

-

I think that is probably for other legislation, but if the hon. Member would like to discuss further with me, perhaps in relation to the Data Protection and Digital Information Bill, I would be very happy to do so.

Turning back to Lords amendment 16, I have to emphasise that it is not a blanket national security exemption. It is a very specific power that will be deployed only rarely, on a case-by-case basis and only when all other routes to a mutually consensual solution have been exhausted.

Finally, turning to the last amendment in the group, I hope the House will disagree with Lords amendment 17. The amendment adds a new clause to the Bill requiring the Secretary of State to commission an independent review of the effect of the electronic communications code and of the Telecommunications Infrastructure (Leasehold Property) Act 2021.

Julia Lopez

- Hansard -

Copy Link

-

I shall set out my reasons for resisting now, but I am afraid I am not of the same opinion as my right hon. Friend on this issue. I have looked at it at length: I have looked at casework and the numbers of renewals, and I believe a review would simply cause a great deal of delay, which would further stymie roll-out.

Julia Lopez

- Hansard -

Copy Link

-

I agree and I thank my hon. Friend for making the point. It seems sensible and benign, but it would significantly delay roll-out and create a great deal of uncertainty.

I understand why Members in the other place tabled this amendment. Its aims are noble, but it is impractical and unnecessary and would have a disastrous effect on investment in telecoms infrastructure, leading to a slow-down in getting great connectivity to the places that most need it, particularly rural constituencies. The Government and Ofcom already produce regular reports on coverage targets and competition, and to that extent the amendment is unnecessary and would duplicate effort.

On the subject of coverage and targets, we are making great progress. We have listened at length to the concerns in both Houses and among stakeholders, and we of course understand that there are tensions between landowners and operators that must be resolved, albeit a lot of progress has been made since 2017. This Bill tries to resolve some of the challenges, particularly by introducing more collaborative negotiations and a greater use of alternative dispute resolutions.

The prospect of another full-scale review of the code framework would have the opposite effect, exacerbating existing tensions by prolonging that debate about valuation. The result would be a cooling effect on the market, with landowners and operators reluctant to conclude agreements until the review was completed. That would seriously delay the delivery of digital services, including gigabit-capable connections and 5G coverage, which so many of our constituents tell us they need and which hon. Members hold me to account for every day because those things are important to economic growth and social wellbeing in their constituencies, particularly rural ones. I urge hon. Members not to stitch further delays into the process through the uncertainty created by a review. For these reasons, although amendment 17 is well-intentioned, it is disproportionate and unhelpful, and I hope the House will disagree to it.

I am nearly at the end of my speech, but I want to thank all Members who have contributed to debates on this Bill, especially the hon. Member for Barnsley East (Stephanie Peacock) and her predecessor the hon. Member for Ogmore (Chris Elmore). Parliamentary scrutiny here and in the other place has provided the Government with much food for thought, allowing us to refine and improve the legislation, and I am pleased that Members on both sides of the House support the objectives of this much-needed Bill in recognition of the importance of digital connectivity to the people and communities we serve and the security of the products that will be increasingly present in their lives.

Julia Lopez

- Parliament Live - Hansard -

Copy Link

-

I thank hon. Members for their contributions and for the wide-reaching support for the Bill, as that shows recognition of its importance.

The 2017 reforms were introduced to drive roll-out and were designed to make rents more akin to those for a key utility. There were, no doubt, issues after 2017 that led to protracted negotiations and examples of poor practice by operators, some of which we heard in Committee, but I am confident that we are now reaching market equilibrium, and renewal numbers are increasing year on year.

We believe that the Bill will lead to further progress, and we are making great progress on the roll-out. Our national gigabit coverage was 6% in 2019 and it is now more than 70%; 4G coverage is at 92%; and we met our 5G target five years early. We review the situation. We have monthly stakeholder meetings that have led to a new national connectivity alliance between operators and landlords. I assure the House that I am not on the side of either operators or landlords in the negotiations; I am on the side of people with poor connectivity. That is the lens through which I view the amendments and such people are our motivation, plain and simple.

I thank the Bill team and all the officials across many Departments who have worked hard over the past couple of years to reach this stage. The Bill will help people up and down the country to access the digital services that they need, and to do so securely. If the hon. Member for Strangford (Jim Shannon) would like me to, I shall take up the issues in his constituency. Beyond that, I commend the Bill to the House.

Question put, That this House disagrees with Lords amendment 17.