Skip to main content

Product Security and Telecommunications Infrastructure Bill

Volume 823: debated on Tuesday 21 June 2022

Committee (1st Day) (Continued)

Amendment 14

Moved by

14: After Clause 25, insert the following new Clause—

“Amendments to consumer protection legislation

(1) In section 9(3) of the Consumer Rights Act 2015 (goods to be of satisfactory quality), after paragraph (e) insert—“(f) compliance with security requirements.”(2) In Schedule 2 to the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (S.I. 2013/3134), after paragraph (x) insert—“(y) where applicable, confirmation of compliance with all security requirements as set out in regulations made under section 1 of the Product Security and Telecommunications Infrastructure Act 2022.”(3) In section 2(2) of the Consumer Protection Act 1987 (liability for defective products), after paragraph (c) insert—“(d) in relation to a relevant connectable product within the meaning of Part 1 of the Product Security and Telecommunications Infrastructure Act 2022, any person who is a distributor of the product within the meaning of that Act.””Member’s explanatory statement

This amendment would clarify the relationship between proposed provisions in this Bill and those already in law under the Consumer Rights Act 2015 and other consumer legislation. This would include defining a security issue as a fault for the purposes of consumer law and ensuring the liability for a defective connectable product is properly defined.

My Lords, this group contains two amendments that have been tabled by my noble friend Lord Clement-Jones, and I rise to move Amendment 14 and to speak to Amendment 14A on his behalf and my own. These are probing amendments to understand consumer law with this and other legislation.

It seems that the Government’s intention is that consumers will be entitled to redress under the Consumer Rights Act 2015 for breaches of the product security requirements in Part 1 of this Bill and the requirements of related future secondary legislation where breaches amount to a product not being of satisfactory quality as described or fit for purpose. However, for clarity, this will require the specific inclusion in this Bill of amendments to the CRA and other related consumer legislation. So I ask the Minister to clarify how redress will work in practice. As Which? has strongly urged in relation to the current consultation on reform of consumer law generally, collective redress should also be available for groups of consumers that have suffered breaches of the CRA relating to product security.

To help your Lordships, let us look at a typical scenario where the consumer reads a report about a security issue with a product that they own and considers it insecure and hence faulty. They try to take the product back to the retailer as redress, as per CRA 2015 rights, but under the CRA, after the first six months of ownership, the burden falls on them to prove that the fault was not of their making. It is unclear what burden of proof would be required at this stage for the consumer to get redress for security faults as described in this Bill.

The CRA places the primary obligation on retailers—as “traders” concluding contracts with consumers—not manufacturers, to remedy products found to be in breach. Due to the unique nature of security faults, it is currently unclear whether a retailer would have the ability to verify reports of faults to facilitate effective redress. Experience has shown that it has been hard when reporting security issues to retailers, and that can often result in pushback. There is a risk that the consumer will find it very hard to enact their CRA rights in practice to get redress on insecure products. In that regard, proper legal guidance for what classifies a security fault is absolutely vital for redress to work effectively.

At present, it is unclear how security updates—and hence a commitment to fix security faults that occur with smart products—interact with the CRA 2015. For example, a manufacturer could claim that it will provide four years of updates on a product at the point of sale but then renege on that; perhaps because it has gone out of business or some such reason. The product then develops a security fault that the manufacturer will not fix. It is unclear what the consumer rights would be in this scenario.

Moreover, it is unclear if the Bill effectively waters down consumer rights under the CRA. If the manufacturer claims that it will give four years of support in which it will fix security faults, how does this impact on a claim that a consumer may have under the CRA to have faults addressed—which they may be able to bring for up to six years from when they purchased the goods? If the Government are not willing to mandate minimum support periods for at least six years, this could become a commonplace problem to consumers seeking redress. The Bill must make it clear how it interacts with the CRA 2015 and associated consumer legislation in a way that gives maximum protection to consumers and does not water it down.

Finally, under the CRA 2015, after the first six months of ownership, the burden falls on the consumer to prove that a fault was not of their making. Consideration should be given to extending this period and making it easier for consumers to obtain redress for insecure products. The 2019 EU sale of goods directive has extended the burden of proof in EU member states to one year—extendable to two years by member states—from delivery of the goods. For goods with digital elements supplied on a continuous basis, the burden of proof for conformity is on the seller in relation to any non-conformity that becomes apparent during a minimum of two years, or the period of supply where longer than two years, effectively providing a minimum of two years of security support. The directive also has specific provisions requiring sellers to keep consumers informed about and supplied with updates, including security updates. Similar protections should be introduced for UK consumers.

So there is a whole heap of issues here, and these two amendments try to get some clarity. Amendment 14 seeks to clarify the relationship between the provisions proposed in the Bill and those already in law under the Consumer Rights Act 2015 and other consumer legislation. This would include defining a security issue as a fault for the purposes of consumer law and ensuring that the liability for a defective connectable product is properly defined. Amendment 14A would ensure that the provisions of the Bill will not conflict with any existing legal rights regarding the enforcement of consumer law, ensuring that redress for defective connectable products can be sought by individual consumers, as opposed to solely leaving the redress procedure to the designated enforcement body to ensure compliance.

We await detailed exposition on all this, either now or in a letter from the Minister. I beg to move.

My Lords, I am grateful to the noble Lords, Lord Clement-Jones and Lord Fox, for tabling these amendments, which seek to clarify how the new measures in the Bill will interact with existing consumer legislation. In a practical sense, they are about how comfort can be given to the consumer and redress made available where necessary.

We in your Lordships’ House know that consumers have had to fight hard over many years to secure important statutory protections, including rights of redress when products do not live up to the standards that people rightly expect of them. I say to the Minister that the new measures in the Bill are certainly welcome and will improve certain aspects of the consumer experience, but it is also right to probe how this new regulatory regime interacts with consumer rights and protections enshrined elsewhere.

I feel that Amendment 14 seeks to update the state of play to refer to compliance with security requirements, but that needs to be an area where consumer protection is enshrined in legislation. To me, it goes with the sweep of the Bill, which is to bring us into today’s world and able to cope with the new and constantly evolving situation. Amendment 14A is also interesting, in that it seeks to maintain the right of individual consumers to seek redress in relation to defective connectable products rather than leaving these matters to a particular enforcement body or to collective legal action.

We would appreciate it if the Minister could clarify some of these matters in the Bill itself. If that does not prove possible, this is another area where we would very much like rather more information to be made available by the department so that we can seek to protect the rights and interests of consumers.

I am grateful to the noble Lord and the noble Baroness for probing through Amendments 14 and 14A as tabled by the noble Lords, Lord Clement-Jones and Lord Fox. The amendments seek respectively to amend consumer protection legislation and clarify the relationship between this Bill and consumer protection legislation.

The Consumer Rights Act 2015 requires goods and services to be of a satisfactory quality, and the Consumer Protection Act 1987 imposes liability for defective products. Breaches of this Bill that meet the criteria of these Acts already entitle consumers to the protections they provide. This Bill focuses on the supply chain and what it needs to do to protect and enhance the security of products and their users. The security requirements will relate to processes and services, not just to the hardware of a product as the product safety framework does. It is not appropriate to retrofit the security requirements of this Bill’s regime into the existing framework of consumer protection legislation, which was generally designed to ensure that consumers have rights when products are unsafe—although, as I said, I appreciate the probing nature of these amendments.

Some security requirements will require ongoing action from manufacturers after they make a product available. It would be inappropriate to require traders to confirm one-off compliance with such requirements before contracts become binding. I acknowledge that existing consumer rights legislation will not always enable consumers to seek redress for breaches of the security requirements. I reassure noble Lords that this is not a gap. The evolving technological landscape means that the threats to consumers change, and we need flexibility to protect and compensate customers where that is necessary. The Bill, together with existing consumer rights legislation, already offers this.

Ultimately, this Bill mandates clear duties on the entire supply chain to ensure that products are more secure and that consumers are better protected. There are also robust enforcement powers to ensure that these duties are upheld. The point of the Bill is for the onus not to be on consumers to ensure that the security requirements are complied with. The enforcer will do this and, where appropriate, can recall products and provide compensation to customers, but the noble Lord and the noble Baroness both kindly suggested that I add this to the issues on which I will write ahead of Report. I am very happy to do so and to provide further detail in response to the probing—

The Minister said earlier that the whole point of the Consumer Rights Act was about unsafe goods. I think that he means “unsafe” as referring to physical harm. Actually, a major security breach could render serious physical harm to someone because having all their money removed from their bank account could affect their mental state and result in the breakdown of their marriage, suicide, failure of business, all sorts of things. Therefore, it may have just as damaging physical effects on someone, though not immediately apparent. Although they are different they are equally unsafe, so this has more merit than he is suggesting.

At the risk of a philosophical debate on the nature of security versus safety, I accept some of the points that the noble Earl makes. There are distinct differences between our approach to product security and existing product safety as set out in consumer legislation, but I will address myself to that philosophical point in the letter, if I may. For now, I ask the noble Lord to withdraw Amendment 14.

I hope that the Minister will take some time to read my speech in Hansard and address the issues that I have raised, because there are some specific points that have not been touched.

A lot of this has come from Which? whom I thank for its help. Which? is an extraordinarily experienced organisation, with some of the country’s most experienced consumer lawyers dealing with the sharp end of customer consumer problems. The fact that it has gone to the trouble of raising these issues should raise a red flag. It is not doing it out of mischief or political intrigue, but because it cares about the future of consumers. For that reason, the department needs to take this seriously.

If the Minister requires a meeting with Which? I am sure that I, the noble Lord, Lord Bassam, or the noble Baroness, Lady Merron, will be very happy to broker one. We could then go through some of these consumer issues. This is an organisation dedicated to protecting the needs of consumers. It has gone to the trouble of flagging up this and several other issues. For that reason, for the future of this Bill, it would be very sensible to take Which? seriously.

That said, I beg leave to withdraw Amendment 14.

Amendment 14 withdrawn.

Amendment 14A not moved.

Clause 26 agreed.

Clause 27: Delegation of enforcement functions

Amendment 15 not moved.

Clause 27 agreed.

Clauses 28 to 49 agreed.

Amendment 16

Moved by

16: After Clause 49, insert the following new Clause—

“Offences under the Computer Misuse Act 1990: defence

Notwithstanding anything contained in the Computer Misuse Act 1990, it is not an offence for a person (“A”) to test the conformity of a relevant connectable product with all or any of the security requirements, without consent of the person entitled to control access to the product (“B”), where—(a) A reasonably believes that B would have consented to that testing if B had known about the the circumstances of it, including the reasons for performing it,(d) A is empowered by an enactment, a rule of law, or an order of a court or tribunal, to carry out the test, or(c) the test was necessary for the detection of crime.”

My Lords, Amendment 16 proposes a statutory defence for ethical hackers. I am grateful to the noble Lord, Lord Clement-Jones, and to the CyberUp campaign, for their help. Again, I declare my interests as chairman of the Information Assurance Advisory Council, chairman of the Thales UK advisory panel and chairman of Electricity Resilience Limited.

The Computer Misuse Act 1990 criminalised unauthorised access to computer systems. The methods used by cybercriminals and cybersecurity professionals are often identical, which is one of the things that makes the drafting of this amendment rather problematic. Usually, criminals do not have permission for what they do, and cybersecurity professionals do, but I am told by the CyberUp campaign that there are occasions on which that permission is difficult or impossible for a cybersecurity professional to get.

At Second Reading, I cited the case of Rob Dyke, who has been through a legal tussle with the Apperta Foundation, which has since been in touch with me to put its side of the story. It is clear that it feels strongly that it was right to pursue Mr Dyke until he gave undertakings that allowed it to drop its litigation. I do not know the rights and wrongs of that, but the Apperta Foundation supports the principles put forward by CyberUp for a legal defence for offences under the Computer Misuse Act.

In any event, the Government are carrying out a review into the 1990 Act. CyberUp’s submission to it sets out that many in the cybersecurity profession do not know whether what they are doing is legal. This is because legislation in 1990 came in before much of what now happens with computers had been thought of—so it inevitably created ambiguities. In the 1990 Act, no consideration was given—I remember because I was there—to web scraping, port scanning or malware denotation, and people are not sure that they are legal. Some of us are not sure quite what they are.

This is why there needs to be certainty for cybersecurity researchers; they need to be able to do things for the public good. We cannot rely on the National Cyber Security Centre for everything, because even the Government cannot keep up with the speed of technological development, as has been mentioned. The CyberUp campaign recognises that legislation also cannot keep up with the speed of change, so it has helped with drafting this amendment not with a view to seeing it enacted—my noble friend will resist it for a number of good reasons—but with a view to eliciting from the Government a statement about how they are getting on with this aspect of the review of the Computer Misuse Act.

One suggestion that the CyberUp campaign makes is that

“legislation to mandate the courts to ‘have regard to’ Home Office or Department for Digital, Culture, Media and Sport … guidance on applying a statutory defence that would, ideally, be based on the framework”

of principles. This includes, first, the prospective benefits of the Act outweighing the prospective harms; secondly, reasonable steps being undertaken to minimise the “risks of causing harm”; thirdly, the actor demonstrably acting “in good faith”; and fourthly, the actor being “able to demonstrate … competence”. Here we may come back to the standards/principle discussion that we had on the first group.

So I expect my noble friend to reject this amendment, but I should be grateful if he could say where the Government’s thinking on the matter is.

My Lords, I speak in support of this amendment. My noble friend has just said that he doubts that the Government will adopt it, but, like him, I want to know where their thinking has got to.

The Computer Misuse Act is one of the first bits of legislation passed in the cyber era. It is old and out of date, and it is fair to say that it contains actively unhelpful provisions that place in legal jeopardy researchers who are doing work that is beneficial to cybersecurity. That is not a desirable piece of legislation to have on the statute book.

Last year, before the consultation that closed over a year ago, I corresponded with my noble friend Lady Williams. The common-sense reading of her reply was that the Home Office was quite aware that the Computer Misuse Act needed updating. I confess that I am a bit disappointed that, a year after the consultation closed, there still has not been a peep from the Government on this subject—either a draft or a statement of intention. It would be good to know where the Government are going, because it is quite damaging for this legislation as it stands to remain on the statute book: it needs modernisation.

Like my noble friend, I recognise that actually getting the drafting right is tricky and complex. Drafting language that strikes the right balance is not all that easy. But inability to find an ideal outcome is not a good reason for doing nothing, so I live in expectation, because the best must not be the enemy of the good. If the Government do not intend to produce legislation that updates that Act, I should like to see something in this legislation, taking advantage of it, at least to move the dial forward and protect ethical hackers to a greater extent than is the case at the moment.

If the Government are concerned about our drafting, I am sure we would be willing to listen to suggestions on a better formulation. In the absence of that, perhaps the Minister will say when and how the Government intend actually to modify a piece of legislation that has served its time and now needs to be superseded.

My Lords, very quickly, I remember well during the passage of the Computer Misuse Act and the Police and Justice Act 2006 trying to tidy up language about hacking tools and so on. It became very complicated and no one could quite work out how to do it, because the same thing could be used by baddies to do one thing and by good people to help maintain systems, et cetera. In the end, I think it went into the Act and they just said, “Well, we won’t prosecute the good guys”. Everyone felt that was a little inadequate. I do not know quite what we are going to do about it but it needs to be looked at. Therefore, this is a good start and I would welcome some discussion around it, because we need something in law to protect the good people as well as to catch the criminals.

My Lords, this amendment is countersigned by my noble friend Lord Clement-Jones. I know he will be very disappointed not to be able to speak to this, because it is an issue he feels particularly strongly about, as do I. Also in their absence are the auras of the noble Lords, Lord Vaizey and Lord Holmes, who spoke at Second Reading on this issue—it is a shame they are not here, but I think they have been ably replaced by the noble Baroness, Lady Neville-Jones, and the noble Earl, in their speeches. I will try not to duplicate the points that have been made by the three speakers before me. At the heart of this, as the noble Baroness confirmed, is the need to address the UK’s outdated Computer Misuse Act to create fit-for-purpose cybercrime legislation to protect national security. Clearly, that is not easy, as she pointed out, but that does not mean we should not do it at some point.

The Computer Misuse Act, as we know, was created to criminalise unauthorised access to computer systems or illegal hacking. It entered into force in 1990, before the cybersecurity industry as we know it today had really developed in the UK. Now, 32 years later, many modern cybersecurity practices involve actions for which explicit authorisation is difficult, if not impossible, to obtain. As a result, the Computer Misuse Act now criminalises at least some of the cybervulnerability and threat intelligence research and investigation that UK-based cybersecurity professionals in the private and academic sectors are capable of carrying out. This creates a perverse situation where the cybersecurity professionals, acting in the public interest to prevent and detect crime, are held back by the legislation that seeks to protect the computer systems: it is an anomaly.

As noble Lords will know, under the guidance that will be introduced following the passage of the Bill, manufacturers of consumer-connectable products will be required to provide a public point of contact to report vulnerabilities. This could be an important step forward in ensuring that vulnerability disclosures by cybersecurity researchers are encouraged, leading to improved cyber resilience across these technologies, systems and devices.

Indeed, the government response to the consultation on these proposals mentioned the importance of legal certainty for security researchers in the context of vulnerability disclosure. However, if the Government recognise and encourage greater vulnerability reporting as an important part of the cyber resilience—that is what they seem to be saying—they should go further by reforming the Computer Misuse Act and putting into law a basis from which cybersecurity researchers can defend themselves in doing what the Government have bid them to do: reporting vulnerabilities. On the one hand, the Government are creating a responsibility; on the other, because of the existing legislation, this remains potentially illegal.

It is not in the scope of this Bill to amend the Computer Misuse Act and provide a more comprehensive defence under it, so this amendment is the next best opportunity. Instead, it seeks a more limited goal: to ensure that cybersecurity professionals, who act in the public interest in relation to testing relevant connectable products, can defend themselves from prosecution by the state and from unjust civil litigation—and would do so by inserting this new clause. I stress that, because of the public interest aspect in the context, it is surely of great importance that these products can be tested in good faith without securing the consent of the product manufacturer or distributor in every case. Without this or a wider Computer Misuse Act defence, the impact of the security requirements in the Bill will be far too weak and will essentially depend on manufacturers and distributors marking their own homework.

We support this amendment and look forward to the Minister explaining how the important words of Her Majesty’s Government on reporting vulnerabilities can be carried out without a measure such as this on the statute book.

No, I give credit where it is due. I congratulate the noble Lord, Lord Arbuthnot, on his amendment because the issues that he raised and the questions posed by the noble Lord, Lord Fox, in particular, are legitimate ones.

Although this is not the place to amend or change the Computer Misuse Act 1990, as the noble Lord, Lord Fox, said, it certainly is the place to raise concerns. After all, we are talking about product security and safety. It is vital that we have appropriate safeguards in place to prevent and, if need be, punish cyberattacks and other forms of hostile behaviour online.

However, as we seek to make smart devices safer, clearly there is a role for researchers and others to play in identifying and reporting on security flaws. They need to be able to do this within the safe zone of concern, knowing that they are not themselves going to be captured by those who are responsible for cybersecurity. As I understand it, exemptions exist in similar legislation to ensure that academics and other legitimately interested parties can access material relating to topics such as terrorism. The amendment before us today raises the prospect of granting a similar exemption and defence in this particular field.

I am conscious that the noble Lord, Lord Fox, raised the spectre of auras in the form of the noble Lords, Lord Vaizey, Lord Clement-Jones and Lord Holmes of Richmond—as well as the intent of the noble Baroness, Lady Neville-Jones, who is of course very knowledgeable about the business of security and has had both professional and political responsibility in that field. However, I think that, when those auras and his own say that this is an issue of concern, we as the Official Opposition reflect that concern.

I hope that the noble Lord will engage with the noble Lord, Lord Arbuthnot, and others following Committee on this—I am sure he will—because it is a very important subject. A campaign backed by such an esteemed cross-party group of colleagues in the Committee and in another place cannot be entirely wrong. The Computer Misuse Act 1990 is the framework we have got, but it is right that it is reviewed and that something fresh is brought before us to protect us from cyberattacks in the future.

I am very grateful to my noble friend Lord Arbuthnot of Edrom for representing the other three signatories to this amendment. I was glad to meet him and the noble Lord, Lord Clement-Jones, to discuss this yesterday.

The role of security researchers in identifying and reporting vulnerabilities to manufacturers is vital for enhancing the security of connectable products. The good news is that many manufacturers already embrace this principle, but there are also some products on the market, often repackaged white label goods, where it is not always possible to identify the manufacturer or who has the wherewithal to fix a fault. The Bill will correct that.

As noble Lords have noted, there are legal complexities to navigate when conducting security research. The need to stop, pause and consider the law when doing research is no bad thing. The Government and industry agree that the cybersecurity profession needs to be better organised. We need professional standards to measure the competence and capabilities of security testers, as well as the other 15 cybersecurity specialisms. All of these specialists need to live by a code of professional ethics.

That is why we set up the UK Cyber Security Council last year as the new professional body for the sector. Now armed with a royal charter, the council is building the necessary professional framework and standards for the industry. Good cybersecurity research and security testing will operate in an environment where careful legal and regulatory considerations are built into the operating mode of the profession. We should be encouraging this rather than creating a route to allow people to sidestep these important issues.

As noble Lords have rightly noted, the issues here are complex, and any legislative changes to protect security researchers acting in good faith run the risk of preventing law enforcement agencies and prosecutors being able to take action against criminals and hostile state actors—the goodies and baddies as the noble Earl, Lord Erroll, referred to them. I know my noble friend’s amendment is to draw attention to this important issue. As drafted, it proposes not requiring persons to obtain consent to test systems where they believe that consent would be given. That conflicts with the provisions of the Computer Misuse Act, which requires authorisation to be given by the person entitled to control access. As the products that would be covered by this defence include products in use in people’s homes or offices, we believe that such authorisation is essential. The current provisions in the Computer Misuse Act make it clear that such access is illegal, and we should maintain that clarity to ensure that law enforcement agencies do not have to work with conflicting legislation.

The amendment would also limit the use of such a defence as testers would still be subject to the legal constraints that noble Lords have described when reporting any vulnerability that the Government have not banned through a security requirement. If a new attack vector was identified that was not catered for by the security requirements, the proposed defences would have no effect. The amendment would not protect those testing products outside the scope of this regime, from desktop computers to smart vehicles. If we consider there to be a case for action on this issue, the scope of that action should not be limited to the products that happen to be regulated through this Bill. None the less, the Government are listening to the concerns expressed by the CyberUp Campaign, which have been repeated and extended in this evening’s debate.

The Home Secretary announced a review of the Computer Misuse Act last year. As my noble friend noted, the Act dates back to 1990. I do not want to stress too much its antiquity as I am conscious that he served on the Bill Committee for it in another place. His insight into the debates that went into the Bill at the time and the changes that have taken place are well heard. The evidence which is being submitted to the review is being assessed and considered carefully by the Home Office. It is being actively worked on and the Home Office hopes to provide an update in the summer.

I hope, in that context, that noble Lords will agree that it would be inappropriate for us to pre-empt that work before the review is concluded and this complex issue is properly considered. With that, I hope my noble friend will be content to withdraw his amendment.

My Lords, I was six at the time. It has been a useful debate and I thank all those who have taken part. I am particularly grateful to my noble friend Lady Neville-Jones, who made it quite plain that we understand the problems in the way of the Government in legislating on this but we are getting impatient. With everything that is going on in the world, out-of-date cybersecurity legislation is becoming more dangerous day by day. That said, I beg leave to withdraw the amendment.

Amendment 16 withdrawn.

Clauses 50 to 57 agreed.

Amendment 17

Moved by

17: After Clause 57, insert the following new Clause—

“Rights in occupation

(1) The electronic communications code is amended as follows.(2) In paragraph 21 (test to be applied by the court), in sub-paragraph (4), at the end insert “the terms of any existing agreement, and any other method of statutory renewal available.””Member’s explanatory statement

This amendment seeks to ensure that any new agreements which are made with reference to Clause 57 of the Bill and using paragraph 20 of the Electronic Communications Code must have regard to the terms of the existing agreement to ensure continuity and fairness.

I know. I rise to move Amendment 17 in his name. I am grateful for the tuition that I have also had from the noble Earl, Lord Lytton—more about him shortly. Unfortunately, we are missing his huge expertise, but do not worry, I will be here to channel some of his thoughts.

This amendment seeks to ensure that any new agreements made with reference to Clause 57 and using paragraph 20 of the Electronic Communications Code must have regard to the terms of the existing agreement to ensure continuity and fairness. It aims to address outstanding concerns with the way rights are assigned when there are operators in occupation at a site. This is a complex issue and I am aware that the Minister and his colleagues at DCMS have been grappling with it as the Bill has been developed, but it is vital that the Government get this right.

The issue that the Government are trying to address was brought about by a confusion in the 2017 code. There have been some issues where operators have been prevented from getting the code rights they need to support their networks because they are already in occupation of the land and they cannot grant themselves rights.

The Government’s original consultation response and the first draft of the Bill tried to address this by changing the definition of “occupier” in the Bill. This was at Clause 57 in the original Bill. The stated policy intent made it clear that the change is intended only to address the issue that we have outlined and to ensure that when operators are in occupation of land they are able to obtain new code rights.

However, it was made clear to the Minister and his colleagues at DCMS that the original draft would in fact have much greater implications and would potentially allow operators to misuse Clause 57 as it was originally set out to modify or cancel agreements mid-term. This would be in the operators’ interest, since they could break a contract that had been agreed in good faith and move the new contract on to a new valuation basis under the 2017 “no scheme” provisions for consideration.

The Government tried to address this by removing the original draft of Clause 57 and replacing it with the new Clause 57 that we have before us today. Instead of changing the definition of “occupier” in the Electronic Communications Code, it creates a more specific code right to deal with the underlying problem.

However, despite this change, concerns remain that operators could still use the new Clause 57 in conjunction with paragraph 20 of the Electronic Communications Code to break existing contracts. Ministers tried to provide some reassurance that this is not the case in their presentation of the Government’s amendment in the House of Commons, but this simply does not create enough certainty within the industry, and it could cause unnecessary delays.

We know that this issue has been tested in the courts in the years that followed the 2017 reforms to the Electronic Communications Code. We have no reason to believe that the response from the industry will be any different this time, not least because there is so much commercially to play for—there is a lot of money on the table here. The best thing to do is to provide legal clarity.

This amendment is intended to remove the incentive for operators to use paragraph 20 of the Electronic Communications Code—the paragraph that details when a court can impose a code agreement—to break and reconstitute agreements on more favourable commercial terms where other methods are available to address pressing needs for narrow rights when in occupation under an existing contract. It would do this by ensuring that any court imposing a code agreement must have regard to the commercial terms of any existing agreement and to any other methods of statutory renewal available to the parties. I am aware that this is a complex problem, but it is one that we really have to get right. We would welcome the Minister’s urgent attention on this issue.

If noble Lords thought that got complicated, I am now going to channel the thoughts of the noble Earl, Lord Lytton. There is precedent for this: during the passage of the Commercial Rent (Coronavirus) Bill, the noble Earl was struck down with coronavirus—as was almost everybody else—so the House was left with me and the Minister, and I had the pleasure of channelling the noble Earl’s thoughts. I know of no one in your Lordships’ House who understands the valuation issue better. Therefore, I am going to reproduce what he sent me, because I think it is important to put it on the record at this point.

The noble Earl said that one important factor behind this amendment is the long-standing principle that where a business lease is protected under statute by the Landlord and Tenant Act 1954, its renewal is to be on substantially the same terms and based on the same principles as the existing lease. This follows because the LTA—as I will now call it—provides that the old lease does not end but is statutorily continued. The entitlement of a tenant to apply to a court for a new lease is based on this principle.

The 1983 decision in O’May v City of London Real Property Co. Ltd set out the criteria, namely that while a court has discretion as to new lease terms, the starting point is always the existing lease terms. After all, this is a renewal of an existing deal, not a completely new one. So, the decision put the onus on the party proposing the change in lease terms to justify the change, and further, that the change should be fair and reasonable as between the parties, usually meaning that any change should not materially alter the character of the commercial arrangement. The court may reach its decision depending on whether detriment will be suffered by the non-proposing party that cannot be compensated in monetary terms within the parameters of the lease. Outside this—and the decision of a court in any given instance may be difficult to predict—changes made have been a matter of voluntary negotiation. This amendment seeks to restate this in the telecoms code environment.

A material departure from this principle, however, would risk mischief not just in the telecoms sector but—in the opinion of the noble Earl—in the wider world of commercial property. So, the Minister’s response may be a test of whether this Government believe in free market principles, which to a very large extent underpin the market in and provision of business space, commercial freedom to contract, flexibility, investment and innovation, and ultimately employment and productivity—not to mention entitlement to one’s property assets under convention rights. I think the noble Earl is raising the stakes on this issue.

In every other walk of life, commercial contracts freely entered into are not subject to unilateral redefinition of the lease terms, leaving aside for one moment the question of rent. The contract is a package of terms, in which rent is but one factor. What is the scope, in the Government’s view, of this contractual redefinition under the code, as reinforced by the Bill?

Governments can, of course, turn long-held understandings on their head, as the Labour Administration in 1963—I am sure none of the Front Bench remembers—did with the residential security of tenure of rent control.

I say to the noble Lord, Lord Bassam, we are coming to the Landlord and Tenant Act 1954.

The residential security of rent control caused a seizing up of the private rented sector for the next 25 years. This is something that the Landlord and Tenant Act 1954 avoided doing in the business sector by providing security of tenure, but on market rental terms. The word of warning here from the noble Earl is that Government should be careful what they wish for and how they go about any significant transition in dealing with human sentiment against actuarial robotics, and be aware of whose voices they lend their ears to.

There are apparently three routes to lease renewal: the 1954 Act, which the noble Earl believes is effectively overwritten in some instances by the 2017 code revision; the immediate pre-2017 code for non-LTA leases; and the situation that pertains for agreements following the 2017 changes. This seems a recipe for confusion, and if the noble Earl is confused, where does that leave the rest of us?

There is a lot of detail in quite a short amendment, but this is an issue. I understand, and I think my noble friend Lord Clement-Jones and the noble Earl, Lord Lytton, understand, that there needs to be some clarity over which measures apply where, and whether the Government really want to sanction wholesale renegotiations of the nature that the noble Earl, Lord Lytton, has set out. I think that is a law of unintended consequence, and it will slow down the implementation of what we want to be implemented rather than allow it to happen more quickly.

My Lords, I would add that I completely trust my noble friend Lord Lytton on these affairs and issues. I have talked to him, particularly when discussing burying fibre and things like that, and he knows a lot about it.

My Lords, this is of course the first of a number of amendments that deal with Part 2 of the Bill. The amendment refers to telecoms infrastructure. This is far from the only debate that we will have on broad issues around property rights, operators, access to land and so on but, as a general point, it is worth restating our belief that this country needs access to better digital infrastructure. Our concern is that the Government have not been hitting their targets for the rollout of gigabyte-capable broadband. There have also been issues around the rollout of 5G technology. Although we want to see decent infrastructure, we also want to see fairness in the system, and that is what this amendment speaks to. It seeks to ensure a degree of continuity and fairness as new agreements are made to replace existing ones.

The principles cited by the noble Lord, Lord Fox, and in the amendments tabled by the noble Lord, Lord Clement-Jones, are reasonable. Again, they are principles that I am absolutely sure we will return to next week, as we have ever-more detailed discussions about rents, dispute resolution and so on.

As has been outlined in this debate, the court is not currently bound to consider the terms of an existing agreement. This feels like a significant oversight. Perhaps the Minister can inform us about what actually happens in practice and what will happen in practice. Both operators and landowners have, or should have, certain rights and responsibilities within this process. I look forward to the Minister’s response to Amendment 17 and to moving some of our own amendments during day two of Committee.

As the noble Baroness says, this begins to anticipate some issues to which I know we will return on the second day of Committee, but it is useful to begin them tonight.

Amendment 17 seeks to insert a new clause after Clause 57 of the Bill. Its purpose is to add an extra element to the test at paragraph 21 of the code, where an operator enters into a new agreement because of the provisions in Clause 57. This is likely to be in circumstances where an operator in occupation of the land on which its apparatus is installed has an existing agreement but wishes to seek an additional code right. The code currently provides that operators in exclusive occupation of land are unable to obtain additional code rights until their existing agreement is about to end or has ended. This is because the code currently provides that only an occupier can grant code rights, and the operator clearly cannot enter into an agreement with itself.

Clause 57 remedies this position and allows an operator to obtain code rights where it is in exclusive occupation of the land. The test at paragraph 21 of the code is often referred to as the public interest test and sets out what a court must consider when deciding whether to impose a code right on a landowner. Paragraph 23 then sets out how the court should determine the remaining terms of the code agreement. Clause 57 simply gives an operator the ability to obtain a new code right or rights that they do not already have. The clause does not allow an operator to force changes to its existing code agreement or to compel the other party to modify any of its terms—for instance, to attempt to reduce the amount of rental payments. Furthermore, the clause does not enable an operator to bring an existing agreement to a premature end in order to take advantage of more favourable terms. Any existing code agreement that the operator has will be expected to continue and operate alongside the agreement relating to the new code right.

Amendment 17 seeks to expand the test at paragraph 21 so that the court also has to consider the terms of any existing agreement and any other method of statutory renewal available. We are, however, of the view that the court can already take such matters into consideration when deciding whether to make an order under paragraph 20 of the code, and again when applying the test at paragraph 23 to determine what terms the code agreement should contain.

This is a topical issue. Clause 57 rectifies an issue in the code that currently prevents operators who are in exclusive occupation of the land being able to obtain new code rights. As I said, three cases have touched on this issue, all of which were heard in the Supreme Court earlier this year, and the Supreme Court is due to hand down its judgment tomorrow.

At present we believe that Clause 57, as drafted, achieves its intended objective, but we recognise that this is a complex and technical area, on which the noble Lord, Lord Fox, valiantly conveyed the expert view of the noble Earl, Lord Lytton, and it is imperative that any unintended consequences are avoided. We will of course look closely at the Supreme Court’s judgment and carefully consider whether further amendments are needed, engaging with interested parties as required to ensure that the aim of the clause is fully realised.

I too am very conscious that the noble Earl, Lord Lytton, with whom we have already had some discussions on this and broader aspects of the Bill, will want to join those discussions, so I am sure he will be following the official record. But I am very happy to meet the noble Lords who have spoken, as well as the noble Earl, to discuss this issue in further detail, particularly once we have seen the judgment. For now, I urge the noble Lord to withdraw the amendment.

I thank the Minister for his response, during which he said that the department is of a view. When I was speaking for my part, rather than for the noble Earl, I made it clear that there were quite strong opinions that that view might not be correct. Three cases are to be judged tomorrow, before this Bill is enacted, so although it may have some relevance, it will potentially —and in the views of the people we have spoken to, almost certainly will—end up back in the courts.

We share the objective of the noble Baroness, Lady Merron, that the rollout be accelerated, not inhibited. We also share the view, as expressed in the not very veiled threat in the part of my speech on behalf of the noble Earl, Lord Lytton, about what the 1963 rent Act did, which was clog up the system. We do not want to do that—we cannot afford to clog up the rollout. There are strong suspicions that, without giving the legal certainty we need to avoid getting tangled up in the courts, we will be back there again, notwithstanding the judgments of tomorrow. That said, I beg leave to withdraw Amendment 17.

Amendment 17 withdrawn.

Clauses 58 and 59 agreed.

House resumed.

House adjourned at 8.47 pm.