Skip to main content

Grand Committee

Volume 837: debated on Wednesday 24 April 2024

Grand Committee

Wednesday 24 April 2024

Arrangement of Business

Announcement

My Lords, if there is a Division in the Chamber while we are sitting—let us face it, that is extremely unlikely—the Committee will adjourn as soon as the Division Bells ring and resume after 10 minutes.

Data Protection and Digital Information Bill

Committee (7th Day)

Scottish, Welsh and Northern Ireland Legislative Consent sought.

Schedule 11: Power to require information for social security purposes

Amendment 225

Moved by

225: Schedule 11, page 247, line 22, leave out “may” and insert “must”

Member’s explanatory statement

This amendment would make it a requirement for the Secretary of State to issue a code of practice in connection with the use of account information notices.

My Lords, in moving Amendment 225, I will speak to the other amendments in this group. They cover two issues: first, the code of practice, which features in Part 2 of new Schedule 3B, inserted by the Bill into the Social Security Administration Act 1992. Paragraph 6(1) of new Schedule 3B says:

“The Secretary of State may issue a code of practice in connection with account information notices”.

Amendment 225 would change “may” to “must”. Paragraph 6(2) mentions some matters that a code “may” include and Amendment 226 would change that “may” to “must”.

Amendment 227 would ensure that a code of practice includes the criteria to be used by the Secretary of State in determining whether to issue account information notices—I will come back to criteria shortly. Amendment 230 would require the Government to consult on the draft code of conduct with consultees including the Social Security Advisory Committee and organisations that would have to comply with account information notices. Amendment 231 would require the code of practice and any revisions to it to be approved by both Houses of Parliament. The Secretary of State would still be able to withdraw a code of practice, but the ability to issue notices would lapse if no code were in force. Amendments 228, 229 and 232 are consequential.

The other matter covered in this group is how the Government report to Parliament on these notices. Amendment 233 amends new Schedule 3B to provide for annual reporting to Parliament on the use of account information notices. As well as requiring the provision of statistics around the use of such notices during the previous financial year, the amendment would compel the Secretary of State to outline his or her views on the proportionality and effectiveness of notices. I hope that the need for these amendments is self-evident. Ministers are proposing to take new powers of astonishing breadth, which will involve the ability to search the bank accounts of tens of millions of our citizens, most of whom will have done nothing wrong. There is still very little detail about how these powers could be, or will be, used.

I will address two particular sets of issues. The first is criteria. Paragraph 2 of new Schedule 3B explains that banks have to return information about matching accounts. As well as specifying the identity of the account holders, they have to meet certain risk criteria. The Bill, the Explanatory Memorandum and briefings always talk in terms of examples of those criteria, usually around capital limits or time abroad. But my understanding, which may be wrong—I invite the Minister to correct me if I am—is that the criteria could be anything related to eligibility for the benefits in question.

For example, the eligibility for some benefits includes being a single parent. Paragraph 2(2)(a) of new Schedule 3B says that an account information notice

“may require information relating to a person who holds a matching account even if the person does not claim a relevant benefit”.

On our last day in Committee, we established that that directly related to appointees, but that made me wonder whether it could apply to anybody else. For example, we also established that a notice could cover a joint account where one of the holders is the person to whom the benefit is paid and the other is not. Would this power allow DWP to ask banks to search for any accounts linked to any single parent and to examine those accounts for evidence that they and the other holder of a joint account might be living together? Would these powers allow DWP to devise any criteria designed to identify whether a claimant was living with another adult? To be clear, I am not asking whether it intends to do that or whether it knows how to do that. I am just asking whether it would be permissible. Is this a category of thing that it could do under the powers in the Bill?

Related to that, could DWP issue notices to a bank other than that into which the benefit is paid? Again, we have heard that the intention is to go only to the bank into which the benefit is paid, but I want to know specifically: does this Bill gives DWP the power to do that or would it need additional primary legislation to do it?

Secondly, the Bill does not say that notices can be given only to banks. It says that they can be given only to a “person of prescribed description”. The Information Commissioner said:

“I have been unable to identify where such persons are prescribed and the provision itself is silent on the matter”.

It is therefore unclear which organisations will be in scope of the power or how this will be determined. Can the Minister tell us any more about who will be covered and how that will be determined? Who could be subject to a notice? A bank or a building society could be, clearly, but could a credit union, a Christmas club savings scheme or any other financial body?

Paragraph 58 of the impact assessment on this part of the Bill says:

“This measure is drafted broadly to ensure it is future-proofed against future changes and innovation, particularly in the financial services sector, i.e. in Fintech and Crypto, and enable DWP to apply this measure to non-financial organisations in future if it is deemed appropriate and proportionate”.

Can the Minister give the Committee an example of a non-financial organisation that could be appropriate? Specifically, could this apply to, for example, phone companies? Given the open-ended nature of the powers being taken, one way for Ministers to give reassurance to both the Committee and the wider public would be to ensure that DWP is constrained by a clear and transparent code of practice over which Parliament has oversight and that it reports to Parliament on the way it is using these powers. If the Minister does not like the approach in this amendment, perhaps he could offer the Committee other forms of assurance in this area. I beg to move.

My Lords, I apologise to the Committee that duties elsewhere in the House prevented me from attending the last two debates on Monday and so from speaking to the amendments that I had tabled and signed. However, I have read the Official Report with care.

I cannot pretend to be a data protection nerd, or even a social security nerd, like some speakers in those debates, but I hope that I pass muster as a surveillance nerd, having written for the Home Secretary two of the reports that informed the Investigatory Powers Act 2016 and, more recently, a report that informed the Investigatory Powers (Amendment) Bill, which I see is to be given Royal Assent tomorrow.

I support all the amendments in the name of the noble Baroness, Lady Sherlock, in this group. Of course there must be a code of practice. Of course it must be consulted on and scrutinised. I would add that that of course we could not contemplate passing this schedule into law until we have seen and studied it. An annual report of the sort that accompanies the reasonable suspicion power to issue financial institution notices, exercised by HMRC under Schedule 36 to the Finance Act 2008, would also be useful. For example, it is from the last of those reports, dated January 2024, that I learned that these reasonable suspicion tax information powers were now being used to obtain location data—something that it had previously been said would not be done.

Dan Squires, one of the authors of the legal opinion that I know was referred to on Monday, is not only a King’s Counsel but a deputy High Court judge and a genuine expert in this area. He and his junior, Aidan Wills, point in that opinion to the personal nature of some of the data that could be harvested under the proposed power and advise that Schedule 11 does not come close to the safeguards required for compliance with Article 8. They refer in particular to the striking lack of clarity about the grounds on which and the circumstances in which the proposed power can be used, as well as to the absence of both independent authorisation and independent oversight. They point out that, although saving up to £600 million over five years is a very important objective, it weighs no more heavily—indeed, probably less heavily—than the normal justifications for obtaining information in bulk: protecting national security and the prevention and detection of serious crime. Their opinion is well referenced, persuasive and consistent with the view on proportionality expressed by both the Information Commissioner and the Constitution Committee, on which I sit.

On Monday, the Minister referred to the power in Schedule 23 to the Finance Act 2011 to obtain certain data items from particular classes of data holder—for example, employers and land agents. So I had a look at that schedule and the data-gathering regulations under its paragraph 1. The power would appear to apply only to certain tightly defined items, such as payments made by the employer or arising from use of land. There would appear to be a noticeable contrast with location data, personal spending habits and so on, which fall within the scope of the powers in this schedule, as they are written in the Bill. Both HMRC and the Home Office operate under powers tightly defined in legislation. Assurances that those powers will be used in a restrained way, as Justice has commented in its useful briefing on the Bill, simply do not cut it. I am afraid that the law requires the DWP to be subject to the same constraints.

I am concerned: concerned that this important new power was not subject to detailed consultation or even to scrutiny by a Commons Bill Committee, where useful evidence could have been heard; concerned that it could even have been contemplated that so vague a power might be in the Bill and not accompanied by a code of practice; concerned about the absence of an independent approval and oversight mechanism, equivalent to the Office for Communications Data Authorisations and the Investigatory Powers Commissioner’s Office; and concerned that, if we do not get this potentially valuable power right from the start, it will immediately be subject to legal challenges, which will swiftly render it unusable.

If, as I believe, Schedule 11 is currently unfit for purpose, is there time to rescue it? I have a couple of practical suggestions. First, I saw the investigatory powers unit from the Home Office when it happened to be in the House yesterday, and I wondered if there might be utility in it comparing notes with the Bill team about these types of powers and their attendant safeguards.

Secondly, I hope the Government appreciate the significance—at least to us nerds in the Committee—of the legal analysis of Dan Squires KC and Aidan Wills. If we are to be told that it is mistaken, which would certainly be unusual, I for one would like to see that backed up by an opinion from a lawyer of equivalent stature, whether at the GLD or independent counsel, explaining precisely and persuasively why Mr Squires and Mr Wills are wrong. Otherwise, and without significant change of the type identified in the opinion, I am afraid I am not inclined to give this schedule the benefit of the doubt.

I signed up to the stand part notice of the noble Baroness, Lady Kidron, thinking it would at least be a platform to think about what amendments to the schedule might be needed. The more I read the schedule and the more I hear about it, the more I am driven to the conclusion that, if we do not see substantial change, opposing the schedule may be the way that we have to go at the next stage.

In the two previous groups, I raised pension credit, and it is notable that the noble Viscount the Minister has not responded on that point. As such, my automatic assumption is that he believes that the implementation of these powers will deter people from seeking pension credit, which is contrary to the Government’s declared policy to encourage people. I mention that in passing, given this opportunity.

My other moan is about the impact assessment; there is none. I do not like the impact assessment that we have. It is a totally impenetrable and meaningless document, which is clearly there just as a matter of form rather than as a serious attempt to try to inform participants in these debates about what is in the Bill and what impact it will have on people and organisations.

My specific points are broadly in line with the points raised by UK Finance, the overall organisation for financial organisations, including banks and insurance companies, which continues to have serious concerns about these provisions. I think we should listen carefully to what it says. In particular, if we are going to have these powers then, in line with the amendments tabled by my noble friend Lady Sherlock, we have to make sure that they are introduced in an effective way that appreciates the vulnerabilities of customers.

UK Finance is concerned about the design and proportionality of these proposals, the impact on vulnerable customers and financial organisations’ consumer duty, which was introduced under wide-ranging powers under other Acts of Parliament, to consider and look after the interests of their customers. To what extent does this power run across their consumer duty? Any involvement in implementing these powers has to comply with their consumer duty.

UK Finance also emphasises that the one-off aspect of these proposals is bad. It is unhappy that it is a one-off; this should be part of an overall strategy to deal with fraud and financial misunderstandings within the sector. Just picking it off as one particular aspect, when it is a much wider issue, is a matter of concern to it. It is also concerned—perhaps this is something I would urge my noble friend to think about when we come back to this issue on Report, which I am sure we will—that charities and social organisations that represent people who are less able because of income or background to cope with these issues will be involved in the consultation on this code of practice. I am totally in favour of my noble friend’s proposals, but I suggest that consultation needs to go somewhat wider than the list in the amendment.

My Lords, it has been a privilege to be at the ringside during these three groups. I think the noble Baroness, Lady Sherlock, is well ahead on points and that, when we last left the Minister, he was on the ropes, so I hope that to avoid the knock- out he comes up with some pretty good responses today, especially as we have been lucky enough to have the pleasure of reading Hansard between the second and third groups. I think the best phrase that noble Baroness had was the “astonishing breadth” of Clause 128 and Schedule 11 that we explored with horror last time. I very much support what she says.

The current provisions seem to make the code non-mandatory, yet we discovered they are without “reasonable suspicion”, the words that are in the national security legislation—fancy having the Home Office as our model in these circumstances. Does that not put the DWP to shame? If we have to base best practice on the Home Office, we are in deep trouble.

That aside, we talked about “filtering” and “signals” last time. The Minister used that phrase twice, I think, and we discovered about “test and learn”. Will all that be included in the code?

All this points to the fragility and breadth of this schedule. It has been dreamt up in an extraordinarily expansive way without considering all the points that the noble Lord, Lord Anderson, has mentioned, including the KC’s opinion, all of which point to the fact that this schedule is going to infringe Article 8 of the European Convention on Human Rights. I hope the Minister comes up with some pretty good arguments.

My final question relates to the impact assessment–or non-impact assessment. The Minister talked about the estimate of DWP fraud, which is £6.4 billion. What does the DWP estimate it will be after these powers are implemented, if they are ever implemented? Should we not have an idea of the DWP’s ambitions in this respect?

My Lords, this has been a somewhat shorter debate than we have been used to, bearing in mind Monday’s experience. As with the first two groups debated then, many contributions have been made today and I will of course aim to answer as many questions as I can. I should say that, on this group, the Committee is primarily focusing on the amendments brought forward by the noble Baroness, Lady Sherlock, and I will certainly do my very best to answer her questions.

From the debate that we have had on this measure, I believe that there is agreement in the Committee that we must do more to clamp down on benefit fraud. That is surely something on which we can agree. In 2022-23, £8.3 billion was overpaid due to fraud and error in the benefit system. We must tackle fraud and error and ensure that benefits are paid to those genuinely entitled to the help. These powers are key to ensuring that we can do this.

I will start by answering a question raised by the noble Lord, Lord Anderson—I welcome him to the Committee for the first time today. He described himself as a “surveillance nerd”, but perhaps I can entreat him to rename himself a “data-gathering nerd”. As I said on Monday, this is not a surveillance power and suggesting that it is simply causes unnecessary worry. This is a power that enables better data gathering; it is not a surveillance or investigation power.

The third-party data measure does not allow the DWP to see how claimants spend their money, nor does it give the DWP access to millions of people’s bank accounts, as has been inaccurately presented. When the DWP examines the data that it receives from third parties, this data may suggest that there is fraud or error and require a further review. This will be done through our normal, regular, business-as-usual processes to determine whether incorrect payments are indeed being made. This approach is not new. As alluded to in this debate, through the Finance Act 2011, Parliament has already determined that this type of power is proportionate and appropriate, as HMRC already owns similar powers regarding banking institutions and third parties in relation to all taxpayers.

I listened very carefully to the noble Lord and will, however, take back his points and refer again to our own legal team. I think the point was made about the legality of all this. It is a very important point that he has made with all his experience, and I will take it back and reflect on it.

I take the Minister’s point and I will settle for the appellation “investigatory powers nerd”; I am quite happy with that. Does the Minister agree with me, however, that the legal difficulty —we see this with the other bulk powers already in our law—is that Article 8 of the European convention locks in not when a human eye gets stuck into the detail, but as soon as a machine harvests the data in bulk? Most of that data relates to people in respect of whom there could be no possible suspicion. Satisfying the requirements of necessity and proportionality must be done even at that stage. I understand that that is awkward and I am sure a lot of people would prefer that it was otherwise, but that is, as I understand it, the law. That renders the distinction that the Minister seeks to draw between data gathering and surveillance perhaps slightly difficult to maintain.

If I may just answer that question from the noble Lord, Lord Anderson; I think it is important to take one question at a time.

I have every sympathy with what the noble Lord has said. As I mentioned on Monday, points could easily raised about that—I think it may have been the noble Baroness, Lady Kidron, who raised points about computers and their robustness. This is the very point that we agree with. It is incredibly important and we have started already to draw up a proper code of practice to work with the banks on how this will actually work. We need continued time to work these issues through. I also made the point on Monday that, at the end of the day, a human being will be there—must be there—to determine where we go from there.

In relation to the code of practice, which I am glad the Minister mentioned, we have just seen the Investigatory Powers (Amendment) Bill through this place. It makes some relatively minor changes to the powers of the intelligence agencies to harvest data in bulk and, to ensure the orderly passage of that Bill through both Houses of Parliament, the key excerpts of the draft code of practice were made available before Committee in either House to enable it to be properly scrutinised. We seem to have left it terribly late in the day still to be talking about a draft code of practice on this Bill, which we have not even seen. Can the Minister assure us that before we come to Report, that code of practice will be available in draft?

Indeed, I was going to come on to that later in my remarks, particularly to address the points raised by the noble Baroness, Lady Sherlock. We need the necessary time to continue to develop this code of practice, and that is particularly important in respect of this measure. The answer is no, I cannot guarantee to have the code of practice ready by Report. Indeed, I am saying that it will be ready sometime in the summer. It is important to make that point but also a further one, which is that there are many instances, as the noble Lord will know, when a code of practice is finalised and brought forward after the primary legislation is brought through, and this is one of those cases. That is not abnormal but normal. The noble Lord may not like it but there is considerable precedent for that to happen.

I have a question. I am slightly puzzled about the difference between data collection and surveillance. Surely the collection and gathering of data would be to enable officials to survey someone’s bank account. If that is not the case, what is the purpose of collecting the data if not to interrogate the behaviour of an individual to understand how their money is being brought in and spent, so that the department can exercise some judgment over whether the individual is revealing the truth about their income and outgoings?

Indeed, I think we are going back to the debates that we had on Monday. However, this chimes with a question from the noble Lord, Lord Clement-Jones, so it might be helpful briefly to rehearse what we are doing here and to be clear about the limitations and the checks and balances on the power that we are bringing forward.

As per paragraph 1(2) of Schedule 11 to the draft legislation, the DWP can use this power only for the purposes of checking whether someone is eligible for the benefit that they are receiving. In practice, this means that the DWP will request information only on specific criteria, which I laid out on Monday, linked to benefit eligibility rules, which, if met may—I emphasise “may”—indicate fraud or error. If accounts do not match these criteria, no data will be shared with the DWP. The effect of paragraphs 1 and 2 of the draft legislation is that the DWP can ask for data only where there is this three-way relationship between the DWP, the third party and the recipient of the payment. In addition, the DWP can ask for data only from third parties designated in secondary legislation, subject to the affirmative procedure. There are debates to come as further reassurance to your Lordships.

As per paragraph 4(2) of Schedule 11 to the draft legislation, the power does not allow the DWP to share personal information with third parties, which means that the power can be used only with third parties who are able to identify benefit recipients independently. Just to add further to this, we are obliged, under Article 5(1)(c) of the UK GDPR, to ask only for the minimum of information to serve our purposes. In accordance with the DWP’s existing commitments on the use of automation, no automatic benefit decisions will be taken based on any information supplied by third parties to the DWP. As I said earlier and on Monday, a human will always be involved in decision-making. I hope that helps.

I am sorry to interrupt the noble Viscount, but I just want to be clear about what he is saying in relation to the code of practice, which obviously is at the heart of this section of the debate, although there will be other things to come. Am I right that he said—obviously he has to cover himself—that there is a chance that the Report stage of this Bill might be entered into before we have sight of the draft code of practice? He makes the point that that is not an unusual occasion. I understand that—we have both served in Parliament long enough to know that that is the case—but this is clearly an issue on which the Committee has made very strong representations to the Government. Will he do what is in his power to make sure that we do not enter Report without seeing at least an early draft, if that is possible, of the code of practice?

I will certainly take that back. I do not want to make any commitments today. I have already set out our stall as to where we are. I make the further point—I am perhaps repeating myself—that given the sensitivities that there clearly are, which I have been listening to carefully, it is important that this code of practice is developed at a pace that is right for what is needed, in bringing those involved along and making sure that it is right, secure, safe and with all the safeguards involved. It is quite a serious piece of work, as noble Lords would expect me to say. I will take that back. I will certainly not be able to guarantee to produce anything before Report, which may disappoint the noble Lord, but at least I have gone as far as I can. I hope that that is helpful.

I am grateful to the noble Viscount. This is just a thought, but we are happy to help, as we often have done in the past on other Bills. If there is any opportunity for us to be shown early drafts, to give some help and assurance to the noble Viscount that he is on the right track, I am sure that that would be accepted.

I appreciate the tone of the noble Lord and, if there is anything that comes from behind me before I conclude my remarks, to be helpful, I will certainly do that.

Our debates on this measure have covered many issues. This group, as mentioned earlier, focuses primarily on the operational delivery of the power, so it would be quite good to move on. Just before I do, for the benefit of the noble Lord, Lord Anderson, in terms of the late introduction—his words—of this measure, as mentioned on Monday the DWP published a fraud plan in May 2022, where it outlined a number of new powers that it would seek to secure when parliamentary time allowed. In the parliamentary time available, DWP has prioritised our key third-party data-gathering measure, which will help it to tackle one of the largest causes of fraud and error in the welfare system. That is a short version of what I said on Monday, but I hope that it might be helpful.

Before I turn to the amendments, it might be helpful to set out how the legislation will frame the delivery of this measure. When we issue a request for data to a third party or, as it is set out, an account information notice or AIN, which is in the Bill, we can only ask it to provide data where it may help the DWP to establish whether benefits have been properly paid in accordance with the rules relating to those benefits. As mentioned earlier, this is defined clearly at paragraph 1(2) of the new schedule. This is where the data that DWP receives may signal—to use the word raised by the noble Lord, Lord Clement-Jones—potential fraud and error. The noble Lord asked for further clarification on that point. To be clear, a signal of fraud and error is where the rules of benefit eligibility appear not to be met. For example, this might be where a claimant has more capital than the benefit rules allow. As I made clear on Monday, all benefits and payments have rules that determine eligibility, which Parliament has agreed are the right rules in its consideration of other social security legislation. To issue an AIN, we must also have designated a third party in affirmative regulations, which need to be passed by both Houses.

As has been covered, we can also only request data from third parties where there is this relationship, which I will not repeat again and which I think the Committee will be familiar with. Our intention is to designate banks and financial institutions as the first third parties that we can approach, enabling us to request information on accounts only held in the UK. Just to clarify that point, we will not be able to request information on overseas accounts.

On the question raised by the noble Baroness, Lady Sherlock, on examples of non-financial organisations that the power could appropriately be used on, we will bring forward regulations to specify the data holders in scope. I hope that this is helpful. In the first instance, this will be, as mentioned, banks and financial institutions. The power also has potential use cases with other third parties, such as housing or childcare providers, but, just to reassure the Committee, this would be subject to further parliamentary approval.

I am grateful to the Minister—I am just trying to catch up. On the point that he made about regulations, I imagine that the power to prescribe the descriptions of persons to whom an account information notice may be sent comes under paragraph 1(1) of the schedule. I think that that is what he was saying. In paragraph 2, on the content of the account information notices, there is a reference to

“other specified information relating to the holders of those accounts, and … such further information in connection with those accounts as may be specified”.

Does that simply mean anything specified in the account information notice or is there a power to make regulations that will limit the types of information that can be specified in an AIN?

Again, I hope that I might have covered this earlier. If I read the noble Lord’s question correctly, the definitions will need to be debated by both Houses. I have made clear what we are bringing in at the moment for banks and financial institutions, but this will need to be looked at by both Houses in future. I hope that that is clear.

I apologise; I did not make myself clear. I think that we are on entirely the same wavelength on the persons to whom an information notice can be given; the Minister has reassured us that they will be specified in regulations and considered by both Houses. My question relates to the content of an account information notice under paragraph 2 and the very broad references to “other specified information”, “such further information” and so on. I did not read that as a regulation-making power. I rather assume that the discretion over the choice of information that is specified remains entirely at large. If the Minister is saying that there will be regulations that will specify the information that an AIN can include, hence mitigating the breadth of paragraph 2, I would be glad if he could make that clear.

My understanding —with his experience, I am sure that the noble Lord will be ahead of me on this—is that this is defined. We define it pretty clearly in paragraph 1(2). In the interests of time, I will reflect on what he has asked and will be absolutely sure to add this to the letter that I pledged to write on Monday—it is getting bigger by the moment, as I fully expected.

My Lords, as I asked only four questions, I want to try to nail each one as we go. I am grateful to the Minister. Before we leave the matter of the kind of organisations to which this applies, I think that he is saying that the Bill would allow the DWP to request information from any kind of organisation, including phone companies, which I asked about specifically. The kinds of organisations are to be specified in regulations, which the Government will bring forward, initially naming financial institutions. By virtue of further regulations, could they extend that to anything—to Garmin, the people who monitor your runs, to gyms and to anyone else? Is that correct?

That is correct. I hope indeed that it provides some reassurance that extending it to the banks and financial institutions initially is deliberately designed to be narrow. It would be subject to both Houses to debate other areas beyond those. I am coming on to address that. The noble Baroness asked about phone companies. Simply put, we will be able to designate the third parties that fit within the provisions of this legislation where they hold information that would help us to verify whether someone meets the eligibility criteria for the benefit that they are receiving. However, ultimately, it would be for Parliament to decide whether a third party can be designated under this power, as we must bring affirmative regulations forward to do this. We have that power.

To be clear, they already have some information about claimants or recipients. Does this Bill make any difference to that information? Can they already use the information that they have for these purposes, for example the name and address of a claimant’s bank account, or does this Bill extend the use of information to other information that they already have?

Indeed, that is correct. I hope that is helpful and gives the noble Lord reassurance. To clarify, we have our normal business-as-usual processes so, where we are able to—with the restriction of not at present being able to use the banks and financial institutions as a conduit—we have those powers. However, obviously, as has been made clear by the ICO, there is no alternative to needing the help of banks and financial institutions to go further in tackling the ever-greater sophistication of fraud.

The noble Baroness, Lady Sherlock, asked whether we could issue an AIN to a bank other than that into which the benefit is paid. The answer is no. The power is exercisable only in respect of a matching account that meets the criteria in an AIN and receives a benefit payment. If this is not the case, the Secretary of State cannot require them to supply that information.

When it comes to issuing an AIN, DWP will be able to exercise these powers only for payments for which it is responsible. This means that DWP cannot exercise this power with some benefits that fall under the legislation, such as child benefit, as was mentioned on Monday. I know that the noble Baroness, Lady Sherlock, raised this issue. As I committed to do on Monday, I will provide in writing more detail on the scope of the measure and on these limitations, which will require more time.

I will also ensure that my letter is clear on how the measure will impact appointees, joint claims and other such accounts. I am well aware that a number of questions were asked about this matter on Monday but, in the interests of time, I will move on.

I turn to proofs of concept. I also want to speak about our approach to delivery, in particular how we plan to test delivery before we gradually scale up operational delivery; I am aware of the time, but I hope that the Committee will indulge me. Our planned period of “test and learn” will build on our learning from our two previous proofs of concept, which we conducted in 2017 and 2022. These demonstrated the effectiveness of this approach and contributed to the OBR’s certification that the measure will save up to £600 million over the next five years.

The two proofs of concept that I mention are important. I hope that the Committee will be interested to read the results, which demonstrate why we need to do this. Without further ado, let me say that I will set out the details of these two examples in the letter as well, which will, I hope, be helpful.

The noble Lord, Lord Vaux, who is in his place, the noble Lord, Lord Clement-Jones, and the noble Baroness, Lady Sherlock, spoke about the regulatory impact assessment on Monday. I just want to use this time to reassure them on that. More information on these proofs are contained within the RIA, which was, as noble Lords will know, green-rated by the RPC.

On “test and learn”, we have a clear view on how this power may work. We are already working with third parties in readiness to commence the formal “test and learn” period in early 2025 and preparing the code of practice in advance of that. I will come on to that in just a second—in fact, I will come on to it right now, given the time. I shall refer to Amendments 225 to 232 in the name of the noble Baroness, Lady Sherlock.

To support the delivery of this measure, we will produce the code of practice to help define how the measure will work, with explanations. I assure the noble Baroness and the Committee that the code of practice is already in development; we are working positively with around eight leading financial institutions through an established working group that meets regularly to shape the code. We are fully committed to continuing that work; I think I covered the timing of that earlier in my remarks. Accepting Amendments 225 and 226 in the name of the noble Baroness would therefore, we believe, have minimal effect. I am clear that DWP will produce a code of practice, which will be consulted on; I have also set out the sort of detail that it will contain. Accepting them may also potentially restrict our ability to develop the code of practice further as we understand more from “test and learn”.

Because we are developing this collaboratively with banks, I am not yet in a position to share the draft code, as I mentioned; I have given certain reassurances on that. However, I can say that it will provide guidance on issues such as the nature of the power and to whom it will apply. It will also provide information on safeguards, cover data security responsibilities and provide information on the appeals processes should a third party wish to dispute a request. We will engage with SSAC, to help the noble Baroness, Lady Sherlock, as we bring forward the affirmative regulations. On balance, I believe that the best course is to consult on the code of practice rather than rushing to define it now.

I turn to the amendment on including the criteria for issuing account information notices. It is right that I should be open on this, but I need to be mindful, as mentioned on Monday, that the more that is said publicly on this, the more information we may pass into the hands of fraudsters.

Annual reporting was another point raised by the noble Baroness. Briefly, I reassure noble Lords that this measure will be rolled out carefully and slowly. To report annually to Parliament on the measure, as has been suggested, is unnecessary and burdensome, as it will pre-empt our safe and gradual delivery and potentially provide only limited, incomplete information, in the early stages of delivery.

I hope that I have gone some way to answer the questions. I will look very carefully at Hansard, as I am particularly concerned that I have addressed the questions raised by the noble Baroness, Lady Sherlock.

I am most grateful to the Minister. There is one question, so I apologise if he answered it and I did not quite pick it up. I specifically asked if these powers would allow the DWP to devise criteria designed to identify if a claimant was in fact living with another adult. With the appropriate regulation, would the powers allow it to do that?

That is one of the questions that I can now answer. The power will allow this, in so far as it pertains to helping the Secretary of State establish whether the benefits are being paid properly, as with paragraph 1(2) of new Schedule 3B. Rules around living together are relevant only to some benefits. That is a very short answer, but I could expand on it.

May I add to the very long letter? I have been sitting here worrying about this idea that one of the “signals” will be excess capital and then there are matching accounts. If the matching account has more capital—for example, the person who has a connected account is breaking the £16,000 or £6,000—does that signal trigger some sort of investigation?

That is a very fair question, and I hope that I understand it correctly. I can say that the limit for the DWP is that it can gain only from what the third party produces. Whatever goes on behind the doors of the third party is for them and not us. Whether there is a related account and how best to operate is a matter for the bank to decide. We may therefore end up getting very limited information, in terms of the limits of our powers. I hope that helps, but I will add some more detail in the letter.

My Lords, the Minister extolled the green-rated nature of this impact assessment. In the midst of all that, did he answer my question?

I asked about the amount of fraud that the Government plan to detect, on top of the £6.4 billion in welfare overpayments that was detected last year.

The figure that we have is £600 million but, again, I will reflect on the actual question that we are looking to address—the actual amount of fraud in the system.

The Minister is saying that that figure is not to be found in this green-rated impact assessment, which most of us find to be completely opaque.

My Lords, we have talked about proportionality and disproportionality throughout the debate on this Bill. Is it not extraordinary that that figure is not on the table, given the extent of these powers?

My Lords, the Minister was kind enough to mention me a little earlier. Can I just follow up on that? In the impact assessment, which I have here, nowhere can I find the £600 million figure, nor can I find anywhere the costs related to this. There will be a burden on the banks and clearly quite a burden on the DWP, actually, if it has got to trawl through this information, as the noble Viscount says, using people rather than machines. The costs are going to be enormous to save, it would appear, up to £120 million per year out of £6.4 billion per year of fraud. It does seem odd. It would be really helpful to have those cost numbers and to understand in what document they are, because I cannot find in the impact assessment where these numbers are.

I hope I can help both noble Lords. Although I must admit that I have not read every single page, I understand that the figure of £500 million is in the IA.

Yes, £500 million. I mentioned £600 million altogether; that was mentioned by the OBR, which had certified this, and by the way, that figure was in the Autumn Statement.

The noble Viscount explained in response to the noble Lord, Lord Anderson, that at every stage where the powers are going to be expanded, it would come back as an affirmative regulation. I might have been a bit slow about this, but I have been having a look and I cannot see where it says that. Perhaps he could point that out to me, because that would provide some reassurance that each stage of this is coming back to us.

I understand, very quickly, that it is in paragraph 1(1), but again, in the interests of time, maybe we could talk about that outside the Room.

I do not know whether I can help. I agree with the noble Baroness: I do not think it is very clear from paragraph 1(1) that there is a regulation-making power. However, if you look at paragraph 5 of the new schedule, there is a reference there to regulations under paragraph 1(1) as well as two other paragraphs of the schedule. That is the rather tortuous route by which I came to the conclusion that the Minister is quite right.

I reassure noble Lords that is correct—it is paragraph 1(1). It may be rather complex, but it is in there, just to reassure all noble Lords.

I am sorry to keep coming back, but did the Minister give us the paragraph in the impact assessment that referred to £500 million?

No, I did not, but that is something which surely we can deal with outside the Room. However, I can assure noble Lords that it is in there.

My Lords, I thank the Minister for his attempts to answer my questions and those of many noble Lords. I will not detain the Committee for very long at all.

I am grateful to know that there will be a code and that it will be consulted on. Given that, it would have saved an awful lot of trouble if the Government had simply not put “may” in the Bill in the first place—that would have cut out a whole loop of this. I am very grateful to know that that is there. I agree with the Minister that we all want to know about and to clamp down on fraud and error; the question is one of proportionality.

When the Minister comes to write—I realise that this letter is turning into “War and Peace”, but it will make us all come to Report in a much better place if we can get a clearer answer to many of these questions— I still wonder whether he properly answered the question from the noble Lord, Lord Anderson, about the legality of these powers, because the point about when they engage is crucial. The Minister is still coming back to a distinction between the gathering of the data and what the DWP will do using its existing “business as usual” powers, to investigate. I think the point the noble Lord was making is that the question of legality engages at the point of that data gathering, not at the point at which it is used, if I am correct. I am not sure that the Minister answered that—I am not inviting him to do it now—but I specifically suggest that he takes advice on that point before we come back on Report.

The other issue is that, if the Government have come in so late in the day introducing these powers into the Bill, it would have been better to have draft regulations before Report at the first stage. The Minister thinks the code can be available in the summer, but the summer is fast approaching so I see no reason why the usual channels could not accommodate the date for Report to allow us to go past the date for producing a draft code if the Government wish to. I realise that they may not wish to, but it must be perfectly possible—unless the Minister knows something I do not about a likely date of a general election, presumably we should still have time to do that. So I commend that thought to him.

However, we also know that a lot of the constraints he has described will happen solely in regulations. Everybody in this Committee is aware of the limitations of the capacity of both Houses to do anything about regulations. We cannot amend them here. The Government will bring them forward, but the capacity of us to do anything about that is small, so that is not as much of an assurance as it would be in other circumstances.

Finally, what I am left with is that these powers could do anything from something that might sound very proportionate to something that might sound entirely disproportionate, and we simply have not heard anything that enables us to make a judgment early enough to know where that is contained. I therefore ask the Government to think again before Report about ways in which they might provide assurance about a more contained and proportionate approach to these measures.

Since we are in Committee, in the meantime, I thank all noble Lords for their work on this and the Minister for his response. Before I beg leave to withdraw, I see that the Minister is intervening on me now, which is a joyful change.

Before the noble Baroness sits down, I want to say one very important thing. As ever with Bills, there is an opportunity to engage, and I pledge right now to engage with all noble Lords who wish to, and we would like to as well, on these particular measures, to provide, I hope, further reassurances to those that I have given. I hope there is some acceptance that I have given some reassurances.

My Lords, I am sure that on behalf of the Committee I can thank the Minister for that generous offer, and we look forward to taking it up. In the meantime, I beg leave to withdraw the amendment.

Amendment 225 withdrawn.

Amendments 226 to 235 not moved.

Schedule 11 agreed.

Clause 129: Retention of information by providers of internet services in connection with death of child

Amendment 236

Moved by

236: Clause 129, page 158, line 27, leave out “, or are due to conduct an investigation,”

Member’s explanatory statement

This amendment makes a technical change to wording about investigations by a coroner or procurator fiscal. The omitted words are not required because there is no stage at which a coroner or procurator fiscal would be “due to” conduct an investigation into a death (as opposed to conducting an investigation into it).

My Lords, having listened carefully to representations from across the House at Second Reading, I am introducing this amendment to address concerns about the data preservation powers established in the Bill. The amendment provides for coroners, and procurators fiscal in Scotland, to initiate the data preservation process when they decide it is necessary and appropriate to support their investigations into a child’s death, irrespective of the suspected cause of death.

This amendment demonstrates our commitment to ensuring that coroners and procurators fiscal can access the online data they may need to support their investigation into a child’s death. It is important to emphasise that coroners and procurators fiscal, as independent judges, have discretion about whether to trigger the data preservation process. We are grateful to the families, Peers and coroners whom we spoke to in developing these measures. In particular, I thank the noble Baroness, Lady Kidron, who is in her place. I beg to move.

My Lords, it is an unusual pleasure to support the Minister and to say that this is a very welcome amendment to address a terrible error of judgment made when the Government first added the measure to the Bill in the other place and excluded data access for coroners in respect of children who died by means other than suicide. I shall not replay here the reasons why it was wrong, but I am extremely glad that the Government have put it right. I wish to take this opportunity to pay tribute to those past and present at 5Rights and the NSPCC for their support and to those journalists who understood why data access for coroners is a central plank of online safety.

I too recognise the role of the Bereaved Families for Online Safety. They bear the pain of losing a child and, as their testimony has repeatedly attested, not knowing the circumstances surrounding that death is a particularly cruel revictimisation for families, who never lose their grief but simply learn to live with it. We owe them a debt of gratitude for putting their grief to work for the benefit of other families and other children.

I want to make two brief comments. The first is to say that, at one point in the process, I and the noble Lord, Lord Allan, who is in his place, provided input for guidance that was to be produced. In the tussle over the scope of the provision, however, that conversation came to an end. I therefore ask the Minister whether he is willing to arrange a meeting with me and other noble Lords and MPs who have championed this provision and, separately, with the Bereaved Families for Online Safety, so that we can be sure that the guidance meets the expectations of parliamentarians and reflects the lived experience of families.

Secondly, the tech companies have made clear that they follow our proceedings with interest. Across the world, they have gone to court to prevent legislation passing, undermine regulation and frustrate penalties. However, it was in an open court, at the inquest of Molly Russell, that the world saw just how cynical and wilfully careless the sector is. Via her Instagram account, Molly Russell viewed, liked and shared 2,100 pieces of content relating to depression, suicide or self-harm in a period of only six months. It was also in open court that the Chief Coroner came to the view that the material recommended to Molly contributed to her death in more than a minimal way. Of course, both I and the Bereaved Families for Online Safety hope that the provisions in the broader Online Safety Act will make meaningful change to children’s online experience but, when the worst happens, we will, because of this provision, see again in open court the part that any regulated company plays in the death of a child. It is my hope that, as well as giving some succour to the families at the very worst moment of their lives, the court’s access to data will also make companies pause to think about the impact of their service design on children before they roll out products, and that they act more swiftly when the alarm is raised. Tech is 100% engineered and can be anything at once. Until the sector stops seeing harms to children as unfortunate collateral damage to their business model, they and we will have failed.

My Lords, I want briefly to contribute to this debate, which I think is somewhat less contentious than the previous group of amendments. As somebody, again, who was working on the Online Safety Act all the way through, I really just pay tribute to the tenacity of the noble Baroness, Lady Kidron, for pursuing this detail—it is a really important detail. We otherwise risk, having passed the legislation, ending up in scenarios where everyone would know that it was correct for the data-gathering powers to be implemented but, just because of the wording of the law, they would not kick in when it was necessary. I therefore really want to thank the noble Baroness, Lady Kidron, for being persistent with it, and I congratulate the Government on recognising that, when there is an irresistible force, it is better to be a movable object than an immovable one.

I credit the noble Viscount the Minister for tabling these amendments today. As I say, I think that this is something that can pass more quickly because there is broad agreement around the Committee that this is necessary. It will not take away the pain of families who are in those circumstances, but it will certainly help coroners get to the truth when a tragic incident has occurred, whatever the nature of that tragic incident.

My Lords, having been involved in and seen the campaigning of the bereaved families and the noble Baroness, Lady Kidron, in particular in the Joint Committee on the Draft Online Safety Bill onwards, I associate myself entirely with the noble Baroness’s statement and with my noble friend Lord Allan’s remarks.

My Lords, I thank the Minister for setting out the amendment and all noble Lords who spoke. I am sure the Minister will be pleased to hear that we support his Amendment 236 and his Amendment 237, to which the noble Baroness, Lady Kidron, has added her name.

Amendment 236 is a technical amendment. It seeks the straightforward deletion of words from a clause, accounting for the fact that investigations by a coroner, or procurator fiscal in Scotland, must start upon them being notified of the death of a child. The words

“or are due to conduct an investigation”

are indeed superfluous.

We also support Amendment 237. The deletion of this part of the clause would bring into effect a material change. It would empower Ofcom to issue a notice to an internet service provider to retain information in all cases of a child’s death, not just cases of suspected suicide. Sadly, as many of us have discovered in the course of our work on this Bill, there is an increasing number of ways in which communication online can be directly or indirectly linked to a child’s death. These include areas of material that is appropriate for adults only; the inability to filter harmful information, which may adversely affect mental health and decision-making; and, of course, the deliberate targeting of children by adults and, in some cases, by other children.

There are adults who use the internet with the intention of doing harm to children through coercion, grooming or abuse. What initially starts online can lead to contact in person. Often, this will lead to a criminal investigation, but, even if it does not, the changes proposed by this amendment could help prevent additional tragic deaths of children, not just those caused by suspected child suicides. If the investigating authorities have access to online communications that may have been a contributing factor in a child’s death, additional areas of concern can be identified by organisations and individuals with responsibility for children’s welfare and action taken to save many other young lives.

Before I sit down, I want to take this opportunity to say a big thank you to the noble Baroness, Lady Kidron, the noble Lord, Lord Kennedy, and all those who have campaigned on this issue relentlessly and brought it to our attention.

Let me begin by reiterating my thanks to the noble Baroness, Peers, families and coroners for their help in developing these measures. My momentary pleasure in being supported on these amendments is, of course, tempered by the desperate sadness of the situations that they are designed to address.

I acknowledge the powerful advocacy that has taken place on this issue. I am glad that we have been able to address the concerns with the amendment to the Online Safety Act, which takes a zero-tolerance approach to protecting children by making sure that the buck stops with social media platforms for the content they host. I sincerely hope that this demonstrates our commitment to ensuring that coroners can fully access the online data needed to provide answers for grieving families.

On the point raised by the noble Baroness, Lady Kidron, guidance from the Chief Coroner is likely to be necessary to ensure both that this provision works effectively and that coroners feel supported in their decisions on whether to trigger the data preservation process. Decisions on how and when to issue guidance are a matter for the Chief Coroner, of course, but we understand that he is very likely to issue guidance to coroners on this matter. His office is working with my department and Ofcom to ensure that our processes are aligned. The Government will also work with the regulators and interested parties to see whether any guidance is required to support parents in understanding the data preservation process. Needless to say, I would be more than happy to arrange a meeting with the noble Baroness to discuss the development of the guidance; other Members may wish to join that as well.

Once again, I thank noble Lords for their support on this matter.

Amendment 236 agreed.

Amendment 237

Moved by

237: Clause 129, page 158, leave out lines 30 and 31

Member's explanatory statement

This amendment concerns OFCOM’s power to issue a notice requiring an internet service provider to retain information about the use of the service by a child who has died, where a coroner or procurator fiscal is investigating the child’s death. The amendment has the effect that the power is no longer limited to cases of suspected child suicide.

Amendment 237 agreed.

Clause 129, as amended, agreed.

Amendment 238 not moved.

Clauses 130 to 132 agreed.

Clause 133: Form in which registers of births and deaths are to be kept

Amendment 239

Moved by

239: Clause 133, page 169, line 10, at end insert—

“(2A) After section 25, insert—“25A Review of form in which registers are to be kept(1) The Secretary of State must commission a review of the provisions of this Act and of related legislation, with a view to the creation of a single digital register of births and deaths.(2) The review must consider and make recommendations on the effect of the creation of a single digital register on—(a) fraud,(b) data collection, and(c) ease of registration.(3) The Secretary of State must lay the conclusions of their review before Parliament within six months of this section coming into force.””Member’s explanatory statement

This amendment would insert a new section into the Births and Deaths Registration Act 1953 requiring a review of relevant legislation, with consideration of creating a single digital register for registered births and registered deaths and recommendations on the effects of such a change on reducing fraud, improving data collection and streamlining digital registration.

My Lords, I rise to move Amendment 239 and to speak to Amendment 250 in my name. I am grateful to the right reverend Prelate the Bishop of London and the noble Lord, Lord Clement-Jones, for their support for Amendment 250.

These amendments tackle the sensitive but vital process of registering births and deaths. We are pleased that, in Clauses 133 to 137, the Government have set about modernising the Births and Deaths Registration Act 1953. The legislation created a huge paper trail of registrations, with local registrars being required to hold paper copies of every live birth, stillbirth and death, as well as providing certified paper copies of the register entries. Since 2009, registrars have also recorded this information electronically, so there is a huge duplication of effort. The clauses now proposed allow registrars to decide the best form in which to record this information, with an expectation that we will largely move to an online database.

These proposals make sense and will be widely welcomed. They make the functioning of the registrar more efficient. More importantly, they will make it easier for families, particularly those that have been bereaved, to inform authorities at what is often a difficult and distressing time. However, we believe that the Bill could go even further to simplify the process, tackle fraud and support bereaved families.

Our Amendment 239 would move away from individual registrars deciding how to record the information and would instead take the first steps to creating a single digital register of births and deaths. Our proposal is that the Secretary of State should commission a review to consider the viability of such a proposal and its potential impact on tackling fraud, the protection of personal data and whether such a scheme would simplify registration procedures on a national level. It would require the conclusions of the review to be laid before Parliament within six months of the section coming into law.

We believe that this standardisation would make it easier for law enforcement agencies to check whether identities are being stolen and whether patterns of identity theft are emerging. It would also enable regulators to set national standards as to how this information should be protected and accessed by, for example, those with commercial interests. It should also make it easier for individuals living in one part of the country to register a death in another part of the country. I hope that the Minister sees the sense of these modest proposals.

Amendment 250 addresses the further potential for the Tell Us Once service. This has been a welcome initiative, which enables bereaved families to inform a large number of government and public sector bodies that a death has occurred without repeating the details over and over again. This considerably reduces the administrative burden at a time of distress and complexity while dealing with the consequences of a bereavement. However, private organisations are not included and loved ones are still tasked with contacting organisations such as employers, banks, energy and telephone companies and so on. Inevitably, the response from these organisations is variable and can be unwittingly insensitive.

A number of charities, including Marie Curie, came together to establish the UK Commission on Bereavement, which was chaired by the right reverend Prelate the Bishop of London. Its 2022 report found that 61% of adult respondents had experienced practical challenges when notifying an organisation of the death of a loved one. The report made a number of recommendations, with the extension of Tell Us Once being a key issue raised. The report recommended a review of the scheme.

We believe that the time has come to roll out the benefits of the Tell Us Once scheme more widely, so we propose a review of the effectiveness of the current legislation, including any gaps in its provision. Recommendations should then be drawn up to assess whether the scheme could be expanded to include non-public sector, voluntary and private sector holders of personal data. Our proposal is that the Secretary of State should lay a report before Parliament within six months.

This is a common-sense set of proposals, which could bring positive benefits to bereaved families, making best use of digital services to ease the distress and pain of trying to manage a complex web of administrative tasks. I hope that noble Lords and the Minister will see the sense of these proposals and agree to take them forward. I beg to move.

My Lords, I will be brief because we very much support these amendments. Interestingly, Amendment 239 from the noble Baroness, Lady Jones, follows closely on from a Private Member’s Bill presented in November 2021 by the Minister’s colleague, Minister Saqib Bhatti, and before that by the right honourable Andrew Mitchell, who is also currently a Minister. The provenance of this is impeccable, so I hope that the Minister will accept Amendment 239 with alacrity.

We very much support Amendment 250. The UK Commission on Bereavement’s Bereavement is Everyone’s Business is a terrific report. We welcome Clause 133 but we think that improvements can be made. The amendment from the noble Baroness, which I have signed, will address two of the three recommendations that the report made on the Tell Us Once service. It said that there should be a review, which this amendment reflects. It also said that

“regulators must make sure bereaved customers are treated fairly and sensitively”

by developing minimum standards. We very much support that. It is fundamentally a useful service but, as the report shows, it can clearly be improved. I congratulate the noble Baroness, Lady Jones, on picking up the recommendations of the commission and putting them forward as amendments to this Bill.

My Lords, I declare an interest as someone who has been through the paper death registration process and grant of probate, which has something to do with why I am in your Lordships’ House, so I absolutely understand where the noble Baroness, Lady Jones of Whitchurch, is coming from. I thank her for tabling these amendments to Clauses 133 and 142. They would require the Secretary of State to commission a review with a view to creating a single digital register for the registration of births and deaths and to conduct a review of the Government’s Tell Us Once scheme.

Clause 133 reforms how births and deaths are registered in England and Wales by enabling a move from a paper-based system of birth and death registration to registration in a single electronic register. An electronic register is already in use alongside the paper registers and has been since 2009. Well-established safety and security measures and processes are already in place with regard to the electronic infrastructure, which have proven extremely secure in practice. I assure noble Lords that an impact assessment has been completed to consider all the impacts relating to the move to an electronic register, although it should be noted that marriages and civil partnerships are already registered electronically.

The strategic direction is to progressively reduce the reliance on paper and the amount of paper in use, as it is insecure and capable of being tampered with or forged. The creation of a single electronic register will remove the risk of registrars having to transmit loose-leaf register pages back to the register office when they are registering births and deaths at service points across the district. It will also minimise the risk of open paper registers being stolen from register offices.

The Covid-19 pandemic had unprecedented impacts on the delivery of registration services across England and Wales, and it highlighted the need to offer more choice in how births and deaths are registered in the future. The provisions in the Bill will allow for more flexibility in how births and deaths are registered—for example, registering deaths by telephone, as was the case during the pandemic. Over 1 million deaths were successfully registered under provisions in the Coronavirus Act 2020. This service was well received by the public, registrars and funeral services.

Measures will be put in place to ensure that the identity of an informant is established in line with Cabinet Office good practice guidance. This will ensure that information provided by informants can be verified or validated for the purposes of registering by telephone. For example, a medical certificate of cause of death issued by a registered medical practitioner would need to have been received by the registrar before an informant could register a death by telephone. Having to conduct a review, as was proposed by the noble Baroness, Lady Jones, would delay moving to digital ways of working and the benefits this would introduce.

Can I just be clear? The noble Lord was quite rightly saying that there is going to be a move to digital, rather than paper, and we all support that. However, our amendment went one stage further and said that there should be one national digital scheme. In the impact assessment and the strategic direction, to which the noble Lord referred, is one national scheme intended so that registrars do not have the flexibility to do their own thing, with their own computer? Is that now being proposed?

The noble Baroness asks a fair question. A major thing is being proposed, so it is best that we work with our DWP colleagues, and I commit to writing to the noble Baroness and the Committee on that point.

On the amendment to Clause 142, while we agree with the aim of improving the Tell Us Once service, our view is that the only way to achieve this is by upgrading its technology. This work is under way and expected to take up to two years to complete. It will ensure that Tell Us Once continues to operate into the future, providing us with the ability to build on opportunities to improve its speed and efficiency.

Going back to what I said earlier, it would not be right to commit to undertake a review of the service while this upgrading work is ongoing, especially as any extension of the service would require a fundamental change in how it operates, placing additional burdens on registrars and citizens, and undermining that simplicity-of-service principle. For those who still wish to use a paper process, that option will remain. For the reasons that I have set out, I am not able to accept these amendments and I hope that the noble Baroness is happy not to press them.

My Lords, I am grateful to hear that there is some work ongoing on the registrar process and that the noble Lord will write with further details. Obviously, if this work is already happening and we have the same intent, we would accept that our amendment is superfluous, but I need to be a little more assured that that is the case.

I was a bit more disappointed with what the Minister was saying on Tell Us Once. I suspect that the technology upgrade to which he referred is only for the current scheme, which refers only to the public sector. However, our proposal and the Marie Curie proposal, which was very well argued, is that there is now a need to extend that to the private sector—to banks, telephone companies and so on.

I did not really hear the Minister saying that that was going to be the case but, if he is going to write, maybe he could embrace that as well. As I said, Tell Us Once is a hugely popular scheme and if we can extend it further to a wider group of organisations, that would be a very popular thing for the Government to do.

In the meantime, I beg leave to withdraw the amendment.

Amendment 239 withdrawn.

Clauses 133 agreed.

Clauses 134 to 137 agreed.

Schedule 12 agreed.

Clause 138: National Underground Asset Register

Amendment 240

Moved by

240: Clause 138, page 172, line 14, leave out “Part 3” and insert “this Act”

Member's explanatory statement

This amendment is consequential on the amendment to this clause in my name moving provision about the initial upload of information into the National Underground Asset Register into a new section to be inserted into Part 3A of the New Roads and Street Works Act 1991 (inserted by this clause).

My Lords, I now turn to the national underground asset register, which I will refer to as NUAR. It is a new digital map of buried pipes and cables that is revolutionising the way that we install, maintain, operate and repair our buried infrastructure. The provisions contained in the Bill will ensure workers have complete and up-to-date access to the data that they need, when they need it, through the new register. NUAR is estimated to deliver more than £400 million per year of economic growth through increased efficiency, reduced accidental damage and fewer disruptions for citizens and businesses. I am therefore introducing several government amendments, which are minor in nature and aim to improve the clarity of the Bill. I hope that the Committee will be content if I address these together.

Amendment 244 clarifies responsibilities in relation to the licensing of NUAR data. As NUAR includes data from across public and private sector organisations, it involves both Crown and third-party intellectual property rights, including database rights. This amendment clarifies that the role of the Keeper of the National Archives in determining the licence terms for Crown IP remains unchanged. This will require the Secretary of State to work through the National Archives to determine licence terms for Crown data, as was always intended. Amendments 243 and 245 are consequential to this change.

Similarly, Amendment 241 moves the provision relating to the first initial upload of data to the register under new Part 3A to make the Bill clearer, with Amendments 248 and 249 consequential to this change.

Amendment 242 is a minor and technical amendment that clarifies that regulations made under new Section 106B(1) can be made “for or in connection with”—rather than solely “in connection with”—the making of information kept in NUAR available, with or without a licence.

Amendment 247 is another minor and technical amendment to ensure that consistent language is used throughout Schedule 13 and so further improve the clarity of these provisions. These amendments provide clarity to the Bill; they do not change the underlying policy.

Although Amendment 298 is not solely focused on NUAR, this might perhaps be a convenient point for me to briefly explain it to your Lordships. Amendment 298 makes a minor and technical amendment to Clause 154, the clause which sets out the extent of the Bill. Subsection (4) of that clause currently provides that an amendment, repeal or revocation made by the Bill

“has the same extent as the enactment amended, repealed or revoked”.

Subsection (4) also makes clear that this approach is subject to subsection (3), which provides for certain provisions to extend only to England and Wales and Northern Ireland. Upon further reviewing the Bill, we have identified that subsection (4) should, of course, also be subject to subsection (2), which provides for certain provisions to extend only to England and Wales. Amendment 298 therefore makes provision to ensure that the various subsections of Clause 154 operate effectively together as a coherent package.

I now turn to a series of amendments raised by the noble Lord, Lord Clement-Jones. Amendments 240A and 240B relate to new Section 106A, which places a duty on the Secretary of State to keep a register of information relating to apparatus in streets in England and Wales. Section 106A allows for the Secretary of State to make regulations that establish the form and manner in which the register is kept. The Bill as currently drafted provides for these regulations to be subject to the negative procedure. Amendment 240A calls for this to be changed to the affirmative procedure, while Amendment 240B would require the publication of draft regulations, a call for evidence and the subsequent laying before Parliament of a statement by the Secretary of State before such regulations can be made.

The provisions in new Section 106A are necessary to enable the Secretary of State to adapt and enhance the service over time by taking advantage of the latest technologies, and to continuously incorporate the feedback of asset owners and users to evolve the service to meet changing needs. We therefore anticipate areas covered by these regulations to be limited and technical in nature—for example, decisions related to the database architecture, infrastructure design or cloud host services used.

Importantly, the provisions under new Section 106A have been separated out from other regulation-making powers in the Bill, such as those related to obligations that will be placed on owners of buried assets and the setting of licensing terms, to allow the most appropriate different consultation requirements and parliamentary procedure to apply to each of them. Consequently, the Government believe that the negative procedure strikes an appropriate balance between affording a degree of parliamentary scrutiny and making proportionate use of parliamentary time. I note that the Delegated Powers and Regulatory Reform Committee did not raise any concerns in relation to NUAR’s proposed measures in its report on the Bill.

Amendment 241A seeks to require a review of pre-existing services. The Geospatial Commission has been engaging with stakeholders on NUAR since 2018. Since then, there have been extensive reviews of existing processes and data exchange services, including via a call for evidence, a pilot project, a public consultation, focus groups and various workshops and other interactions. This work identified that, although there are a handful of services that help to facilitate the exchange of data related to assets in the street, none provides the same service as NUAR—namely, the near real-time exchange of the comprehensive data required by users, including for emergency works. Instead, these services provide incomplete data, in a range of formats—most often PDF—scales, levels of quality and timescales, which results in it taking excavators an average of 6.1 days to receive and process all the information needed to carry out an excavation. NUAR will provide access to all the data needed in a standardised and digitally interactive format in less than 60 seconds, which is why it has the support of industry.

Prior to tabling these provisions, a robust impact assessment on the impact of NUAR, including on existing businesses that help to facilitate the exchange of data, was carried out and received a green rating from the Regulatory Policy Committee. Where required in accordance with the standard regulation-making process, additional impact assessments will of course also be laid before Parliament as these provisions are implemented. As such, the Government do not deem the requirement to be necessary: it would only delay the realisation of significant benefits to industry and the wider economy.

Amendments 249A and 299A would require a further call for evidence in relation to the impacts of NUAR before these measures can be commenced. In addition to the extensive engagement, particularly the RPC green-rated impact assessment that I have just mentioned, I draw to noble Lords’ attention the fact that we have placed a duty on the Secretary of State to consult relevant stakeholders in areas that will be of highest interest, such as when making regulations implementing the funding model or the requirement to report inaccuracies under new Section 80.

The success of NUAR is largely due to it being developed with industry and other stakeholders, including the security services, for the benefit of industry and citizens—an approach we plan to continue. NUAR has support from the intended beneficiaries of this service—asset owners and excavators—and is on track to deliver the envisaged benefits of £400 million per annum. As one excavator recently stated, if our old system was a horse and cart, NUAR is a Formula 1 car.

For these reasons, I am not able to accept these amendments. I hope the noble Lord will therefore not press them. I beg to move Amendment 240.

My Lords, I thank the Minister for his exposition. He explained the purposes of Clauses 138 to 141 and extolled their virtues, and helpfully explained what my amendments are trying to do—not that he has shot any foxes in the process.

The purpose of my amendments is much more fundamental, and that is to question the methodology of the Government in all of this. The purpose of NUAR is to prevent accidental strikes where building works damage underground infrastructure. However, the Government seem to have ignored the fact that an equivalent service—LinesearchbeforeUdig, or LSBUD—already achieves these aims, is much more widely used than NUAR and is much more cost effective. The existing system has been in place for more than 20 years and now includes data from more than 150 asset owners. It is used by 270,000 UK digging contractors and individuals—and more every day. The fact is that, without further consultation and greater alignment with current industry best practice, NUAR risks becoming a white elephant, undermining the safe working practices that have kept critical national infrastructure in the UK safe for more than two decades.

However, the essence of these amendments is not to cancel NUAR but to get NUAR and the Government to work much more closely with the services that already exist and those who wish to help. They are designed to ensure that proper consultation and democratic scrutiny is conducted before NUAR is implemented in statutory form. Essentially, the industry says that NUAR could be made much better and much quicker if it worked more closely with the private sector services that already exist. Those who are already involved with LinesearchbeforeUdig say, first of all, that NUAR will create uncertainty and reduce safety, failing in its key aims.

The Government have been developing the NUAR since 2018. Claiming that it would drive a reduction in unexpected underground assets being damaged in roadworks, the impact assessment incorrectly states:

“No businesses currently provide a service that is the same or similar to the service that NUAR would provide”.

In fact, as I said, LSBUD has been providing a safe digging service in the UK for 20 years and has grown significantly over that time. Without a plan to work more closely with LSBUD as the key industry representative, NUAR risks creating more accidental strikes of key network infrastructure, increasing risks to workers safety through electrical fires, gas leaks, pollution and so on. The public at home or at work would also suffer more service outages and disruption.

Secondly, NUAR will add costs and stifle competition. The Government claim that NUAR will deliver significant benefits to taxpayers, reduce disruption and prevent damage to underground assets, but the impact assessment ignores the fact that NUAR’s core functions are already provided through the current system—so its expected benefits are vastly overstated. While asset owners, many of whom have not been consulted, will face costs of more than £200 million over the first 10 years, the wholesale publication of asset owners’ entire networks creates commercially sensitive risks, damaging innovation and competition. Combined with the uncertainties about how quickly NUAR can gain a critical mass of users and data, this again calls into question why NUAR does not properly align with and build on the current system but instead smothers competition and harms a successful, growing UK business.

Thirdly, NUAR risks undermining control over sensitive CNI data. Underground assets are integral to critical national infrastructure; protecting them is vital to the UK’s economic and national security. LSBUD deliberately keeps data separate and ensures that data owners remain in full control over who can access their data via a secure exchange platform. NUAR, however, in aiming to provide a single view of all assets, removes providers’ control over their own data—an essential security fail-safe. It would also expand opportunities for malicious actors to target sectors in a variety of ways—for instance, the theft of copper wires from telecom networks.

NUAR shifts control over data access to a centralised government body, with no clear plan for how the data is to be protected from unauthorised access, leading to serious concerns about security and theft. Safe digging is paramount; mandating NUAR will lead to uncertainty, present more health and safety dangers to workers and the public and put critical national infrastructure at risk. These plans require further review. There needs to be, as I have said, greater alignment with industry best practice. Without further consultation, NUAR risks becoming a white elephant that undermines safe digging in the UK and increases risk to infrastructure workers and the public.

I will not go through the amendments individually as the Minister has mentioned what their effect would be, but I will dispel a few myths. The Government have claimed that NUAR has the overwhelming support of asset owners. In the view of those who briefed me, that is not an accurate reflection of the broadband and telecoms sector in particular; a number of concerns from ISPA members have been raised with the NUAR team around cost and security that have yet to be addressed. This is borne out by the fact that there are notable gaps in the major asset owners in the telecoms sector signed up to NUAR at this time.

Clearly, the noble Viscount is resisting changing the procedure by which these changes are made from negative to affirmative, but I hope I have gone some way to persuade the Committee of the importance of this change to how the NUAR system is put on a statutory footing. He talked about a “handful” of data; the comprehensive nature of the existing system is pretty impressive, and it is a free service, updated on a regular basis, which covers more than 150 asset owners and 98% of high-risk assets. NUAR currently covers only one-third of asset owners. The comparisons are already not to the advantage of NUAR.

I hope the Government will at least, even if they do not agree with these amendments, think twice before proceeding at the speed they seem to be and without the consent or taking on board the concerns of those who are already heavily engaged with Linesearch- beforeUdig who find it pretty satisfactory for their purposes.

My Lords, the Minister really did big up this section of the Bill. He said it would revolutionise this information service, that it would bring many benefits, has a green rating, would be the Formula 1 of data transfer in mapping and so on. We were led to expect quite a lot from this part of the legislation. It is an important part of the Bill, because it signifies some government progress towards the goal of creating a comprehensive national underground asset register, as he put it, or NUAR. We are happy to support this objective, but we have concerns about the progress being made and the time it is taking.

To digress a bit here, it took me back 50 years to when I was a labourer working by the side of a bypass. One of the guys I was working with was operating our post hole borer; it penetrated the Anglian Water system and sent a geyser some 20 metres up into the sky, completely destroying my midday retreat to the local pub between the arduous exercise of digging holes. Had he had one of the services on offer, I suspect that we would not have been so detained. It was quite an entertaining incident, but it clearly showed the dangers of not having good mapping.

As I understand it, and as was outlined by the noble Lord, Lord Clement-Jones, since 2018 the Government have been moving towards this notion of somewhere recording what lies below the surface in our communities. We have had street works legislation going back several decades, from at least 1991. In general, progress towards better co-ordination of utilities excavations has not been helped by poor and low levels of mapping and knowledge of what and which utilities are located underground. This is despite the various legislative attempts to make that happen, most of which have attempted to bring better co-ordination of services.

For the above reasons, we broadly welcome the Government’s latest moves towards putting NUAR on a statutory footing. As I said, our principal concern has been the time it has taken to get round to doing it and making efficient use of the data.

The Minister outlined the Government’s amendments very carefully and extensively. He has told us that they are mostly tidying up, are minor and technical, and all about consistency of language. I am happy to accept that.

I can well understand the concerns that lie behind the amendments from the noble Lord, Lord Clement-Jones. He and I obviously shared the same briefing. There is no doubt that the briefing from Linesearch- beforeUdig—LSBUD—raises a number of thorny issues and questions, which need answering before we finally agree these clauses.

The noble Lord’s Amendment 241A would require a review, Amendment 249A would delay implementation until the review has been completed and Amendment 299A seeks the publication of evidence for a new service before commencing the NUAR provisions. Together with the clause stand part notices, they provide the Committee with the opportunity to probe the Government’s thinking.

In essence, the LinesearchbeforeUdig briefing suggests that, without aligning with proven best practice, as the noble Lord said, NUAR poses a serious risk of creating uncertainty, reducing safety, adding unnecessary costs, stifling competition and compromising data. Those are fairly serious concerns.

As I understand it, the Government’s intention is to bring NUAR fully into service during 2031-32—some six or seven years away. NUAR covers only a third of asset owners currently, and the Government’s own assessment suggests that “significant issues exist”, with successful delivery of its services appearing to be only “feasible”, at this stage.

It is not my job to argue the case for a private operator of a mapping service for underground assets but, on the face of it, LSBUD has been operating a pretty comprehensive service for some 20 years. As the noble Lord said, it processes 4 million inquiries annually, covering all the major underground utilities—gas, water, electricity, telecom cables and more. It says that 80% of excavations in the UK involve a LSBUD search, so it has a lot of knowledge and experience. I was perhaps expecting the Minister to refer to that.

Given that LSBUD appears to have a significant share of this service market, how is the NUAR intended to work with it to protect our valuable underground assets, before it finally becomes this Formula 1 service? Can we be assured that NUAR will draw on LSBUD’s expertise and knowledge? What measures will the Government put in place to protect the security of data provided by asset owners, where commercial sensitivities are concerned? What steps will NUAR take to guarantee that security and public safety are hard-wired into its working practices? Do the Government and NUAR have a plan to ensure that the asset owners will be protected from unauthorised access to their data? How will the Government ensure that NUAR aligns itself with current industry best practice? Given that LSBUD offers a free service, are the Government confident that the service that they have created, which is reliant on licensing and fee arrangements, will be both comprehensive and used?

I know that those sounded like fairly hard-nosed questions but, as I said at the outset, we are entirely supportive of the direction of travel of NUAR. Our principal concerns are, as the noble Lord, Lord Clement-Jones, put it, to ensure that critical national infrastructure developments are not placed at risk during the creation, development and emergence of this service. It would be deeply ironic if, in developing a service that is designed to protect our most important underground utilities, we ended up putting them in jeopardy simply because of a system failure in data capture and mapping. I think that both the noble Lord, Lord Clement-Jones, and I require answers to those questions.

I start by thanking the noble Lords, Lord Clement-Jones and Lord Bassam, for their respective replies. As I have said, the Geospatial Commission has been engaging extensively with stakeholders, including the security services, on NUAR since 2018. This has included a call for evidence, a pilot project, a public consultation, focus groups, various workshops and other interactions. All major gas and water companies have signed up, as well as several large telecoms firms.

While the Minister is speaking, maybe the Box could tell him whether the figure of only 33% of asset owners having signed up is correct? Both I and the noble Lord, Lord Bassam, mentioned that; it would be very useful to know.

It did complete a pilot phase this year. As it operationalises, more and more will sign up. I do not know the actual number that have signed up today, but I will find out.

NUAR does not duplicate existing commercial services. It is a standardised, interactive digital map of buried infrastructure, which no existing service is able to provide. It will significantly enhance data sharing and access efficiency. Current services—

I am concerned. We get the principle behind NUAR, but is there an interface between NUAR and this other service—which, on the face of it, looks quite extensive—currently in place? Is there a dialogue between the two? That seems to be quite important, given that there is some doubt over NUAR’s current scope.

I am not sure that there is doubt over the current scope of NUAR; it is meant to address all buried infrastructure in the United Kingdom. LSBUD does make extensive representations, as indeed it has to parliamentarians of both Houses, and has spoken several times to the Geospatial Commission. I am very happy to commit to continuing to do so.

My Lords, the noble Lord, Lord Bassam, is absolutely right to be asking that question. We can go only on the briefs we get. Unlike the noble Lord, Lord Bassam, I have not been underground very recently, but we do rely on the briefings we get. LSBUD is described as a

“sustainably-funded UK success story”—

okay, give or take a bit of puff—that

“responds to most requests in 5 minutes or less”.

It has

“150+ asset-owners covering nearly 2 million km and 98% of high-risk assets—like gas, electric, and fuel pipelines”.

That sounds as though we are in the same kind of territory. How can the Minister just baldly state that NUAR is entirely different? Can he perhaps give us a paragraph on how they differ? I do not think that “completely different” can possibly characterise this relationship.

As I understand it, LSBUD services are provided on a pdf, on request. It is not interactive; it is not vector-based graphics presented on a map, so it cannot be interrogated in the same way. Furthermore, as I understand it—and I am happy to be corrected if I am misstating—LSBUD has a great many private sector asset owners, but no public sector data is provided. All of it is provided on a much more manualised basis. The two services simply do not brook comparison. I would be delighted to speak to LSBUD.

My Lords, we are beginning to tease out something quite useful here. Basically, NUAR will be pretty much an automatic service, because it will be available online, I assume, which has implications on data protection, on who owns the copyright and so on. I am sure there are all kinds of issues there. It is the way the service is delivered, and then you have the public sector, which has not taken part in LSBUD. Are those the two key distinctions?

Indeed, there are two key distinctions. One is the way that the information is provided online, in a live format, and the other is the quantity and nature of the data that is provided, which will eventually be all relevant data in the United Kingdom under NUAR, versus those who choose to sign up on LSBUD and equivalent services. I am very happy to write on the various figures. Maybe it would help if I were to arrange a demonstration of the technology. Would that be useful? I will do that.

Unlike the noble Lord, Lord Bassam, I do not have that background in seeing what happens with the excavators, but I would very much welcome that. The Minister again is really making the case for greater co-operation. The public sector has access to the public sector information, and LSBUD has access to a lot of private sector information. Does that not speak to co-operation between the two systems? We seem to have warring camps, where the Government are determined to prove that they are forging ahead with their new service and are trampling on quite a lot of rights, interests and concerns in doing so—by the sound of it. The Minister looks rather sceptical.

I am not sure whose rights are being trampled on by having a shared database of these things. However, I will arrange a demonstration, and I confidently state that nobody who sees that demonstration will have any cynicism any more about the quality of the service provided.

In addition to the situation that the noble Lord, Lord Bassam, described, I was braced for a really horrible situation, because these things very often lead to danger and death, and there is a very serious safety argument to providing this information reliably and rapidly, as NUAR will.

My Lords, it took them half a day to discover where the hole had gone and what the damage was. The water flooded several main roads and there were traffic delays and the rest. So these things are very serious. I was trying to make a serious point while being slightly frivolous about it.

No, indeed, it is a deeply serious point. I do not know the number off the top of my head but there are a number of deaths every year as a result of these things.

As I was saying, a thorough impact assessment was undertaken for the NUAR measures, which received a green rating from the Regulatory Policy Committee. Impacts on organisations that help facilitate the exchange of data related to assets in the street were included in the modelling. Although NUAR could impact existing utility—

I cannot resist drawing the Minister’s attention to the story in today’s Financial Times, which reports that two major water companies do not know where their sewers are. So I think the impact is going to be a little bit greater than he is saying.

I saw that story. Obviously, regardless of how they report the data, if they do not know, they do not know. But my thought was that, if there are maps available for everything that is known, that tends to encourage people who do not know to take better control of the assets that they manage.

A discovery project is under way to potentially allow these organisations—these alternative providers—to access NUAR data; LSBUD has been referenced, among others. It attended the last three workshops we conducted on this, which I hope could enable it to adapt its services and business models potentially to mitigate any negative impacts. Such opportunities will be taken forward in future years should they be technically feasible, of value, in the public interest and in light of the views of stakeholders, including asset owners.

A national underground asset register depends on bringing data together from asset owners on to a single standardised database. This will allow data to be shared more efficiently than was possible before. Asset owners have existing processes that have been developed to allow them to manage risks associated with excavations. These processes will be developed in compliance with existing guidance in the form of HSG47. To achieve this, those working on NUAR are already working closely with relevant stakeholders as part of a dedicated adoption group. This will allow for a safe and planned rollout of NUAR to those who will benefit from it.

Additionally, I turn to the very proper concerns raised by the noble Lord, Lord Clement-Jones, on safety. I assure the Committee that the NUAR will seek to improve safety, as it will allow us to have access to comprehensive data at our fingertips whenever it may be needed—24 hours a day, seven days a week. Even a single pipe or cable can cause serious injury or death if accidentally damaged. It can also lead to the costly disruption of services to businesses and citizens. It really is important, therefore, that the NUAR includes all data about buried assets.

The NUAR includes a number of safeguards to ensure that data is accessed only for permitted purposes under controlled conditions. This includes access controls, the ability of asset owners to flag particularly sensitive or critical data for redaction, and owners’ ability to specify additional safe working requirements for hazardous sites and assets, such as site supervision. These have been developed in collaboration with asset owners, security experts and the security services.

Before the Minister’s peroration, I just want to check something. He talked about the discovery project and contact with the industry; by that, I assume he was talking about asset owners as part of the project. What contact is proposed with the existing company, LinesearchbeforeUdig, and some of its major supporters? Can the Government assure us that they will have greater contact or try to align? Can they give greater assurance than they have been able to give today? Clearly, there is suspicion here of the Government’s intentions and how things will work out. If we are to achieve this safety agenda—I absolutely support it; it is the fundamental issue here—more work needs to be done in building bridges, to use another construction metaphor.

As I said, the Government have met the Geospatial Commission many times. I would be happy to meet it in order to help it adapt its business model for the NUAR future. As I said, it has attended the last three discovery workshops, allowing this data.

I close by thanking noble Lords for their contributions. I hope they look forward to the demonstration.

Amendment 240 agreed.

Amendments 240A and 240B not moved.

Amendment 241

Moved by

241: Clause 138, page 172, line 16, at end insert—

“106AA Initial upload of information into NUAR(1) Before the end of the initial upload period an undertaker having apparatus in a street must enter into NUAR— (a) all information that is included in the undertaker’s records under section 79(1) on the archive upload date, and(b) any other information of a prescribed description that is held by the undertaker on that date.(2) The duty under subsection (1) does not apply in such cases as may be prescribed.(3) Information must be entered into NUAR under subsection (1) in such form and manner as may be prescribed.(4) For the purposes of subsection (1) the Secretary of State must by regulations—(a) specify a date as “the archive upload date”, and(b) specify a period beginning with that date as the “initial upload period”.(5) Regulations under this section are subject to the negative procedure.”Member’s explanatory statement

This amendment moves provision about the initial upload of information into the National Underground Asset Register into a new section to be inserted into Part 3A of the New Roads and Street Works Act 1991 (inserted by this clause).

Amendment 241A (to Amendment 241) not moved.

Amendment 241 agreed.

Amendments 242 to 246

Moved by

242: Clause 138, page 172, line 18, after “provision” insert “for or”

Member’s explanatory statement

This amendment makes clear that regulations under section 106B(1) of the New Roads and Street Works Act 1991 (inserted by this clause) may make provision for, as well as provision in connection with, making information kept in the National Underground Asset Register available.

243: Clause 138, page 172, line 19, leave out from “available” to end of line 21

Member’s explanatory statement

This amendment is consequential on the next amendment to this clause in my name.

244: Clause 138, page 173, line 2, at end insert—

“(h) make provision for or in connection with the granting of licences by the Secretary of State in relation to any non-Crown IP rights that may exist in relation to information made available (including provision about the form of a licence and the terms and conditions of a licence);(i) make provision for information to be made available for free or for a fee;(j) make provision about the amounts of the fees, including provision for the amount of a fee to be an amount which is intended to exceed the cost of the things in respect of which the fee is charged;(k) make provision about how funds raised by means of fees must or may be used, including provision for funds to be paid to persons who are required, by a provision of this Act, to enter information into NUAR.”Member’s explanatory statement

This amendment moves provision about licensing and the charging of fees under regulations under section 106B of the New Roads and Street Works Act 1991 (inserted by this clause) into subsection (2) of that section; and makes it clear that those regulations will only provide for licensing in relation to non-Crown rights.

245: Clause 138, page 173, leave out lines 3 to 16

Member’s explanatory statement

This amendment is consequential on the previous amendment to this clause in my name.

246: Clause 138, page 173, line 24, at end insert—

“(6) In this section—“database right” has the same meaning as in Part 3 of the Copyright and Rights in Databases Regulations 1997 (S.I. 1997/3032);“non-Crown IP right” means any copyright, database right or other intellectual property right which is not owned by the Crown.”Member’s explanatory statement

This amendment provides for definitions and is consequential on the amendment to this clause in my name making clear that regulations under section 106B of the New Roads and Street Works Act 1991 (inserted by this clause) will only provide for licensing in relation to non-Crown rights.

Amendments 242 to 246 agreed.

Clause 138, as amended, agreed.

Schedule 13: National Underground Asset Register: monetary penalties

Amendment 247

Moved by

247: Schedule 13, page 271, leave out lines 22 and 23 and insert “the date specified in the warning notice in accordance with paragraph 2(2)(d).”

Member’s explanatory statement

This amendment ensures that language used in paragraphs 2 and 3 of Schedule 5A to the New Roads and Street Works Act 1991 (inserted by this Schedule) is consistent.

Amendment 247 agreed.

Schedule 13, as amended, agreed.

Clause 139: Information in relation to apparatus

Amendments 248 and 249

Moved by

248: Clause 139, page 178, line 19, leave out paragraph (f) and insert—

“(f) after subsection (3A) insert—“(3B) Except in such cases as may be prescribed, where an undertaker records information as required by subsection (1) or (1B), or updates such information, the undertaker must, within a prescribed period, enter the recorded or updated information into NUAR.(3C) Information must be entered into NUAR under subsection (3B) in such form and manner as may be prescribed.””Member’s explanatory statement

This amendment and the next amendment to this clause in my name are consequential on the amendment to clause 138 in my name moving provision about the initial upload of information into the National Underground Asset Register into a new section to be inserted into Part 3A of the New Roads and Street Works Act 1991 (inserted by clause 138).

249: Clause 139, page 178, line 39, leave out paragraph (h) and insert—

“(h) after subsection (6) insert—“(7) For the meaning of “NUAR”, see section 106A.””Member’s explanatory statement

This amendment and the previous amendment to this clause in my name are consequential on the amendment to clause 138 in my name moving provision about the initial upload of information into the National Underground Asset Register into a new section to be inserted into Part 3A of the New Roads and Street Works Act 1991 (inserted by clause 138).

Amendments 248 and 249 agreed.

Clause 139, as amended, agreed.

Clauses 140 and 141 agreed.

Amendment 249A not moved.

Clause 142 agreed.

Amendment 250 not moved.

Amendment 251

Moved by

251: After Clause 142, insert the following new Clause—

“Evidence from computer records(1) In any proceedings, a statement containing information in a document produced by a computer is not to be admissible as evidence of any fact stated therein unless it is shown—(a) that there are no reasonable grounds for believing that the information contained in the statement is inaccurate because of improper use of the computer,(b) that at all material times the computer was operating properly, or if not, that any respect in which it was not operating properly or was out of operation was not such as to materially affect the production of the document or the accuracy of the information it contains, and(c) that any relevant conditions specified in rules of court under subsection (2) below are satisfied.(2) Provision may be made by rules of court requiring that in any proceedings where it is desired to give a statement in evidence by virtue of this section such information concerning the statement as may be required by the rules must be provided in such form and at such time as may be so required.”Member’s explanatory statement

This probing amendment reinstates the substantive provisions of section 69 of the Police and Criminal Evidence Act 1984. In light of the Post Office Horizon scandal, this would revoke the current assumption that the information provided by computers is always accurate.

My Lords, Amendment 251 is also in the names of the noble Lords, Lord Arbuthnot and Lord Clement-Jones, and the noble Baroness, Lady Jones. I commend the noble Lord, Lord Arbuthnot, for his staunch support of the sub-postmasters over many years. I am grateful to him for adding his name to this amendment.

This amendment overturns a previous intervention in the law that has had and will continue to have far-reaching consequences if left in place: the notion that computer evidence should in law be presumed to be reliable. This error, made by the Government and the Law Commission at the turn of the century and reinforced by the courts over decades, has, as we now know, cost innocent people their reputations, their livelihoods and, in some cases, their lives.

Previously, Section 69 of the Police and Criminal Evidence Act 1984 required prosecutors in criminal cases relying on information from computers to confirm that the computer was operating correctly and could not have been tampered with before it submitted evidence. As the volume of evidence from computers increased, this requirement came to be viewed as burdensome.

In 1997, the Law Commission published a paper, Evidence in Criminal Proceedings: Hearsay and Related Topics, in which it concluded that Section 69

“fails to serve any useful purpose”.

As a result, it was repealed. The effect of this repeal was to create a common law presumption, in both criminal and civil proceedings, of the proper functioning of machines—that is to say, the computer is always right. In principle, there is a low threshold for rebutting this presumption but, in practice, as the Post Office prosecutions all too tragically show, a person challenging evidence derived from a computer will typically have no visibility of the system in question or the ways in which it could or did fail. As a result, they will not know what records of failures should be disclosed to them and might be asked for.

This situation was illustrated in the Post Office prosecution of sub-postmaster Mrs Seema Misra. Paul Marshall, Mrs Misra’s defence lawyer, describes how she was

“taunted by the prosecution for being unable to point to any … identifiable … problem”,

while they hid behind the presumption that the Horizon system was “reliable” under the law. On four occasions during her prosecution, Mrs Misra requested court order disclosure by the Post Office of Horizon error records. Three different judges dismissed her applications. Mrs Misra went to prison. She was eight weeks pregnant, and it was her son’s 10th birthday. On being sentenced, she collapsed.

The repeal of Section 69 of PACE 1984 reflects the Law Commission’s flawed belief that most computer errors were “down to the operator” or “apparent to the operator”, and that you could

“take as read that computer evidence is reliable unless a person can say otherwise”.

In the words of a colleague of mine from the University of Oxford, a professor of computing with a side consultancy specialising in finding bugs for global tech firms ahead of rollout, this assumption is “eye-wateringly mistaken”. He recently wrote to me and said:

“I have been asking fellow computer scientists for evidence that computers make mistakes, and have found that they are bewildered at the question since it is self-evident”.

There is an injustice in being told that a machine will always work as expected, and a further injustice in being told that the only way you can prove that it does not work is to ask by name for something that you do not know exists. That is to say, Mrs Misra did not have the magic word.

In discussions, the Government assert that the harm caused by Horizon was due to the egregious failures of corporate governance at the Post Office. That there has been a historic miscarriage of justice is beyond question, and the outcome is urgently awaited. But the actions of the Post Office were made possible in part because of a flaw in our legal and judicial processes. What happened at the Post Office is not an isolated incident but potentially the tip of an iceberg, where the safety of an unknown number of criminal convictions and civil judgments is called into question.

For example, the Educational Testing Service, an online test commissioned by the Home Office, wrongly determined that 97% of English language students were cheating, a determination that cost the students their right to stay in the UK and/or their ability to graduate, forfeiting thousands of pounds in student fees. The Guardian conducted interviews with dozens of the students, who described the painful consequences. One man was held in UK immigration detention centres for 11 months. Others described being forced into destitution, becoming homeless and reliant on food banks as they attempted to challenge the accusation. Others became depressed and suicidal when confronted with the wasted tuition fees and the difficulty of shaking off an allegation of dishonesty.

The widespread coverage of the Horizon scandal has made many victims of the Home Office scandal renew their efforts to clear their names and seek redress. In another case, at the Princess of Wales Hospital in 2012, nurses were wrongly accused of falsifying patient records because of discrepancies found with computer records. Some of the nurses were subjected to criminal prosecution, suffering years of legal action before the trial collapsed, when it emerged that a visit by an engineer to fix a bug had eradicated all the data that the nurses were accused of failing to gather. That vital piece of information could easily have been discovered and disclosed, if computer evidence was not automatically deemed to be reliable.

I do not seek to come to a judgment on any of these cases. I simply make the point that to assume that evidence from computer software is reliable is nonsense. This is backed up by a number of high-profile tech failures: the 999 emergency call system failed on 25 June 2023; air traffic control failed on 28 August 2023, with 700,000 passengers disrupted after planes were grounded because of a simple bug; there was evidence at the Grenfell inquiry that the fire brigade IT system played a part in the controllers not understanding the full extent of what was happening; and there have been dozens of occasions when banking system failures have meant that people could not transfer funds, including to complete time-sensitive house purchases or contractual obligations. Indeed, it is not unusual but entirely expected that these things happen.

Roger Bickerstaff is a partner at law firm Bird & Bird who specialises in technology. He wrote earlier this year that

“for the last 20 years at least, it has generally been recognised by IT lawyers in software contracts, as opposed to criminal law and civil litigation, that software is inherently prone to errors”.

Amendment 291 reinstates Section 69 of the 1984 Act with the addition of the word “material”. The effect of this is to shift the burden of establishing that the evidence produced from computers is reliable back, once again, to the person relying on such evidence, so that there are systems and processes in place to place to monitor, address and log issues. I added “material”, because bugs and security issues are so frequent and inevitable, and not all undermine the reliable operation of software systems. The wording therefore avoids the risk of overcorrection.

There have been previous efforts to tackle this issue, including by Alex Chalk, then Parliamentary Under-Secretary of State, now Lord Chancellor, who commissioned a report to improve the existing approach to proof in court proceedings on computer-derived evidence. I have read a published version of the report and am surprised that the Government did not accept its practical approach, but rather determined that they have

“no plans to review the presumption”.

They instead cite Mr Justice Fraser’s finding that the Post Office demonstrated a simple institutional obstinacy or refusal to consider any possible alternatives to its view of Horizon, which was maintained regardless of the weight of factual evidence to the contrary. Yes, the Post Office showed an institutional obstinacy—that is a generous interpretation—but the law provided cover and the law remains in place.

I met with the Lord Chancellor and I was grateful for his time. He indicated a willingness to acknowledge that there is an issue. I understand that he may not wish to revert to language from 1984, as in the amendment in front of us. The amendment is probing and intended to draw noble Lords’ attention to the urgent problem, but either it must stand or we need another route to the same ends, because to enshrine in law the idea that computer evidence is reliable makes the law an ass and is a recipe for future injustice.

There is a desperate need to clarify and add detail to the court rules on disclosure for computer evidence. In the 21st century, it is necessary for court proceedings to have full sight of relevant material, for example security and maintenance records or bug logs. The yawning gap between swearing under oath that the evidence given is true and the lack of responsibility for the accuracy of computer evidence in court proceedings is simply mind-boggling. We need a legal duty on those proffering computer evidence to confirm that they know of no reason why the information put in evidence should not be accepted as being reliable or true, as well as some responsibility for that. As we have said so many times in Committee, the Government should reconsider their position on removing the balancing test for automated decision-making on the understanding that automating errors reproduces them at scale.

I look forward to the speeches of my fellow signatories and hope that, when he responds, the Minister will be able to reflect previous indications from the Ministry of Justice that the Government are willing to find a path through this—rather than being yet another politician who turned a blind eye to injustice in plain sight and chose not to be part of the journey to justice. I beg to move.

My Lords, I congratulate the noble Baroness, Lady Kidron, on her amendment and thank her for allowing me to add my name to it. I agree with what she said. I, too, had the benefit of a meeting with the Lord Chancellor, which was most helpful. I am grateful to Mr Paul Marshall—whom the noble Baroness mentioned and who has represented several sub-postmasters in the Horizon scandal—for his help and advice in this matter.

My first short point is that evidence derived from a computer is hearsay. There is good reason for treating hearsay evidence with caution. Computer scientists know—although the general public do not—that only the smallest and least complex computer programs can be tested exhaustively. I am told that the limit for that testing is probably around 100 lines of a well-designed and carefully written program. Horizon, which Mr Justice Fraser said was not in the least robust, consisted of a suite of programs involving millions of lines of code. It will inevitably have contained thousands of errors because all computer programs do. Most computer errors do not routinely cause malfunctions. If they did, they would be spotted at an early stage and the program would be changed—but potentially with consequential changes to the program that might not be intended or spotted.

We are all aware of how frequently we are invited to accept software updates from our mobile telephone’s software manufacturers. Those updates are not limited to security chinks but are also required because bugs—or, as we learned yesterday from Paula Vennells’s husband, anomalies and exceptions—are inevitable in computer programs. That is why Fujitsu had an office dedicated not just to altering the sub-postmasters’ balances, shocking as that is, but to altering and amending a program that was never going to be perfect because no computer program is.

The only conclusion that one can draw from all this is that computer programs are, as the noble Baroness said, inherently unreliable, such that having a presumption in law that they are reliable is unsustainable. In the case of the DPP v McKeown and Jones—in 1997, I think—Lord Hoffmann said:

“It is notorious that one needs no expertise in electronics to be able to know whether a computer is working properly”.

One must always hesitate before questioning the wisdom of a man as clever as Lord Hoffmann, but he was wrong. The notoriety now attaches to his comment.

The consequences of the repeal of Section 69 of the Police and Criminal Evidence Act 1984 have been that it reverses the burden of proof, so that Seema Misra was sent to prison in the circumstances set out by the noble Baroness. Further, this matter is urgent for two reasons; they slightly conflict with each other, but I will nevertheless set them out. The first is that for the presumption to remain in place for one minute longer means that there is a genuine risk that miscarriages of justice will continue to occur in other non-Post Office cases, from as early as tomorrow. The second is that any defence lawyer will, in any event, be treating the presumption as having been fatally undermined by the Horizon issues. The presumption will therefore be questioned in every court where it might otherwise apply. It needs consideration by Parliament.

My noble friend the Minister will say, and he will be right, that the Horizon case was a disgraceful failure of disclosure by the Post Office. But it was permitted by the presumption of the correctness of computer evidence, which I hope we have shown is unsustainable. Part of the solution to the problem may lie in changes to disclosure and discovery, but we cannot permit a presumption that we know to be unfounded to continue in law.

My noble friend may also go on to say that our amendment is flawed in that it will place impossible burdens on prosecutors, requiring them to get constant certificates of proper working from Microsoft, Google, WhatsApp, and whatever Twitter is called nowadays. Again, he may be right. We do not seek to bring prosecutions grinding to a halt, nor do we seek to question the underlying integrity of our email or communications systems, so we may need another way through this problem. Luckily, my noble friend is a very clever man, and I look forward to hearing what he proposes.

My Lords, we have heard two extremely powerful speeches; I will follow in their wake but be very brief. For many years now, I campaigned on amending the Computer Misuse Act; the noble Lord, Lord Arbuthnot, did similarly. My motivation did not start with the Horizon scandal, but was more at large because of the underlying concerns about the nature of computer evidence.

I came rather late to this understanding about the presumption of the accuracy of computer evidence. It is somewhat horrifying, the more you look into the history of this, which has been so well set out by the noble Baroness, Lady Kidron. I remember advising MPs at the time about the Police and Criminal Evidence Act. I was not really aware of what the Law Commission had recommended in terms of getting rid of Section 69, or indeed what the Youth Justice and Criminal Evidence Act did in 1999, a year after I came into this House.

The noble Baroness has set out the history of it, and how badly wrong the Law Commission got this. She set out extremely well the impact and illustration of Mrs Misra’s case, the injustice that has resulted through the Horizon cases—indeed, not just through those cases, but through other areas—and the whole aspect of the reliability of computer evidence. Likewise, we must all pay tribute to the tireless campaigning of the noble Lord, Lord Arbuthnot. I thought it was really interesting how he described computer evidence as hearsay, because that essentially is what it is, and there is the whole issue of updates and bug fixing.

The one area that I am slightly uncertain about after listening to the debate and having read some of the background to this is precisely what impact Mr Justice Fraser’s judgment had. Some people seem to have taken it as simply saying that the computer evidence was unreliable, but that it was a one-off. It seems to me that it was much more sweeping than that and was really a rebuttal of the original view the Law Commission took on the reliability of computer evidence.

Apart from paying tribute to the noble Baroness, Lady Kidron, and the noble Lord, Lord Arbuthnot, I must also pay tribute to Computer Weekly. When I look back at an article by Karl Flinders, its chief reporter, from 2021, he got it absolutely right. Three years ago, he wrote a very good piece which quotes Paul Marshall, who is another hero of the hour. He was saying that, if the Post Office had been required to prove affirmatively that its Horizon system was working properly at the material time and if it had given a proper disclosure of Horizon error records, it would not have been able to succeed in its prosecutions, and its sub-postmasters, with perhaps some small exceptions, would not have been committed. He is quoted extensively in that piece, and that was three years ago. Alex Chalk, then a junior Minister in the Ministry of Justice, is also quoted. Both noble Lords have mentioned his part in all this.

What are we waiting for? We may need some changes to prevent the overload that the noble Lord, Lord Arbuthnot, mentioned, but it is not beyond our wit to come up with procedural changes that deliver future justice. This is urgent. In the meantime, as the noble Lord says, if we do not do something then it is going to impact on the Post Office cases. It is discredited, and will give rise to a huge amount of argumentation in court in any event. Sadly, we do not have an MoJ Minister here. We have had guest appearances by a number of Ministers from various departments, so it is a pity that we did not manage to inveigle the MoJ to come along. However, I hope the Minister will pass on a pretty solid message that we want to see action extremely urgently.

My Lords, I support this probing amendment, Amendment 251. I thank all noble Lords who have spoken. From this side of the Committee, I say how grateful we are to the noble Lord, Lord Arbuthnot, for all that he has done and continues to do in his campaign to find justice for those sub-postmasters who have been wronged by the system.

This amendment seeks to reinstate the substantive provisions of Section 69 of PACE, the Police and Criminal Evidence Act 1984, revoking this dangerous assumption. I would like to imagine that legislators in 1984 were perhaps alert to the warning in George Orwell’s novel Nineteen Eighty-Four, written some 40 years earlier, about relying on an apparently infallible but ultimately corruptible technological system to define the truth. The Horizon scandal is, of course, the most glaring example of the dangers of assuming that computers are always right. Sadly, as hundreds of sub-postmasters have known for years, and as the wider public have more recently become aware, computer systems can be horribly inaccurate.

However, the Horizon system is very primitive compared to some of the programs which now process billions of pieces of our sensitive data every day. The AI revolution, which has already begun, will exponentially accelerate the risk of compounded errors being multiplied. To take just one example, some noble Lords may be aware of the concept of AI hallucinations. This is a term used to describe when computer models make inaccurate predictions based on seeing incorrect patterns in data, which may be caused by incomplete, biased or simply poor-quality inputs. In an earlier debate, the noble Viscount, Lord Younger of Leckie, said that account information notices will be decided. How will these decisions be made? Will they be made by individual human beings or by some AI-configured algorithms? Can the Minister share with us how such decisions will be taken?

Humans can look at clouds in the sky or outlines on the hillside and see patterns that look like faces, animals or symbols, but ultimately we know that we are looking at water vapour or rock formations. Computer systems do not necessarily have this innate common sense—this reality check. Increasingly, we will depend on computer systems talking to each other without any human intervention. This will deliver some great efficiencies, but it could lead to greater injustices on a scale which would terrify even the most dystopian science fiction writers. The noble Baroness, Lady Kidron, has already shared with us some of the cases where a computer has made errors and people have been wronged.

Amendment 251 would reintroduce the opportunity for some healthy human scepticism by enabling the investigation of whether there are reasonable grounds for questioning information in documents produced by a computer. The digital world of 2024 depends more on computers than the world of Nineteen Eighty-Four in actual legislation or in an Orwellian fiction. Amendment 251 enables ordinary people to question whether our modern “Big Brother” artificial intelligence is telling the truth when he or it is watching us. I look forward to the Minister’s responses to all the various questions and on the current assumption in law that information provided by the computer is always accurate.

My Lords, I recognise the feeling of the Committee on this issue and, frankly, I recognise the feeling of the whole country with respect to Horizon. I thank all those who have spoken for a really enlightening debate. I thank the noble Baroness, Lady Kidron, for tabling the amendment and my noble friend Lord Arbuthnot for speaking to it and—if I may depart from the script—his heroic behaviour with respect to the sub-postmasters.

There can be no doubt that hundreds of innocent sub-postmasters and sub-postmistresses have suffered an intolerable miscarriage of justice at the hands of the Post Office. I hope noble Lords will indulge me if I speak very briefly on that. On 13 March, the Government introduced the Post Office (Horizon System) Offences Bill into Parliament, which is due to go before a Committee of the whole House in the House of Commons on 29 April. The Bill will quash relevant convictions of individuals who worked, including on a voluntary basis, in Post Office branches and who have suffered as a result of the Post Office Horizon IT scandal. It will quash, on a blanket basis, convictions for various theft, fraud and related offences during the period of the Horizon scandal in England, Wales and Northern Ireland. This is to be followed by swift financial redress delivered by the Department for Business and Trade.

On the amendment laid by the noble Baroness, Lady Kidron—I thank her and the noble Lords who have supported it—I fully understand the intent behind this amendment, which aims to address issues with computer evidence such as those arising from the Post Office cases. The common law presumption, as has been said, is that the computer which has produced evidence in a case was operating effectively at the material time unless there is evidence to the contrary, in which case the party relying on the computer evidence will need to satisfy the court that the evidence is reliable and therefore admissible.

This amendment would require a party relying on computer evidence to provide proof up front that the computer was operating effectively at the time and that there is no evidence of improper use. I and my fellow Ministers, including those at the MoJ, understand the intent behind this amendment, and we are considering very carefully the issues raised by the Post Office cases in relation to computer evidence, including these wider concerns. So I would welcome the opportunity for further meetings with the noble Baroness, alongside MoJ colleagues. I was pleased to hear that she had met with my right honourable friend the Lord Chancellor on this matter.

We are considering, for example, the way reliability of evidence from the Horizon system was presented, how failures of investigation and disclosure prevented that evidence from being effectively challenged, and the lack of corroborating evidence in many cases. These issues need to be considered carefully, with the full facts in front of us. Sir Wyn Williams is examining in detail the failings that led to the Post Office scandal. These issues are not straightforward. The prosecution of those cases relied on assertions that the Horizon system was accurate and reliable, which the Post Office knew to be wrong. This was supported by expert evidence, which it knew to be misleading. The issue was that the Post Office chose to withhold the fact that the computer evidence itself was wrong.

This amendment would also have a significant impact on the criminal justice system. Almost all criminal cases rely on computer evidence to some extent, so any change to the burden of proof would or could impede the work of the Crown Prosecution Service and other prosecutors.

Although I am not able to accept this amendment for these reasons, I share the desire to find an appropriate way forward along with my colleagues at the Ministry of Justice, who will bear the brunt of this work, as the noble Lord, Lord Clement-Jones, alluded to. I look forward to meeting the noble Baroness to discuss this ahead of Report. Meanwhile, I hope she will withdraw her amendment.

Can the Minister pass on the following suggestion? Paul Marshall, who has been mentioned by all of us, is absolutely au fait with the exact procedure. He has experience of how it has worked in practice, and he has made some constructive suggestions. If there is not a full return to Section 69, there could be other, more nuanced, ways of doing this, meeting the Minister’s objections. But can I suggest that the MoJ has contact with him and discusses what the best way forward would be? He has been writing about this for some years now, and it would be extremely useful, if the MoJ has not already engaged with him, to do so.

I thank everyone who spoke and the Minister for the offer of a meeting alongside his colleagues from the MoJ. I believe he will have a very busy diary between Committee and Report, based on the number of meetings we have agreed to.

However, I want to be very clear here. We have all recognised that the story of the Post Office sub-postmasters makes this issue clear, but it is not about the sub-postmasters. I commend the Government for what they are doing. We await the inquiry with urgent interest, and I am sure I speak for everyone in wishing the sub-postmasters a fair settlement—that is not in question. What is in question is the fact that we do not have unlimited Lord Arbuthnots to be heroic about all the other things that are about to happen. I took it seriously when he said not one moment longer: it could be tomorrow.

I talked about two very specific cases, and I am looking forward to the ITV drama “The Educational Testing Service versus Home Office”. If that is the only way to get justice, then we have to do it that way. However, I accept the Minister’s offer and I will withdraw the amendment, but I point him and all who go with him to the last bit of my speech because we need some action and detail on disclosure, as Paul Marshall has said. We need to have some sort of oath so that someone is responsible for the evidence that they put in front of a court, otherwise it is only hearsay, as we have heard. I say once again that automated decision-making without having some balancing test is a recipe for automating error. Those are the three things that I am looking for in a solution. In the meantime, I beg leave to withdraw the amendment.

Amendment 251 withdrawn.

Amendment 252 not moved.

Schedule 14 agreed.

Clause 143: The Information Commission

Amendment 253

Moved by

253: Clause 143, page 181, line 14, at end insert—

“(3A) In section 205(2) (references to periods of time)—(a) omit paragraph (l), and(b) after that paragraph insert—“(la) paragraph 22(6) of Schedule 12A;”Member’s explanatory statement

This amendment provides that Article 3 of Regulation No 1182/71 (rules of interpretation regarding periods of time etc) does not apply to paragraph 22(6) of Schedule 12A to the Data Protection Act 2018 (inserted by Schedule 15 to the Bill).

Amendment 253 agreed.

Clause 143, as amended, agreed.

Schedule 15: The Information Commission

Amendment 254

Moved by

254: Schedule 15, page 278, line 17, leave out “Secretary of State” and insert “person who chairs the relevant Parliamentary committee”

My Lords, I am afraid that I will speak to every single one of the amendments in this group but one, which is in the name of the noble Baroness, Lady Jones, and I have signed it. We have already debated the Secretary of State’s powers in relation to what will be the commission, in setting strategic priorities for the commissioner under Clause 32 and recommending the adoption of the ICAO code of practice before it is submitted to Parliament for consideration under Clause 33:

“Codes of practice for processing personal data”.

We have also debated Clause 34:

“Codes of practice: panels and impact assessments”.

And we have debated Clause 35:

“Codes of Practice: Secretary of States recommendations”.

The Secretary of State has considerable power in relation to the new commission, and then on top of that Clause 143 and Schedule 15 to the Bill provide significant other powers for the Secretary of State to interfere with the objective and impartial functioning of the information commission by the appointment of non-executive members of the newly formed commission. The guarantee of the independence of the ICO is intended to ensure the effectiveness and reliability of its regulatory function and that the monitoring and enforcement of data protection laws are carried out objectively and free from partisan or extra-legal considerations.

These amendments would limit the Secretary of State’s powers and leeway to interfere with the objective and impartial functioning of the new information commission, in particular by modifying Schedule 15 to the Bill to transfer budget responsibility and the appointment process of the non-executive members of the information commission to the relevant Select Committee. If so amended, the Bill would ensure that the new information commission has sufficient arm’s-length distance from the Government to oversee public and private bodies’ uses of personal data with impartiality and objectivity. DSIT’s delegated powers memorandum to the DPRRC barely mentions any of these powers, yet they are of considerable importance. Therefore, I am not surprised that there was no mention of them, but they are very significant.

We have discussed data adequacy before; of course, in his letter to us, the Minister tried to rebut some of the points we made about it. In fact, he quoted somebody who has briefed me extensively on it and has taken a very different view to the one he alleges she took in a rather partial quotation from evidence taken by the European Affairs Committee, which is now conducting an inquiry into data adequacy and its implications for the UK-EU relationship. We were told by Open Rights Group attendees at a recent meeting with the European Commission that it expressed concern to those present about the risk that the Bill poses to the EU adequacy agreement; this was not under Chatham House rules. It expressed this risk in a meeting at which a number of UK groups were present, which is highly significant in itself.

I mentioned the European Affairs Committee’s inquiry. I understand that the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs has also given written evidence on its concerns about this Bill, its impact on adequacy and how it could impact the agreement. It put its arguments rather strongly. Has the Minister seen this? Is he aware of the written evidence that it has given to the European Affairs Select Committee? I suggest that he becomes aware of it and takes a view on whether we need to postpone Report until we have seen the European Affairs Select Committee’s report. If it comes to the conclusion that data adequacy is at risk, the Government will have to go back to the drawing board in a number of respects on this Bill. If the Select Committee report comes out and says that the impact of the Bill will not be data adequate, it would be rather foolish if we had already gone through Report by that time. Far be it from me not to want the Government to have egg on their face but it would be peculiar if they did not carefully observe the evidence being put to the European Affairs Select Committee and the progress that it is making in its inquiry. I beg to move.

My Lords, I thank the noble Lord, Lord Clement-Jones, for introducing his amendments so ably. When I read them, I had a strong sense of déjà vu as attempts by the Government to control the appointments and functioning of new regulators have been a common theme in other pieces of legislation that we have debated in the House and which we have always resisted. In my experience, this occurred most recently in the Government’s proposals for the Office for Environmental Protection, which was dealing with EU legislation being taken into by the UK and is effectively the environment regulator. We were able to get those proposals modified to limit the Secretary of State’s involvement; we should do so again here.

I very much welcome the noble Lord’s amendments, which give us a chance to assess what level of independence would be appropriate in this case. Schedule 15 covers the transition from the Information Commissioner’s Office to the appointment of the chair and non-executive members of the new information commission. We support this development in principle but it is crucial that the new arrangements strengthen rather than weaken the independence of the new commission.

The noble Lord’s amendments would rightly remove the rights of the Secretary of State to decide the number of non-executive members and to appoint them. Instead, his amendments propose that the chair of the relevant parliamentary committee should oversee appointments. Similarly, the amendments would remove the right of the Secretary of State to recommend the appointment and removal of the chair; again, this should be passed to the relevant parliamentary committee. We agree with these proposals, which would build in an additional tier of parliamentary oversight and help remove any suspicion that the Secretary of State is exercising unwarranted political pressure on the new commission.

The noble Lord’s amendments beg the question of what the relevant parliamentary committee might be. Although we are supportive of the wording as it stands, it is regrettable that we have not been able to make more progress on establishing a strong bicameral parliamentary committee to oversee the work of the information commission. However, in the absence of such a committee, we welcome the suggestion made in the noble Lord’s Amendment 256 that the Commons Science, Innovation and Technology Committee could fulfil that role.

Finally, we have tabled Amendment 259, which addresses what is commonly known as the “revolving door” whereby public sector staff switch to jobs in the private sector and end up working for industries that they were supposedly investigating and regulating previously. This leads to accusations of cronyism and corruption; whether or not there is any evidence of this, it brings the reputation of the whole sector into disrepute. Perhaps I should have declared an interest at the outset: I am a member of the Advisory Committee on Business Appointments and therefore have a ringside view of the scale of the revolving door taking place, particularly at the moment. We believe that it is time to put standards in public life back at the heart of public service; setting new standards on switching sides should be part of that. Our amendment would put a two-year ban on members of the information commission accepting employment from a business that was subject to enforcement action or acting for persons who are being investigated by the agency.

I hope that noble Lords will see the sense and importance of these amendments. I look forward to the Minister’s response.

My Lords, I thank the noble Lord, Lord Clement-Jones, and the noble Baroness, Lady Jones of Whitchurch, for their amendments to Schedule 15 to the Bill, which sets out the governance structure of the new information commission.

The ICO governance reforms ensure its accountability to Parliament. Before I go any further, let me stress that the Government are committed to the ICO’s ongoing independence. We have worked closely with the Information Commissioner, who is supportive of the reforms, which they state allow the ICO

“to continue to operate as a trusted, fair and independent regulator”.

The Government’s view, therefore, is that this Bill is compatible with maintaining the free flow of personal data from Europe. These reforms have been designed carefully with appropriate safeguards in place to protect the information commission’s independence and ensure accountability before Parliament on important issues such as public appointments, money and accounts.

The Bill requires the Secretary of State to give the member a written statement of reasons for the removal and make public the decision to do so, ensuring accountability and transparency. This process is in line with standard practice for other UK regulators, such as Ofcom, which do not require parliamentary oversight for the removal of non-executives.

The chair can be removed only by His Majesty on an Address by both Houses, provided that the Secretary of State presents a report in Parliament stating that they are satisfied that there are serious grounds for removal, as set out in the Bill. This follows the process for the removal of the current Information Commissioner.

Greater performance measurement will help the ICO achieve its objectives and enable it to adjust its resources to prioritise key areas of work. This will also increase accountability to Parliament—a point raised by both noble Lords—organisations and the public, who have an interest in its effectiveness.

The Government are satisfied that these processes safeguard the integrity of the regulator, are in line with best practices for other regulators and, crucially, balance the importance of the information commission’s independence with appropriate oversight by the Government and Parliament as necessary. The regulator is, and remains, accountable to Parliament, not the Government, in its delivery of data protection regulation.

The amendments of the noble Lord, Lord Clement-Jones, also seek to provide for commission members to have a particular focus on specialist areas or to be appointed for specific tasks. Given the breadth of the commission’s remit, we do not feel it would be appropriate for the Government to set out in legislation specific areas that should receive heightened prominence over others. However, I reassure the noble Lord that our reforms will ensure that the commission has the right expertise and skills. The Bill provides for the commission to set up committees consisting of persons who are not members of the commission, thereby enabling it to draw on expertise in any number of areas and specialisms.

Amendment 259, from the noble Baroness, Lady Jones of Whitchurch, seeks to prevent members of the information commission from seeking employment from the industries regulated by the commission in certain circumstances after leaving office. We are content that the Bill already provides appropriate safeguards to avoid any potential conflicts of interest for non-executive members, both prior to their appointment as well as on an ongoing basis during their tenure. Furthermore, all members of the commission will be bound by a duty of confidentiality, provided for in legislation, which will continue to apply after leaving office. The rules on the acceptance of future employment by former board members are customarily set by the relevant public body to reflect the specific environment in which the board operates, as provided for in the Code of Conduct for Board Members of Public Bodies. It would therefore not be appropriate for the Government to legislate on these matters.

For these reasons, I hope noble Lords will be content to withdraw their amendments.

My Lords, I thank the Minister for his response, dusty though it may have been. The noble Baroness, Lady Jones, is absolutely right; this Government have form in all areas of regulation. In every area where we have had legislation related to a regulator coming down the track, the Government have taken more power on and diminished parliamentary oversight rather than enhancing it.

It is therefore a little rich to say that accountability to Parliament is the essence of all this. That is not the impression one gets reading the data protection Bill; the impression you get is that the Government are tightening the screw on the regulator. That was the case with Ofcom in the Online Safety Act; it is the case with the CMA; the noble Baroness, Lady Jones, mentioned her experience as regards the environment. Wherever you look, the Government are tightening their control over the regulators. It is something the Industry and Regulators Committee has been concerned about. We have tried to suggest various formulae. A Joint Committee of both Houses was proposed by the Communications and Digital Committee; it has been endorsed by a number of other committees, such as the Joint Committee on the Draft Online Safety Bill, and I think it has even been commended by the Industry and Regulators Committee as well in that respect.

We need to crack this one. On the issue of parliamentary accountability for the regulator and oversight, the balance is not currently right. That applies particularly in terms of appointments, in this case of the commissioner and the non-executives. The Minister very conveniently talked about removal but this could be about renewal of term, and it is certainly about appointment. So maybe the Minister was a little bit selective with the example he chose to say where the control was.

We are concerned about the independence of the regulator. The Minister did not give an answer, so I hope that he will write about whether he knows what the European Affairs Select Committee is up to. I made a bit of a case on that. Evidence is coming in, and the relevant committee in the European Parliament is giving evidence. The Minister, the noble Viscount, Lord Camrose, was guilty of this in a way, but the way that the data adequacy aspect is seen from this side of the North Sea seems rather selective. The Government need to try to try to put themselves in the position of the Commission and the Parliament on the other side of the North Sea and ask, “What do we think are the factors that will endanger our data adequacy as seen from that side?” The Government are being overly complacent in regarding it as “safe” once the Bill goes through.

It was very interesting to hear what the noble Baroness had to say about the revolving door issues. The notable thing about this amendment is how limited it is; it is not blanket. It would be entirely appropriate to have this in legislation, given the sensitivity of the roles that are carried out by senior people at the ICO.

However, I think we want to make more progress tonight, so I beg leave to withdraw my amendment.

Amendment 254 withdrawn.

Amendments 255 to 282 not moved.

Amendment 283

Moved by

283: Schedule 15, page 287, line 26, at end insert—

“Supplementary powers

23A The Commission may do anything it thinks appropriate for the purposes of, or in connection with, its functions.”Member’s explanatory statement

This amendment makes clear that the Information Commission has power to do things to facilitate the exercise of its functions.

Amendment 283 agreed.

Amendment 284 not moved.

Amendment 285

Moved by

285: Schedule 15, page 288, line 25, leave out sub-paragraph (3) and insert—

“(3) For the purposes of paragraph 7(3) of Schedule 12A to the 2018 Act (extension of chair’s term), the term of the person’s appointment as chair of the Information Commission is to be treated as a term beginning when the person began to hold the office of Information Commissioner.”Member’s explanatory statement

This amendment ensures that provision limiting the extension of a person’s term of appointment as chair of the Information Commission (in paragraph 7 of new Schedule 12A to the Data Protection Act 2018, read with section 205(2) of that Act) applies in the same manner to the transitional appointment of the current Information Commissioner as chair.

Amendment 285 agreed.

Schedule 15, as amended, agreed.

Clauses 144 to 148 agreed.

Clause 149: Oversight of biometrics databases

Amendment 286 not moved.

Clause 149 agreed.

Amendments 287 to 290 not moved.

Amendment 291

Moved by

291: After Clause 149, insert the following new Clause—

“Offence to use personal data or digital information to create digital models or files that facilitate the creation of AI or computer generated child sexual abuse material(1) A person commits an offence if they—(a) collect, scrape, possess, distribute or otherwise process personal data or digital information with the intention of using it, or attempting to use it, to create or train a digital model which enables the creation of AI or computer generated child sexual abuse material or priority illegal content; (b) use personal data or digital information to create, train or distribute or attempt to create, train or distribute a digital file or model that has been trained on child sexual abuse material or priority illegal content, or which enables the creation of artificial intelligence or computer generated child sexual abuse material or priority illegal content;(c) collate, or attempt to collate, digital files or models based on personal data or digital information that, when combined, enable the creation of AI or computer generated child sexual abuse material or priority illegal content;(d) possess, or attempt to possess, a digital file or model based on personal data or digital information with the intention of using it to produce or gain access to AI or computer generated child sexual abuse material or priority illegal content.(2) For the purposes of this section, “artificial intelligence or computer generated child sexual abuse material or primary priority illegal content” includes images, videos, audio including voice, chatbots, material generated by large language models, written text, computer file and avatars.(3) A person who commits an offence under subsection (1) is liable to the sentences set out in section 160 of the Criminal Justice Act 1988 and section 6 of the Protection of Children Act 1978 for the equivalent offences.(4) For the purposes of this section, “priority illegal content” is content that meets the definition of “priority illegal content” set out in section 59 of the Online Safety Act 2023.”Member’s explanatory statement

This amendment seeks to make the files trained on or trained to create “Child Sex Abuse Material” illegal.

My Lords, I rise somewhat reluctantly to speak to Amendment 291 in my name. It could hardly be more important or necessary, but I am reluctant because I really think that the Minister, alongside his colleagues in DSIT and the Home Office, should have taken this issue up. I am quite taken aback that, despite my repeated efforts with both of those departments, they have not done so.

The purpose of the amendment is simple. It is already illegal in the UK to possess or distribute child sexual abuse material, including AI-generated or computer-generated child sexual abuse material. However, while the content is clearly covered by existing law, the mechanism that enables its creation—the files trained on or trained to create child sexual abuse material—is not. This amendment closes that gap.

Some time ago, I hosted an event at which members of OCCIT—the online child sexual exploitation and abuse covert intelligence team—gave a presentation to parliamentarians. For context, OCCIT is a law enforcement unit of the National Police Chiefs’ Council that uses covert police tactics to track down offender behaviour, with a view to identifying emerging risks in the form of new technologies, behaviours and environments. The presentation its officers gave concerned AI-generated abuse scenarios in virtual reality, and it was absolutely shattering for almost everyone who was present.

A few weeks later, the team contacted me and said that what it had showed then was already out of date. What it was now seeing was being supercharged by the ease with which criminals can train models that, when combined with general-purpose image-creation software, enable those with a sexual interest in children to generate CSAM images and videos at volume and—importantly—to order. Those building and distributing this software were operating with impunity, because current laws are insufficient to enable the police to take action against them.

In the scenarios that they are now facing, a picture of any child can be blended with existing child sexual abuse imagery, pornography or violent sexual scenarios. Images of several children can be honed into a fictitious child and used similarly or, as I will return to in a moment, a picture of an adult can be made to look younger and then used to create child sexual abuse. Among this catalogue of horrors are the made-to-order models trained using images of a child known to the perpetrator—a neighbour’s child or a family member—to create bespoke CSAM content. In short, the police were finding that the scale, sophistication and horror of violent child sexual abuse had hit a new level.

The laws that the police use to enforce against CSAM are Section 1 of the Protection of Children Act 1978 and Section 160 of the Criminal Justice Act 1988, both of which create offences in respect of indecent photographs or pseudophotographs of a child. AI content depicting child sexual abuse in the scenarios that I have just described is also illegal under the law, but creating and distributing the software models needed to generate them is not.

There are many services that allow anyone to take any public image and put it in a false situation. Although I have argued elsewhere that AI images should carry a mark of provenance, these services are not the subject of this amendment. This amendment is laser focused on criminalising AI models that are trained on or trained to create child sexual abuse material. They are specific, specialist and being traded with impunity. These models blend images of children—known children, stock photos, images scraped from social media or synthetic, fabricated AI depictions of children—with existing CSAM or pornography, and they allow paedophiles to generate bespoke CSAM scenarios.

Most of these generation models are distributed for free, but more specialist models are provided on subscription for less than £50 per month. This payment provides any child sexual offender with the ability to generate limitless—and I do mean “limitless”—child sexual abuse images, but, while the police can take action against those who possess those images, they are unable to take action against those who make it possible to do so: the means of production.

A surprising number of people think that AI abuse is a victimless crime. It is not. It is worth all present or reading this considering whether they would be comfortable with their child or grandchild, their neighbour’s child or indeed any other child of their acquaintance’s image being used in this way.

Then there is the additional fact that anyone, adult or child, can appear in AI generated CSAM. I am not going to say how it can be done because I do not want my words to be a set of instructions on the public record, but I have in my possession a series of images generated by the covert police in OCCIT in which a child is shown. The child is shown meeting celebrities, among whom is President Obama, and then that same child is seen in a series of sexual abuse scenarios in images and videos. I say for the record that they have been redacted and do not meet the criminal bar. That child was generated from publicly available images of me from IMDb and the parliamentary website. It took a matter of hours. It was done by the police, with my permission, but the images are graphic and distressing. I made them to show the Government the ease with which such material is being generated, but the Minister knows he was instructed not to look at them.

Failing to adopt this amendment is tantamount to leaving every woman in public life—and any child with their photograph on a website, on a social media feed, in an advert or captured covertly in their own garden—vulnerable to the same abuse. We have acknowledged the distress caused to public figures, such as Cathy Newman of Channel 4 News and Taylor Swift, by appearing in AI porn, but the material generated by the software that is the subject of this amendment is of a higher order still. It is child sexual abuse material, and it should be prevented. An enforcement officer said that

“we believe that this material is desensitising offenders and shortening the offending pipeline. What might have taken several years to go from consumption to real world child sexual abuse, may now take a matter of months”.

While noble Lords have that in their minds, I also say that it is getting in the way of the police identifying victims because they are chasing thousands of images of AI children who do not exist.

As I said at the outset, it was my determined wish that the Government deal with this issue quickly, seamlessly and relatively privately, but they have not. Although I will listen very carefully to the Minister when he replies, I make utterly clear that this is an issue that urgently needs resolving. If we cannot do so in Committee, I intend to draw the importance of the issue to the attention of noble Lords who are not following our proceedings and ask them to support its inclusion in the Bill. I beg to move.

My Lords, as ever, the noble Baroness, Lady Kidron, has nailed this issue. She has campaigned tirelessly in the field of child sexual abuse and has identified a major loophole.

What has been so important is learning from experience and seeing how these new generative AI models, which we have all been having to come to terms with them for the past 18 months, are so powerful in the hands of ordinary people who want to cause harm and sexual abuse. The important thing is that, under existing legislation, there are of course a number of provisions relating to creating deepfake child pornography, the circulation of pornographic deepfakes and so on. However, as the noble Baroness said, what the legislation does not do is go upstream to the AI system—the AI model itself—to make sure that those who develop those models are caught as well. That is what a lot of the discussion around deepfakes is about at the moment—it is, I would say, the most pressing issue—but it is also about trying to nail those AI system owners and users at the very outset, not waiting until something is circulated or, indeed, created in the first place. We need to get right up there at the outset.

I very much support what the noble Baroness said; I will reserve any other remarks for the next group of amendments.

My Lords, I am pleased that we were able to sign this amendment. Once again, the noble Baroness, Lady Kidron, has demonstrated her acute ability to dissect and to make a brilliant argument about why an amendment is so important.

As the noble Lord, Lord Clement-Jones, and others have said previously, what is the point of this Bill? Passing this amendment and putting these new offences on the statute book would give the Bill the purpose and clout that it has so far lacked. As the noble Baroness, Lady Kidron, has made clear, although it is currently an offence to possess or distribute child sex abuse material, it is not an offence to create these images artificially using AI techniques. So, quite innocent images of a child—or even an adult—can be manipulated to create child sex abuse imagery, pornography and degrading or violent scenarios. As the noble Baroness pointed out, this could be your child or a neighbour’s child being depicted for sexual gratification by the increasingly sophisticated AI creators of these digital models or files.

Yesterday’s report from the Internet Watch Foundation said that a manual found on the dark web encourages “nudifying” tools to remove clothes from child images, which can then be used to blackmail them into sending more graphic content. The IWF reports that the scale of this abuse is increasing year on year, with 275,000 web pages containing child sex abuse being found last year; I suspect that this is the tip of the iceberg as much of this activity is occurring on the dark web, which is very difficult to track. The noble Baroness, Lady Kidron, made a powerful point: there is a danger that access to such materials will also encourage offenders who then want to participate in real-world child sex abuse, so the scale of the horror could be multiplied. There are many reasons why these trends are shocking and abhorrent. It seems that, as ever, the offenders are one step ahead of the legislation needed for police enforcers to close down this trade.

As the noble Baroness, Lady Kidron, made clear, this amendment is “laser focused” on criminalising those who are developing and using AI to create these images. I am pleased to say that Labour is already working on a ban on creating so-called nudification tools. The prevalence of deepfakes and child abuse on the internet is increasing the public’s fear of the overall safety of AI, so we need to win their trust back if we are to harness the undoubted benefits that it can deliver to our public services and economy. Tackling this area is one step towards that.

Action to regulate AI by requiring transparency and safety reports from all those at the forefront of AI development should be a key part of that strategy, but we have a particular task to do here. In the meantime, this amendment is an opportunity for the Government to take a lead on these very specific proposals to help clean up the web and rid us of these vile crimes. I hope the Minister can confirm that this amendment, or a government amendment along the same lines, will be included in the Bill. I look forward to his response.

I thank the noble Baroness, Lady Kidron, for tabling Amendment 291, which would create several new criminal offences relating to the use of AI to collect, collate and distribute child abuse images or to possess such images after they have been created. Nobody can dispute the intention behind this amendment.

We recognise the importance of this area. We will continue to assess whether and what new offences are needed to further bolster the legislation relating to child sexual abuse and AI, as part of our wider ongoing review of how our laws need to adapt to AI risks and opportunities. We need to get the answers to these complex questions right, and we need to ensure that we are equipping law enforcement with the capabilities and the powers needed to combat child sexual abuse. Perhaps, when I meet the noble Baroness, Lady Kidron, on the previous group, we can also discuss this important matter.

However, for now, I reassure noble Lords that any child sex abuse material, whether AI generated or not, is already illegal in the UK, as has been said. The criminal law is comprehensive with regard to the production and distribution of this material. For example, it is already an offence to produce, store or share any material that contains or depicts child sexual abuse, regardless of whether the material depicts a real child or not. This prohibition includes AI-generated child sexual abuse material and other pseudo imagery that may have been AI or computer generated.

We are committed to bringing to justice offenders who deliberately misuse AI to generate child sexual abuse material. We demonstrated this as part of the road to the AI Safety Summit, where we secured agreement from NGO, industry and international partners to take action to tackle AI-enabled child sexual abuse. The strongest protections in the Online Safety Act are for children, and all companies in scope of the legislation will need to tackle child sexual abuse material as a priority. Applications that use artificial intelligence will not be exempt and must incorporate robust guard-rails and safety measures to ensure that AI models and technology cannot be manipulated for child sexual abuse purposes.

Furthermore, I reassure noble Lords that the offence of taking, making, distributing and possessing with a view to distribution any indecent photograph or pseudophotograph of a child under the age of 18 carries a maximum sentence of 10 years’ imprisonment. Possession alone of indecent photographs or pseudophotographs of children can carry a maximum sentence of up to five years’ imprisonment.

However, I am not able to accept the amendment, as the current drafting would capture legitimate AI models that have been deliberately misused by offenders without the knowledge or intent of their creators to produce child sexual abuse material. It would also inadvertently criminalise individual users who possess perfectly legal digital files with no criminal intent, due to the fact that they could, when combined, enable the creation of child sexual abuse material.

I therefore ask the noble Baroness to withdraw the amendment, while recognising the strength of feeling and the strong arguments made on this issue and reiterating my offer to meet with her to discuss this ahead of Report.

I do not know how to express in parliamentary terms the depth of my disappointment, so I will leave that. Whoever helped the noble Viscount draft his response should be ashamed. We do not have a comprehensive system and the police do not have the capability; they came to me after months of trying to get the Home Office to act, so that is an untruth: the police do not have the capability.

I remind the noble Viscount that in previous debates his response on the bigger picture of AI has been to wait and see, but this is a here and now problem. As the noble Baroness, Lady Jones, set out, this would give purpose and reason—and here it is in front of us; we can act.

I also take exception to the idea that it is catching legitimate players. The amendment says

“trained on or trained to”.

There is a bigger question about some of the image makers and about why the Government have not acted more quickly to make sure that safeguards in the bigger models are mandatory, because some are and some are not and, once out in the world, it is very difficult to engineer backwards. I welcome the comments of the noble Baroness about a broader look at this coming from her side of the House.

I have looked at this with the police. The Government have refused to look at the material. Everybody is a potential victim and I cannot tell you what is happening to some of our actors—mainly our actresses—in this arena. It is catastrophic. We cannot wait and see or suggest that the police have the capability and that there is a comprehensive plan. The noble Viscount went into detail about CSAM; I accepted in opening that that is absolutely covered. We are talking about the models trained on or trained to, which, while we have been speaking, have made thousands of child sexual abuse images. I promise to return to this and beg leave to withdraw.

Amendment 291 withdrawn.

Amendment 292 not moved.

Amendment 293

Moved by

293: After Clause 149, insert the following new Clause—

“Deepfakes depicting sexual offences or activity without consent(1) It is an offence for a person to intentionally create, alter, or otherwise generate a deepfake depicting an intimate act. (2) A person is not guilty of an offence by virtue of subsection (1) if they show the person or persons, being over the age of 18, depicted in the deepfake provided consent for the creation, alteration or generation of the deepfake.(3) Offences under this section are punishable either on conviction on indictment or on summary conviction.(4) A person convicted on indictment of an offence under this section is liable to imprisonment for a term of not more than ten years, or to a fine not exceeding the prescribed sum for the purposes of this Act or to both.(5) A person convicted summarily of an offence under this section is liable—(a) to imprisonment for a term not exceeding six months; or(b) to a fine not exceeding the prescribed sum for the purposes of this Act.(6) The Secretary of State must by regulations prescribe the sum for the purposes subsections (4) and (5).(7) Regulations made under subsection (6) are subject to the affirmative procedure.”Member's explanatory statement

This amendment would make it an offence to intentionally generate a deepfake depicting activity without consent.

My Lords, I will speak to all the amendments in this group, other than Amendment 295 from the noble Baroness, Lady Jones. Without stealing her thunder, I very much support it, especially in an election year and in the light of the deepfakes we have already seen in the political arena—those of Sadiq Khan, those used in the Slovakian election and the audio deepfakes of the President of the US and Sir Keir Starmer. This is a real issue and I am delighted that she has put down this amendment, which I have signed.

In another part of the forest, the recent spread of deepfake photos purporting to show Taylor Swift engaged in explicit acts has brought new attention to the use, which has been growing in recent years, of deepfake images, video and audio to harass women and commit fraud. Women constitute 99% of the victims and the most visited deepfake site had 111 million users in October 2023. More recently, children have been found using “declothing” apps, which I think the noble Baroness mentioned, to create explicit deepfakes of other children.

Deepfakes also present a growing threat to elections and democracy, as I have mentioned, and the problems are increasingly rampant. Deepfake fraud rates rose by 3,000% globally in 2023, and it is hardly surprising that, in recent polling, 86% of the UK population supported a ban on deepfakes. I believe that the public are demanding an urgent solution to this problem. The only effective way to stop deepfakes, which is analogous to what the noble Baroness, Lady Kidron, has been so passionately advocating, is for the Government to ban them at every stage, from production to distribution. Legal liability must hold to account those who produce deepfake technology, create and enable deepfake content, and facilitate its spread.

Existing legislation seeks to limit the spread of images on social media, but this is not enough. The recent images of Taylor Swift were removed from X and Telegram, but not before one picture had been viewed more than 47 million times. Digital watermarks are not a solution, as shown by a paper by world-leading Al researchers released in 2023, which concluded that

“strong and robust watermarking is impossible to achieve”.

Without measures across the supply chain to prevent the creation of deepfakes, the law will forever be playing catch-up.

The Government now intend to ban the creation of sexual imagery deepfakes; I welcome this and have their announcement in my hand:

“Government cracks down on ‘deepfakes’ creation”.

This will send a clear message that the creation of these intimate images is not acceptable. However, this appears to cover only sexual image deepfakes. These are the most prevalent form of deepfakes, but other forms of deepfakes are also causing noticeable and rapidly growing harms, most obviously political deepfakes—as the noble Baroness, Lady Jones, will illustrate—and deepfakes used for fraud. This also appears to cover only the endpoint of the creation of deepfakes, not the supply chain leading up to that point. There are whole apps and companies dedicated to the creation of deepfakes, and they should not exist. There are industries which provide legitimate services—generative Al and cloud computing—which fail to take adequate measures and end up enabling creation of deepfakes. They should take measures or face legal accountability.

The Government’s new measures are intended to be introduced through an amendment to the Criminal Justice Bill, which is, I believe, currently between Committee and Report in the House of Commons. As I understand it, however, there is no date scheduled yet for Report, as the Bill seems to be caught in a battle over amendments.

The law will, however, be extremely difficult to enforce. Perpetrators are able to hide behind anonymity and are often difficult to identify, even when victims or authorities are aware that deepfakes have been created. The only reliable and effective countermeasure is to hold the whole supply chain responsible for deepfake creation and proliferation. All parties involved in the AI supply chain, from AI model developers and providers to cloud compute providers, must demonstrate that they have taken steps to preclude the creation of deepfakes. This approach is similar to how society combats—or, rather, analogous to the way that I hope the Minister will concede to the noble Baroness, Lady Kidron, society will combat—child abuse material and malware.

My Lords, I speak to Amendments 293 and 294 from the noble Lord, Lord Clement-Jones, Amendment 295 proposed by my noble friend Lady Jones and Amendments 295A to 295F, also in the name of the noble Lord, Lord Clement-Jones.

Those noble Lords who are avid followers of my social media feeds will know that I am an advocate of technology. Advanced computing power and artificial intelligence offer enormous opportunities, which are not all that bad. However, the intentions of those who use them can be malign or criminal, and the speed of technological developments is outpacing legislators around the world. We are constantly in danger of creating laws that close the stable door long after the virtual horse has bolted.

The remarkable progress of visual and audio technology has its roots in the entertainment industry. It has been used to complete or reshoot scenes in films in the event of actors being unavailable, or in some cases, when actors died before filming was completed. It has also enabled filmmakers to introduce characters, or younger versions of iconic heroes for sequels or prequels in movie franchises. This enabled us to see a resurrected Sir Alec Guinness and a younger version of Luke Skywalker, or a de-aged Indiana Jones, on our screens.

The technology that can do this is only around 15 years old, and until about five years ago it required extremely powerful computers, expensive resources and advanced technical expertise. The first malicious use of deepfakes occurred when famous actors and celebrities, mainly and usually women, had their faces superimposed on to bodies of participants in pornographic videos. These were then marketed online as Hollywood stars’ sex tapes or similar, making money for the producers while causing enormous distress to the women targeted. More powerful computer processors inevitably mean that what was once very expensive rapidly becomes much cheaper very quickly. An additional factor has turbo-boosted this issue: generative AI. Computers can now learn to create images, sound and video movement almost independently of software specialists. It is no longer just famous women who are the targets of sexually explicit deepfakes; it could be anyone.

Amendment 293 directly addresses this horrendous practice, and I hope that there will be widespread support for it. In an increasingly digital world, we spend more time in front of our screens, getting information and entertainment on our phones, laptops, iPads and smart TVs. What was once an expensive technology, used to titillate, entertain or for comedic purposes, has developed an altogether darker presence, well beyond the reach of most legislation.

In additional to explicit sexual images, deepfakes are known to have been used to embarrass individuals, misrepresent public figures, enable fraud, manipulate public opinion and influence democratic political elections and referendums. This damages people individually: those whose images or voices are faked, and those who are taken in by the deepfakes. Trusted public figures, celebrities or spokespeople face reputational and financial damage when their voices or images are used to endorse fake products or for harvesting data. Those who are encouraged to click through are at risk of losing money to fraudsters, being targeted for scams, or having their personal and financial data leaked or sold on. There is growing evidence that information used under false pretences can be used for profiling in co-ordinated misinformation campaigns, for darker financial purposes or political exploitation.

In passing, it is worth remembering that deepfakes are not always images of people. Last year, crudely generated fake images of an explosion, purported to be at the Pentagon, caused the Dow Jones industrial average to drop 85 points within four minutes of the image being published, and triggered emergency response procedures from local law enforcement before it was debunked 20 minutes later. The power of a single image, carefully placed and virally spreading, shows the enormous and rapid economic damage that deepfakes can create.

Amendment 294 would make it an offence for a person to generate a deepfake for the purpose of committing fraud, and Amendment 295 would make it an offence to create deepfakes of political figures, particularly when they risk undermining electoral integrity. We support all the additional provisions in this group of amendments; Amendments 295A to 295F outline the requirements, duties and definitions necessary to ensure that those creating deepfakes can be prosecuted.

I bring to your Lordships’ attention the wording of Amendment 295, which, as well as making it an offence to create a deepfake, goes a little further. It also makes it an offence to send a communication which has been created by artificial intelligence and which is intended to create the impression that a political figure has said or done something that is not based in fact. This touches on what I believe to be a much more alarming aspect of deepfakes: the manner in which false information is distributed.

We are seeing an endless cat and mouse game of systems being used to create and distribute these images, learning from those designed to detect and block them. Currently, we are largely unprotected from the broader societal threats from deepfakes, the risks to which we have already been exposed. They have already had a malign influence in polarising political debate.

There have been and continue to be co-ordinated efforts by organisations and foreign states to exert influence over democratic elections and referendums in the world’s largest and most technologically advanced democracies. This year will see elections in India, the USA, the EU and, almost certainly, the United Kingdom. Almost half the world’s population will have a vote this year, the most in human history. However, in this brave new world, international espionage security services are fighting an almost invisible hydra: a multi-headed enemy endlessly growing new appendages to replace those that have been cut off when discovered. Can the Minister say what assessments have been made so far of such deepfakes and what steps are the Government taking to stop our elections being rigged?

I feel that we need to focus far more on how deepfakes are used and distributed. Networks have been developed that are co-ordinated and extremely effective, involving many bots and humans, sometimes malicious, sometimes misguided and sometimes well-meaning but misinformed. Stemming the flood of deepfakes by prosecuting those who create them may not be enough if the networks which distribute them transform the misinformation into a tsunami. They could sweep across democracies, overwhelm legislation and wash away all the safeguards of the political and economic systems upon which we rely to keep us safe.

We must take the issue of deepfakes seriously. If we sleepwalk and take our eyes off the ball, deepfakes will scramble our sense of true and false. I look forward to the Minister’s response.

I thank the noble Lord, Lord Clement-Jones, and the noble Baroness, Lady Jones of Whitchurch, for tabling the amendments in this important group. I very much share the concerns about all the uses of deepfake images that are highlighted by these amendments. I will speak more briefly than I otherwise would with a view to trying to—

I would be happy to write one. I will go for the abbreviated version of my speech.

I turn first to the part of the amendment that would seek to criminalise the creation, alteration or otherwise generation of deepfake images depicting a person engaged in an intimate act. The Government recognise that there is significant public concern about the simple creation of sexually explicit deepfake images, and this is why they have announced their intention to table an amendment to the Criminal Justice Bill, currently in the other place, to criminalise the creation of purposed sexual images of adults without consent.

The noble Lord’s Amendment 294 would create an offence explicitly targeting the creation or alteration of deepfake content when a person knows or suspects that the deepfake will be or is likely to be used to commit fraud. It is already an offence under Section 7 of the Fraud Act 2006 to generate software or deepfakes known to be designed for or intended to be used in the commission of fraud, and the Online Safety Act lists fraud as a priority offence and as a relevant offence for the duties on major services to remove paid-for fraudulent advertising.

Amendment 295 in the name of the noble Baroness, Lady Jones of Whitchurch, seeks to create an offence of creating or sharing political deepfakes. The Government recognise the threats to democracy that harmful actors pose. At the same time, the UK also wants to ensure that we safeguard the ability for robust debate and protect freedom of expression. It is crucial that we get that balance right.

Let me first reassure noble Lords that the UK already has criminal offences that protect our democratic processes, such as the National Security Act 2023 and the false communications offence introduced in the Online Safety Act 2023. It is also already an election offence to make false statements of fact about the personal character or conduct of a candidate or about the withdrawal of a candidate before or during an election. These offences have appropriate tests to ensure that we protect the integrity of democratic processes while also ensuring that we do not impede the ability for robust political debate.

I assure noble Lords that we continue to work across government to ensure that we are ready to respond to the risks to democracy from deepfakes. The Defending Democracy Taskforce, which seeks to protect the democratic integrity of the UK, is engaging across government and with Parliament, the UK’s intelligence community, the devolved Administrations, local authorities and others on the full range of threats facing our democratic institutions. We also continue to meet regularly with social media companies to ensure that they continue to take action to protect users from election interference.

Turning to Amendments 295A to 295F, I thank the noble Lord, Lord Clement-Jones, for them. Taken together, they would in effect establish a new regulatory regime in relation to the creation and dissemination of deepfakes. The Government recognise the concerns raised around harmful deepfakes and have already taken action against illegal content online. We absolutely recognise the intention behind these amendments but they pose significant risks, including to freedom of expression; I will write to noble Lords about those in order to make my arguments in more detail.

For the reasons I have set out, I am not able to accept these amendments. I hope that the noble Lord will therefore withdraw his amendment.

My Lords, I thank the Minister for that rather breathless response and his consideration. I look forward to his letter. We have arguments about regulation in the AI field; this is, if you like, a subset of that—but a rather important subset. My underlying theme is “must try harder”. I thank the noble Lord, Lord Leong, for his support and pay tribute to Control AI, which is vigorously campaigning on this subject in terms of the supply chain for the creation of these deepfakes.

Pending the Minister’s letter, which I look forward to, I beg leave to withdraw my amendment.

Amendment 293 withdrawn.

Amendments 294 to 295F not moved.

Amendment 295G

Moved by

295G: After Clause 149, insert the following new Clause—

“Data risks from systemic competitors and hostile actors(1) The Secretary of State, in consultation with the Information Commissioner, must conduct a risk assessment on the data privacy risks associated with genomics and DNA companies that are headquartered in countries they determine to be systemic competitors and hostile actors.(2) Within 12 months of the passage of this Act, the Secretary of State must present this risk assessment report to Parliament and consult the intelligence and security agencies on the findings, taking into account the need to not make public information critical to national defence or ongoing operations.(3) This risk assessment must evaluate—(a) the potential for genomic and DNA data to be exfiltrated outside of the UK,(b) the degree of access granted to foreign entities, particularly those linked to systemic competitors and hostile actors, to the genomic and DNA data collected within the UK,(c) the potential misuse of genomic and DNA data for dual-use or other nefarious purposes,(d) the implications for UK national security and strategic advantage,(e) the risks to the privacy and rights of UK citizens, and (f) the potential for such data to be used in a manner that could compromise the privacy or security of UK citizens or the national interest.(4) The risk assessment must include, but is not limited to—(a) an analysis of the data handling and storage practices of genomics companies that are based in countries designated as systemic competitors and hostile actors,(b) an independent audit at any company site that could have access to UK genomics data, and(c) evidence of clear disclosure statements to consumers of products and services from genomics companies subject to data handling and disclosure requirements in the countries they are headquartered.(5) This risk assessment must be conducted as frequently as deemed necessary by the Secretary of State or the Information Commissioner to address evolving threats and ensure continued protection of the genomics sector from malign entities controlled, directly or indirectly, by countries designated as systemic competitors and hostile actors.(6) The Secretary of State has the authority to issue directives or guidelines based on the findings of the risk assessment to ensure compliance by companies or personnel operating within the genomics sector in the UK, safeguarding against identified risks and vulnerabilities to data privacy.”Member’s explanatory statement

This amendment seeks to ensure sufficient scrutiny of emerging national security and data privacy risks related to advanced technology and areas of strategic interest for systemic competitors and hostile actors. It aims to inform the development of regulations or guidelines necessary to mitigate risks and protect the data privacy of UK citizens’ genomics data and the national interest. It seeks to ensure security experts can scrutinise malign entities and guide researchers, consumers, businesses, and public bodies.

My Lords, what a relief—we are at the final furlong.

The UK is a world leader in genomics, which is becoming an industry of strategic importance for future healthcare and prosperity, but, frankly, it must do more to protect the genomic sector from systemic competitors that wish to dominate this industry for either economic advantage or nefarious purposes. Genomic sequencing—the process of determining the entirety of an organism’s DNA—is playing an increasing role in our NHS, which has committed to being the first national healthcare system to offer whole-genome sequencing as part of routine care. However, like other advanced technologies, our sector is exposed to data privacy and national security risks. Its dual-use potential means that it can also be used to create targeted bioweapons or genetically enhanced military. We must ensure that a suitable data protection environment exists to maintain the UK’s world-leading status.

So, how are we currently mitigating against such threats and why is our existing approach so flawed? Although I welcome initiatives such as the Trusted Research campaign and the Research Collaboration Advice Team, these bodies focus specifically on research and academia. We expect foreign companies that hold sensitive genomics and DNA to follow GDPR. I am not a hawk about relations with other countries, but we need to provide the new Information Commissioner with much greater expertise and powers to tackle complex data security threats in sensitive industries. There must be no trade-off between scientific collaboration and data privacy; that is what this amendment is designed to prevent. I beg to move.

The Committee will be relieved to know that I will be brief. I do not have much to say because, in general terms, this seems an eminently sensible amendment.

We should congratulate the noble Lord, Lord Clement-Jones, on his drafting ingenuity. He has managed to compose an amendment that brings together the need for scrutiny of emerging national security and data privacy risks relating to advanced technology, aims to inform regulatory developments and guidance that might be required to mitigate risks, and would protect the privacy of people’s genomics data. It also picks up along the way the issue of the security services scrutinising malign entities and guiding researchers, businesses, consumers and public bodies. Bringing all those things together at the end of a long and rather messy Bill is quite a feat—congratulations to the noble Lord.

I am rather hoping that the Minister will tell the Committee either that the Government will accept this wisely crafted amendment or that everything it contains is already covered. If the latter is the case, can he point noble Lords to where those things are covered in the Bill? Can he also reassure the Committee that the safety and security issues raised by the noble Lord, Lord Clement-Jones, are covered? Having said all that, we support the general direction of travel that the amendment takes.

Nothing makes me happier than the noble Lord’s happiness. I thank him for his amendment and the noble Lord, Lord Bassam, for his points; I will write to them on those, given the Committee’s desire for brevity and the desire to complete this stage tonight.

I wish to say some final words overall. I sincerely thank the Committee for its vigorous—I think that is the right word—scrutiny of this Bill. We have not necessarily agreed on a great deal, but I am in awe of the level of scrutiny and the commitment to making the Bill as good as possible. Let us be absolutely honest—this is not the most entertaining subject, but it is something that we all take extremely seriously and I pay tribute to the Committee for its work. I also extend sincere thanks to the clerks and our Hansard colleagues for agreeing to stay a little later than agreed, although that may not even be necessary. I very much look forward to engaging with noble Lords again before and during Report.

My Lords, I thank the Minister, the noble Baroness, Lady Jones, and all the team. I also thank the noble Lord, Lord Harlech, whose first name we now know; these things are always useful to know. This has been quite a marathon. I hope that we will have many conversations between now and Report. I also hope that Report is not too early as there is a lot to sort out. The noble Baroness, Lady Jones, and I will be putting together our priority list imminently but, in the meantime, I beg leave to withdraw my amendment.

Amendment 295G withdrawn.

Amendment 296 not moved.

Clause 150: Power to make consequential amendments

Amendment 297

Moved by

297: Clause 150, page 188, line 3, at end insert—

“(3A) Regulations under this section made in consequence of section 183A of the 2018 Act (inserted by section 49 of this Act) may amend, repeal or revoke provision which refers to the data protection legislation (as defined in section 3 of the 2018 Act) as they could if the provision referred instead to the main data protection legislation (as defined in section 183A of the 2018 Act).”Member’s explanatory statement

This amendment makes clear that regulations making amendments consequential on new section 183A of the Data Protection Act 2018 (inserted by clause 49 of the Bill) can remove provision which duplicates the effect of that section but which refers to the “data protection legislation” generally, rather than the “main data protection legislation”.

Amendment 297 agreed.

Clause 150, as amended, agreed.

Clauses 151 to 153 agreed.

Clause 154: Extent

Amendment 298

Moved by

298: Clause 154, page 189, line 24, leave out “subsection (3)” and insert “subsections (2) and (3)”

Member’s explanatory statement

This amendment provides that subsection (4) of this clause is subject to subsection (2) of this clause, as well as subsection (3).

Amendment 298 agreed.

Clause 154, as amended, agreed.

Clause 155: Commencement

Amendments 299 to 303 not moved.

Clause 155 agreed.

Clauses 156 and 157 agreed.

Bill reported with amendments.

Committee adjourned at 8.16 pm.