The Committee consisted of the following Members:
Chair: Mark Pritchard
† Barclay, Stephen (Lord Commissioner of Her Majesty's Treasury)
† Bingham, Andrew (High Peak) (Con)
† Brown, Alan (Kilmarnock and Loudoun) (SNP)
† Debbonaire, Thangam (Bristol West) (Lab)
Johnson, Diana (Kingston upon Hull North) (Lab)
† Kendall, Liz (Leicester West) (Lab)
Lammy, Mr David (Tottenham) (Lab)
† Mann, Scott (North Cornwall) (Con)
† Morton, Wendy (Aldridge-Brownhills) (Con)
† Norman, Jesse (Parliamentary Under-Secretary of State for Business, Energy and Industrial Strategy)
† Prisk, Mr Mark (Hertford and Stortford) (Con)
† Quince, Will (Colchester) (Con)
Reeves, Rachel (Leeds West) (Lab)
† Swayne, Sir Desmond (New Forest West) (Con)
† Thompson, Owen (Midlothian) (SNP)
† Throup, Maggie (Erewash) (Con)
† Tracey, Craig (North Warwickshire) (Con)
† Whitehead, Dr Alan (Southampton, Test) (Lab)
Marek Kubala, Committee Clerk
† attended the Committee
Fourth Delegated Legislation Committee
Tuesday 21 February 2017
[Mark Pritchard in the Chair]
Draft Nuclear Industries Security (Amendment) Regulations 2017
I beg to move,
That the Committee has considered the draft Nuclear Industries Security (Amendment) Regulations 2017.
It is a delight, Mr Pritchard, to serve under your chairmanship.
I will give some background information on the draft regulations and explain why we are making the amendments. The UK takes civil nuclear security issues seriously, including with regard to regulation. Since 1980, this country has been a signatory to the convention on the physical protection of nuclear material, or CPPNM. The convention requires its signatories to have in place a robust legislative and regulatory regime to ensure the security of civil nuclear materials that are stored or in transit. The UK also complies with international guidance on best practice in the field produced by international bodies, in particular the International Atomic Energy Agency.
The Nuclear Industries Security Regulations 2003 represent the cornerstone of the United Kingdom’s regulatory regime for civil nuclear security. They place significant obligations on the operators of civil licensed nuclear sites with regard both to physical security measures for their facilities for nuclear material and to the security of sensitive nuclear information. They also cover the movement of nuclear material by air, road and rail within the UK and globally in UK-flagged vessels. The legislation requires all civil nuclear operators to produce and implement robust nuclear site security plans and it requires the transporters of nuclear materials to produce transport security statements.
The draft amendments being considered in Committee will update the regulations in four key areas. The overarching aim is to enhance still further civil nuclear security arrangements and to ensure that the United Kingdom’s regulatory regime remains up to date, comprehensive and robust. That will help to ensure that this country continues to give full effect to its obligations under the CPPNM. The amendments will increase accountability for producing nuclear site security plans, strengthen information and cyber-security arrangements, and better reflect the remit of the Office for Nuclear Regulation in the area of personnel security. I will provide further detail on each amendment.
The first amendment is to regulation 4(1) of the 2003 regulations. It will require that a nuclear site security plan approved by the ONR is in place for each nuclear site. At present, the security regulations do not specify on whom that obligation is placed. The amendment will make it the responsibility of the designated responsible person for the nuclear site, as defined in the security regulations, to ensure that an approved security plan is in place at all times. In tandem, a related amendment to regulation 25 will make it a criminal offence for the responsible person to fail to meet the obligations under regulation 4(1) as amended. The creation of such an offence underlines the security imperative placed by the Government on nuclear operators to maintain up-to-date security plans that have the approval of the independent regulator.
In combination, those amendments will add clarity to the regulatory regime by making the responsible person accountable for ensuring that the site has approved nuclear security measures in place at all times. I should add that the implications of creating a new criminal offence have been fully considered and the Ministry of Justice has approved the measure.
We will also amend regulations 4(3)(d) and 16(3)(c). Those amendments are aimed at further enhancing industry information security and preparedness for cyber-related incidents. The amendments will make it a requirement for nuclear site security plans and transport security statements to set out the steps to be taken in the event of the loss, theft or unauthorised access to sensitive nuclear information. Requiring duty holders to outline those contingencies will help to ensure that risks associated with information security and cyber-attacks are identified as early as possible and managed effectively using measures approved by the ONR.
We are also making amendments to regulations 9, 17(3) and 22(7), which relate to personnel security. Ensuring robust measures are in place to combat the potential threat that insiders pose or may pose to the civil nuclear industry is a key priority for the Government and the regulator. The amendments are intended to provide the ONR with greater flexibility for determining whether nuclear premises’ “relevant personnel” are suitable in security terms. Instead of solely approving all such relevant personnel itself, the ONR will be able to assess and approve the industry’s broader personnel security arrangements—for example, by examining the effectiveness of review and aftercare arrangements for personnel working in the sector.
The amendments will also allow the ONR to approve processes to be used by duty holders to determine whether relevant personnel are suitable in security terms. That will involve consideration by the ONR of whether the measures used by duty holders are in accordance with Her Majesty’s Government’s personnel security policy or not. We are also making an amendment to regulation 22(5)(a) to remove a reference to guidance published by the ONR or security classifications that have become obsolete.
The amendments have been developed in consultation with the Office for Nuclear Regulation, and the Department for Business, Energy and Industrial Strategy conducted an industry consultation on them between 24 June and 22 July 2016. In total, 19 responses to that consultation were received from a range of industry stakeholders. On the basis of those responses, economists at the Department have forecast one-off administrative costs to the civil nuclear industry of less than £100,000 arising from the changes. That assessment has been approved by the regulatory policy committee. I consider the security benefits arising from the changes to outweigh that cost by far.
In parallel with the amendments, the ONR intends to issue revised security guidelines to the civil nuclear industry. These guidelines, known as the Security Assessment Principles—SyAPS—are closely aligned to emerging threats to nuclear security, especially in relation to cyber-security and information assurance. The amendments I have outlined will complement the revised guidelines.
It is a pleasure to serve under your chairmanship, Mr Pritchard. I will make some brief comments. In general, we support any sensible measures that are aimed at improving nuclear safety. The Minister clarified responsibilities, security checks on personnel and extra cyber-security, which make sense and which we welcome.
However, I suggest to the Minister that there is still a gap in the Government’s strategic thinking regarding nuclear power. The Government are moving forward with a new nuclear strategy—we know about their determination to get Hinkley Point C through—yet at the same time, with Brexit, we are facing withdrawal from Euratom. There seems to be a lack of joined-up thinking and of clear strategy in the wider sense. Will the Minister comment on that? The withdrawal from Euratom was only mentioned in the explanatory notes to the European Union (Withdrawal) Bill, which seemed to catch a lot of people on the hop; the Nuclear Industry Association wants to remain in Euratom.
What impact will the Government’s negotiations with other countries such as the US, Canada and Japan have on the regulations and the Government’s wider thinking on nuclear safety? That is also why the Scottish National party called for a White Paper to be published before the triggering of article 50, and why we want an impact assessment on EU withdrawal to be produced. Although we welcome the initial measures that tidy up the legislation, we are looking for some comfort on wider nuclear safety and how the Government will proceed with regard to Brexit.
The Opposition do not have any serious concerns about the measure. It is composed of sensible changes to procedures, which it undertakes on the basis of existing safety regulations. Indeed, it is part of a series of amendments that have been made to those safety regulations since their introduction in 2003. It brings the regulations into line with the new arrangements for security guidance that are coming out in the spring. It is my understanding that the introduction of the regulations is entirely in line with previous practice and not in response to any particular emergency, shortcoming or other factor that might cause rushed legislation to be put in place. They are also entirely in line with the safety guidance as it stands and how it is developing.
A minor question arises on the change to regulation 4 of the 2003 regulations. It appears to suggest that there has been a responsible person and an approved security plan for nuclear premises in place in previous safety regulations, but that there was no connection between the two. The amendment also appears to suggest that there should be a connection:
“The responsible person must ensure that there is an approved security plan in place”.
That puts the blame on the responsible person, as it were, if an approved security plan is not in place. If that is not the case, what happens currently? Is there a serious lacuna in approved security plans—that is, no one is actually responsible for them, and the instrument makes someone responsible for them—or does the instrument merely give legal weight to a practice that is widespread in nuclear safety? Perhaps the Minister will be able to assure me that that is the case. I hope it is, and that the regulation is not filling a hole, but is bringing into law something that is widespread, as security regulations stand at the moment.
May I also ask the Minister where we stand, so far as the regulations are concerned, amended or not, in relation to the treaty from which they stem? The convention on the physical protection of nuclear material is an international convention that puts common practice into place across a wide number of countries. The convention, which was signed up to at the beginning of 1980, is a multilateral convention and an indefinite treaty, and the UK is one of its contracting parties.
On 3 March 1980, Euratom signed up to the convention, apparently on behalf of the contracting parties within Euratom. If we trace the chain back from where we are today, in terms of amendments to the regulations, the relationship of the regulations to the convention and the signing the convention, it appears to be the case that all of this might fall down if we are not a member of Euratom. Can the Minister reassure me that I am not correct on the signing of the convention: it was actually signed up to separately by the contracting parties and that Euratom, although it may have signed the convention, had no relationship to those contracting parties?
Alternatively, if the convention was signed up to by Euratom on behalf of the contracting parties in Europe, what is his view of the salience of the regulations if we were not a member of Euratom? Will we have to go back to the drawing board, write them all out again and start again on nuclear safety? Or would we find other devices in order to recover what we had lost by not being a member of Euratom?
I am grateful for the questions that have been asked so far. I thank the hon. Members for Kilmarnock and Loudoun (Alan Brown) and for Southampton, Test (Dr Whitehead) for their helpful and supportive comments. I am grateful for their support for the amendments. Their overarching aim is to further enhance, as the hon. Gentlemen recognise, civil nuclear security by ensuring that the UK's regulatory regime remains up to date, comprehensive and robust. As I have outlined, they will strengthen accountability at civil nuclear sites for the production and maintenance of security plans that have the approval of the Office for Nuclear Regulation; improve the civil nuclear industry’s information security and preparedness for cyber-related incidents; and provide the ONR with greater flexibility in determining whether “relevant personnel” are suitable in security terms, to help ensure that robust measures are in place to combat the potential threat that insiders pose to the civil nuclear industry. The changes, as I hope colleagues agree, will reinforce the regulatory regime for civil nuclear security and help to ensure that the UK continues to give effect to its international obligations under the convention.
May I comment on all the issues that were raised? Our nuclear security will not be affected at all by the decision to leave Euratom, which does not have a role in setting security standards, regulation or inspection of UK civil nuclear security arrangements. As for the wider impact, the UK complies with its obligations and follows international best practice, as I have described with regard to the convention on the physical protection of nuclear material, and on a continuing basis through the membership of the International Atomic Energy Agency. These are not Euratom institutions or constructs, and are not affected by the UK’s decision to leave Euratom. We are separate signatories to the convention, in response to the question raised by the shadow Minister, so we are not affected by the decision to leave Euratom. As the Committee will know, we are very much persuaded of the importance of Euratom, and wish to continue to have the closest possible relationship with it and its members after Brexit.
To respond to the other questions asked by the shadow Minister, the regulations are, as he suggested, part of a continuing process of reform and improvement, and were not introduced in response to any specific emergency or concern. They are in line with safety guidance that has been issued. As for regulation 4, it was not previous practice that no one should be responsible, but it has not been a guaranteed process of responsibility tied to individuals. The regulation cleans up that potential gap—different sites have different practices, and part of the purpose of the regulations is to raise the bar for all of them so that a common security standard is applied in each case. From that point of view, the hon. Gentleman should not, as he suggested, have any concerns. I therefore commend these regulations to the Committee.
Question put and agreed to.