Electronic Communications (Networks and Services) (Designated Vendor Directions) (Penalties) Order 2025 Debate
Full Debate: Read Full DebateDepartment: Department for Business and Trade
Viscount Camrose
Main Page: Viscount Camrose (Conservative - Excepted Hereditary)Department Debates - View all Viscount Camrose's debates with the Department for Business and Trade
Electronic Communications (Networks and Services) (Designated Vendor Directions) (Penalties) Order 2025
Viscount Camrose Excerpts(4 days, 16 hours ago)
Grand CommitteeRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Clement-Jones (LD)
My Lords, I thank the Minister for her introduction to this draft statutory instrument; it was brief and to the point. These penalties will be able to reach 10% of turnover or £100,000 per day for continuing breaches, so getting the calculations right is crucial. However, I have some concerns about the SI, the first of which is about timing.
I do not understand why we are looking at a three-year gap between the enabling powers and the calculation rules. The Telecommunications (Security) Act 2021, which I worked on, was presented to this House as urgent legislation to protect critical national infrastructure, yet here we are, in 2025, only now establishing how to calculate penalties for breaches in the way set out in this SI. During this period, we have had enforcement powers without the ability to properly determine penalties. As I understand it, tier 1 providers had to comply by March 2024, yet the penalty calculation mechanism will not be in place until this year—no doubt in a few weeks’ time.
Secondly, there is the absence of consultation. The Explanatory Memorandum cites the reason as the SI’s “technical nature”, but these penalties—I mentioned their size—could have major financial implications for providers. The telecoms industry has complex business structures and revenue streams. Technical expertise from the industry could have helped to ensure that these calculations are practical and comprehensive. The technical justification seems remarkably weak, given the impact these rules could have. For example, the current definition of “relevant business” for these calculations focuses on traditional network and service provision, but modern telecoms companies often have diverse revenue streams. There is no clear provision for new business models or technologies. How will we handle integrated service providers? What about international revenues? The treatment of associated services needs clarification.
Thirdly, the implementation sequence is an issue. We are being asked to approve penalty calculations before seeing the enforcement guidelines. There is no impact assessment, so we cannot evaluate potential consequences. I understand that the post-implementation review is not scheduled until 2026, and there is no clear mechanism for adjusting the framework if problems emerge. The interaction with the existing penalty regime needs clarification.
There are also technical concerns that need some attention. The switch from “notified provider” to “person” in the 2003 order, as a result of this SI, needs rather more explanation. The calculation method for continuing breaches is not fully detailed, there is no specific provision for group companies or complex corporate structures and the treatment of joint ventures and partnerships remains unclear.
Finally, I hope that, in broad terms, the Minister can give us an update on progress on the removal of equipment covered by the Telecommunications (Security) Act 2021. That was mandated by the Act; I know it is under way but it is not yet complete.
This is about not merely technical calculations but creating an effective deterrent to the telecoms industry, while ensuring fair and practical enforcement of important security measures. Getting these rules right is essential for both national security and our telecoms sector. I look forward to the Minister’s response on these points.
Viscount Camrose (Con)
My Lords, I thank the Minister for bringing this important SI forward today and for setting it out so clearly and briefly. I also thank the noble Lord, Lord Clement-Jones. He made a range of interesting points: in particular, the point on timing was well made, and I look forward to hearing the Minister’s answers on that. This instrument seeks to implement provisions relating to the enforcement of designated vendor directions—DVDs—which form part of the broader framework established under the Telecommunications (Security) Act 2021. That Act, introduced under the previous Government, was designed to strengthen the security and resilience of the UK’s telecommunications networks, particularly in response to emerging national security risks.
We all know only too well that one of the most prominent issues at the forefront of this framework has been the removal of high-risk vendors, such as Huawei, from UK telecommunications infrastructure. Huawei’s involvement in the UK’s 5G rollout has long been a point of debate, with growing concerns about national security risks tied to its equipment. This SI therefore provides a mechanism for enforcing the penalties that may be applied to public communications providers —PCPs—that fail to comply with the DVDs to ensure that the UK’s telecommunications infrastructure remains secure from undue foreign influence.
The primary change introduced by this SI is the formalisation of the penalties regime for public communications providers that fail to comply with the conditions outlined in DVDs. It establishes a framework for calculating and enforcing penalties that may be imposed by the Secretary of State. The Secretary of State retains discretion in imposing penalties, but they must be applied in a proportionate manner. In considering penalties, the severity of the breach, the culpability of the provider and the broader implications for the sector must all be taken into account. The aim is to ensure compliance with DVDs while protecting the integrity of the UK’s national infrastructure.
However, while the objectives of this instrument are understood, this debate offers a good opportunity to scrutinise some of the specifics a little, particularly with regard to the proportionality of penalties and the potential economic consequences for the sector. It is with that in mind that I shall raise questions in just three areas regarding the provisions set out in this instrument.
First, the SI grants the Secretary of State significant discretion in the imposition of penalties. Of course, we recognise the value of flexibility here, but there is legitimate concern that this discretion may result in inconsistent enforcement across different public communications providers. Can the Minister assure us that transparency and accountability will be maintained throughout this process? How will the Government ensure that the application of penalties is fair and consistent, particularly when considering the varying size and scope of telecoms providers?
Further to this, can the Minister clarify how the penalties will be calculated? I echo the questions asked by the noble Lord, Lord Clement-Jones, particularly in cases where a breach does not pose an immediate or severe national security threat. Do the Government anticipate that penalties will be tiered with lesser fines for breaches that do not substantially compromise national security? Can the Minister further explain how such decisions will be communicated to the public and to industry to ensure transparency?
Secondly, providers are required to remove Huawei equipment from the UK’s 5G networks by 2027. This is, of course, a significant and costly task for telecom providers. Given these financial challenges, will the penalties for non-compliance take into account the costs already incurred by providers in replacing Huawei’s technology? Will the penalties be adjusted to reflect the substantial financial burden that these providers are already facing in removing Huawei equipment from their networks? Thirdly, where PCPs have been issued with a DVD, this can be a long and demanding process. How are the Government going to keep track of progress? What progress reports can be shared with Parliament and the public?
Lord Clement-Jones (LD)
Is the Minister confident that the 2027 deadline will be met; that no vendor, purchaser or telecoms company will be caught by the Act; that no fines will be levied; and that what we are talking about today is, therefore, entirely theoretical?
Viscount Camrose (Con)
While the Minister is working on her answer, perhaps she could include in that something about how progress against the delivery of these objectives will be reported to Parliament, potentially —and, indeed, to the public.