Skip to main content

General Committees

Debated on Monday 11 September 2023

Delegated Legislation Committee

Northern Ireland (Ministerial Appointment Functions) Regulations 2023

The Committee consisted of the following Members:

Chair: Mr Laurence Robertson

† Anderson, Fleur (Putney) (Lab)

† Carden, Dan (Liverpool, Walton) (Lab)

† Davison, Dehenna (Parliamentary Under-Secretary of State for Levelling Up, Housing and Communities)

† Elmore, Chris (Ogmore) (Lab)

Gardiner, Barry (Brent North) (Lab)

† Grant, Mrs Helen (Maidstone and The Weald) (Con)

† Green, Chris (Bolton West) (Con)

† Greenwood, Margaret (Wirral West) (Lab)

† Hammond, Stephen (Wimbledon) (Con)

† Hunt, Tom (Ipswich) (Con)

† Johnson, Gareth (Dartford) (Con)

† Largan, Robert (High Peak) (Con)

† McDonald, Andy (Middlesbrough) (Lab)

† Menzies, Mark (Fylde) (Con)

Osborne, Kate (Jarrow) (Lab)

† Shelbrooke, Alec (Elmet and Rothwell) (Con)

† Tomlinson, Justin (North Swindon) (Con)

Chloe Smith, Committee Clerk

† attended the Committee

First Delegated Legislation Committee

Monday 11 September 2023

[Mr Laurence Robertson in the Chair]

Northern Ireland (Ministerial Appointment Functions) Regulations 2023

I beg to move,

That the Committee has considered the Northern Ireland (Ministerial Appointment Functions) Regulations 2023 (S.I. 2023, No. 776).

It is a pleasure to serve under your chairmanship today, Mr Robertson, and to welcome to her place the shadow Minister, the hon. Member for Putney. I think that this is her first Delegated Legislation Committee. I remember my first; I was absolutely petrified. She looks a lot calmer than I was. I am looking forward to working with her as we move through what I hope will be a relatively non-controversial and consensual statutory instrument today. On that basis, I have prepared for only 90 minutes, but Members should feel free to make long interventions if they so wish.

The regulations were laid before the House on 10 July 2023. The Minister of State for Northern Ireland sends his apologies to the Committee; unfortunately, he is unavoidably absent. I am sorry that, in me, the Committee has the B team, but I am glad to support the Minister of State by taking the instrument through the Committee.

The Government are committed to the Belfast/Good Friday agreement, and our priority is to see the return of a locally elected, accountable and effective devolved Government, which is and will remain the right way for Northern Ireland to be governed. However, in the absence of a devolved Government, the UK Government are committed to acting in the best interests of the people of Northern Ireland, to ensure that there is good governance and that public confidence is maintained in Northern Ireland until an Executive are restored.

In December last year, we passed primary legislation that, among other things, addressed the need for urgent public appointments to be made to a number of bodies. The Northern Ireland (Executive Formation etc) Act 2022 provided for the Secretary of State to appoint a new Commissioner for Children and Young People for Northern Ireland, and further provided for the Lord Chancellor to make appointments to the Northern Ireland Judicial Appointments Commission, in the initial phase of appointments. The 2022 Act provided for the Secretary of State to add to the list, by way of regulations, further urgent and necessary appointments that may arise during the continuing absence of an Executive.

The Government maintain that, while prioritising the restoration of devolved government, it is important to ensure the maintenance of good governance and to ensure that public bodies can continue to function. The appointments made to date under the provisions of the 2022 Act have contributed to that. The statutory instrument therefore includes a further list of specific offices that the Executive Office has identified as urgent and critical because of the continued absence of an Executive. The Act did not originally provide for the appointment of those offices, because urgent action was not required at that time, but because of the continued absence of an Executive, it is now critical that appointments are made to a number of bodies to ensure that they can continue to function.

The statutory instrument will allow for appointments to be made to those bodies, which will continue to safeguard the quality and delivery of services in Northern Ireland. To prepare the instrument, Northern Ireland Office officials worked closely with the Northern Ireland civil service departments, including the Executive Office, to identify further critical appointments that have arisen during the absence of an Executive, some of which have already faced difficulties and unfortunately been unable to exercise their statutory duties and functions because of the absence of Ministers.

The instrument adds to the list in section 6 of the EF Act, which will enable the Secretary of State, as a relevant UK Minister, to exercise Northern Ireland Ministers’ appointment functions in relation to the following bodies—I am assured that further information about each is provided in annex A. The bodies include the Agricultural Wages Board, the Livestock and Meat Commission, the Northern Ireland Fishery Harbour Authority, the Northern Ireland Local Government Officers’ Superannuation Committee, the board of trustees of the National Museums and Galleries of Northern Ireland, the Northern Ireland Historic Buildings Council, the General Consumer Council for Northern Ireland, the Labour Relations Agency, Tourism Northern Ireland, the Northern Ireland Policing Board, the Probation Board for Northern Ireland and the Commissioner for Public Appointments for Northern Ireland. Those are important offices, and the exercise of appointment functions in the coming months is critical for the continuation of good governance in Northern Ireland.

It is an honour to serve under your chairship, Mr Robertson. I thank the Minister, the hon. Member for Bishop Auckland (Dehenna Davison), for standing in today and for her welcome, and I wish the hon. Member for Wycombe (Mr Baker), the Northern Ireland Minister of State, a speedy recovery. I look forward to our future exchanges.

Public appointments are necessary for the continuation of good governance, and the Opposition will not oppose the regulations. I hope that the appointments to the Commissioner for Public Appointments for Northern Ireland as well as to positions at the Labour Relations Agency, the Policing Board and the General Consumer Council, among others, will increase social and economic confidence in Northern Ireland—so badly needed for a people suffering more than any other part of the country from the cost of living crisis.

I am pleased that the Government have been explicit in confirming that this legislation will last only as long as power sharing is suspended and that it will be overturned as soon as the Assembly and Executive resume. Having said that, I think it would be remiss of me as the newly appointed shadow Minister not to start as I mean to go on: by championing Northern Ireland. My grandparents are from Northern Ireland and I am proud of my Northern Irish roots. I look forward to visiting in an official capacity with my right hon. Friend the Member for Leeds Central (Hilary Benn), the shadow Secretary of State, very soon.

The Committee already knows how beautiful Northern Ireland is and how friendly its people, but it is also now the destination of choice for tech companies looking to set up in the UK and it has been listed as a world leader on climate action. To return to the subject of this statutory instrument, despite those great achievements, power sharing in Stormont is still at an impasse. It is vital that the UK Government and European Union constructively engage with the concerns of the Unionist community that have led to the current stand-off. At the same time, it is incumbent on decision makers to ensure that any proposed solutions are welcomed by the nationalist community so that the Executive can continue to operate functionally.

I am proud to be continuing a long history of Labour politicians standing up for Northern Ireland. The Labour party cherishes the Belfast/Good Friday agreement and believes that its functions and the principles that underpin it represent the best way forward for Northern Ireland. By finally restoring the Executive and Assembly, we can avoid in future the need for statutory instruments such as what we are agreeing today. That is what we all want to see as soon as possible.

I am grateful to the shadow Minister not only for championing Northern Ireland but for supporting this statutory instrument.

Question put and agreed to.

4.37 pm

Committee rose.

Draft Windsor Framework (Enforcement etc.) Regulations 2023

The Committee consisted of the following Members:

Chair: Caroline Nokes

† Benn, Hilary (Leeds Central) (Lab)

† Bonnar, Steven (Coatbridge, Chryston and Bellshill) (SNP)

† Browne, Anthony (South Cambridgeshire) (Con)

† Byrne, Liam (Birmingham, Hodge Hill) (Lab)

† Churchill, Jo (Vice-Chamberlain of His Majesty's Household)

Coyle, Neil (Bermondsey and Old Southwark) (Lab)

† Drummond, Mrs Flick (Meon Valley) (Con)

† Hardy, Emma (Kingston upon Hull West and Hessle) (Lab)

† Jones, Andrew (Harrogate and Knaresborough) (Con)

† Loder, Chris (West Dorset) (Con)

† Mills, Nigel (Amber Valley) (Con)

† Mortimer, Jill (Hartlepool) (Con)

† Spencer, Mark (Minister for Food, Farming and Fisheries)

† Sturdy, Julian (York Outer) (Con)

† Tami, Mark (Alyn and Deeside) (Lab)

† Vara, Shailesh (North West Cambridgeshire) (Con)

† Wilson, Sammy (East Antrim) (DUP)

Yohanna Sallberg, Kevin Maddison, Committee Clerks

† attended the Committee

Third Delegated Legislation Committee

Monday 11 September 2023

[Caroline Nokes in the Chair]

Draft Windsor Framework (Enforcement etc.) Regulations 2023

I beg to move,

That the Committee has considered the draft Windsor Framework (Enforcement etc.) Regulations 2023.

The draft regulations were laid before the House on 4 September. Their purpose is to implement arrangements agreed under the Windsor framework, which, as hon. Members will be aware, was announced by the Government in February this year.

The prospect of full implementation of the original Northern Ireland protocol met with some challenge from businesses and communities in Northern Ireland. Despite a range of grace periods being in place, the protocol has already led to significant disruption in the links between Great Britain and Northern Ireland. The central purpose of the draft regulations is to put in place essential arrangements that were agreed in the Windsor framework to address that.

The measures fundamentally recast the old Northern Ireland protocol to restore the smooth flow of trade in the UK internal market, safeguard Northern Ireland’s place in the Union and address any concerns over any democratic deficit. Importantly, the draft regulations do not establish those arrangements themselves, but provide Northern Irish authorities with powers required as a consequence of those arrangements. That will ensure their proper functioning and guarantee protection for Northern Irish consumers, in line with that in the rest of the United Kingdom.

To enable the flow of trade once again, we are introducing new regimes for the movement of goods between Great Britain and Northern Ireland. First, the Northern Ireland retail movement scheme establishes a new, sustainable, long-term legal framework for trade in retail agrifood goods between Great Britain and Northern Ireland. The new scheme will allow traders moving agrifood goods destined for the final consumer in Northern Ireland to benefit from a unique set of arrangements.

The arrangements enable consignments to move on the basis of a single certificate, without routine physical checks, and on the basis of Great British—not EU—public health, marketing and organic standards, as well as catch documentation requirements for certain species of fish. Indeed, the Windsor framework secures the disaggregation of over 60 EU regulations on goods moving to Northern Ireland via the scheme. The application of GB standards to those goods ensures a common approach across the United Kingdom. The scheme will be available to all such traders, including retailers, wholesalers, caterers and those providing food to public institutions such as schools and hospitals.

Secondly, the Northern Ireland plant health label regime will remove the requirement on plants for planting and used farming or forestry machinery to be accompanied by expensive phytosanitary certificates, which cost businesses around £150 per movement. Instead, operators will be able to register and become authorised to issue an attachable Northern Ireland plant health label for goods moving from Great Britain to Northern Ireland. That will help to significantly reduce the cost for businesses that move such goods to Northern Ireland. The Northern Ireland plant health label is based on the existing UK plant passport regime, which controls plant health in the rest of the UK and ensures freedom from pests. Previously banned seed potatoes will once again be available in Northern Ireland from other parts of the UK. They will also move under the Northern Ireland plant health label scheme.

The draft regulations will allow for the significant, pragmatic and proportionate enforcement of key elements in these new schemes. First, as agrifoods entering Northern Ireland under the Northern Ireland retail movement scheme can now meet the same public health, marketing and organic standards that apply elsewhere in the UK, relevant bodies in Northern Ireland need the powers to ensure compliance with those standards. The draft regulations ensure that existing Northern Ireland powers can be used in respect of goods that move under the scheme, including the ability to remove non-compliant goods from sale and act against non-compliant businesses. Such powers are already in place in Northern Ireland in respect of EU standards; as such, the regulations do not represent a widening of enforcement powers or additional responsibility for business. Importantly, though, they will ensure the continued protection of public health, consumers’ interests and food safety in Northern Ireland, guaranteeing that consumers in Northern Ireland will benefit from the same high food safety standards and equivalent protections as consumers in the rest of the UK.

Secondly, the draft regulations provide the necessary enforcement powers to ensure compliance with the Northern Ireland plant health label regime, in line with what already exists for the UK plant passport regime in the rest of the UK. They affect only businesses that make use of the regime and are no more burdensome than they are for British businesses operating within the plant passport regime. They will ensure that authorities in Great Britain and Northern Ireland will be able to manage non-compliance with the Northern Ireland plant health label regime proportionately, using the existing domestic plant health enforcement regime.

The measures are intended not to burden lawful traders but to create an equitable ground for business and protect the interests of consumers in Great Britain and Northern Ireland. As we would expect, the measures will have no impact on traders who abide by the relevant Great British standards for agrifood and the terms and conditions of the Northern Ireland plant health label scheme.

As we move forward with the Windsor framework, let us not forget its profound implications for trade and the economy. The framework is an innovative solution that removes the Irish sea border for goods remaining in the UK and provides a stable legal foundation for trade, allowing everyday goods to move easily while adhering to the highest standards and protecting biosecurity on the island of Ireland. The new arrangements will ensure that consumers in Northern Ireland can access goods available across all parts of the UK and that they are protected by the same high standards as consumers elsewhere in the UK.

I hope I have assured all Committee members about the purposes and aims of this statutory instrument. It is a crucial part of the Windsor framework, which the Government announced earlier this year. I am sure that we all agree that this is a positive step for business and consumers. As we take this positive step forward, let us remember that the framework is about not just trade, but securing a brighter future for all. I am grateful for Committee members’ attention. I look forward to a short debate and then moving forward.

It is a great pleasure to serve under your chairship, Ms Nokes. I am grateful to the Minister for his explanation of the draft regulations. As he will know, I strongly support the Windsor framework as a way out of the mess that both the Government and the EU had got themselves into. For that reason, we will not oppose the regulations, although I want to raise some questions.

I realise that these particular regulations are principally about ensuring that the appropriate authorities have the power to enforce the new arrangements, but, as the Minister will be only too well aware, it is essential that people understand what is expected of them so that they do not fall foul of these enforcement rules. In other words, we need clarity and timely guidance. On that question, may I begin by referring to paragraph 7.4 of the explanatory memorandum? About halfway down, it says:

“The SPS Regulation will also be applicable in NI, but under Article 1(2) and Annex 1 of that regulation, the standards in directly applicable EU law are disapplied in relation to retail goods under the Scheme.”

So far, so good. It goes on:

“This means that the relevant NI legislation does not apply to retail goods under the Scheme.”

But the very next sentence says:

“This SI applies the NI legislation to goods under the Scheme.”

Maybe I have misread the paragraph or missed something, but surely the relevant Northern Ireland legislation either does not apply to goods under the scheme or it does. Which of those two is it, or are those two consecutive sentences referring to different types of goods or different circumstances?

Next, the Minister will be aware that many of those who submitted evidence to the recent House of Lords European Affairs Committee inquiry, which produced an excellent report that I commend to all Members, argued that the implementation of these new arrangements, while a great improvement on the full application of the Northern Ireland protocol, will still represent an increase in checks and paperwork compared with the grace periods. Does the Minister accept that?

Let us take an example. There is a particular issue for hauliers who carry mixed loads—I think it is referred to as groupage—some of which is for the red lane and some of which is for the green lane but all of which is in the back of the same truck. In practical terms, how will the situation be managed to ensure the right enforcement for the right lane? Can the Minister give an assurance that no goods that qualify for the green lane will be subject to red lane inspection even though they are in the back of the same truck with red lane goods? To what extent will the red and green lanes apply to the products that he referred to?

The explanatory memorandum makes it clear that agrifoods moving from Great Britain to Northern Ireland under the Northern Ireland retail movement scheme, which I welcome, will be able to meet relevant GB public health and consumer protection standards. Can the Minister therefore confirm for the record, because I understand this to be the case, that cakes and ice cream containing the food whitener titanium dioxide, which is banned in the European Union but not in the UK, can continue to be moved from Great Britain to Northern Ireland and sold to consumers there?

From 1 October, businesses in Great Britain will be able to move prepacked retail goods as well as certain other goods, including fruit and vegetables, through the green lane to Northern Ireland under the Northern Ireland retail movement scheme. These requirements will come in in three phases. As I understand it, in phase 1, the “Not for EU” label that we have started to see will be required on all prepacked meat products, meat packed on sales premises and some dairy products. I understand that compound products such as chicken kiev are included in phase 1, but composite products such as pepperoni pizza are not. I am a vegetarian, but I thought it was important to raise that point. Is the Minister confident that the new arrangements, including the difference between compound and composite products, are well understood by manufacturers and traders? Will those enforcing the new arrangements take a proportionate approach to their implementation in this case and the others he referred to?

The provisions for seed potatoes are a great step forward and I welcome them, but can the Minister clarify the situation on the movement of certain shrubs and trees—in particular, oak, yew, honeysuckle, willow, hazel, dogwood, birch, chestnut, beech, fig, ash, jasmine, walnut, rowan, poplar, cherry, and hazel and hawthorn—given their importance for hedgerows? As I understand it from the document issued by his Department on 6 September entitled “Regulated plants for planting under a Northern Ireland plant health label”, the trees I just mentioned

“must not be moved from Great Britain to Northern Ireland”,

although in respect of Acer, also known as maple, Malus, also known as crab apple, and crataegus, also known as hawthorn, it states:

“Some of the species in this genus have now been approved to move”

and advises traders to

“Consult your local PHSI Inspector.”

The Minister will be aware that the inability to move certain species of tree or shrub from Great Britain to Northern Ireland for planting causes a great deal of concern to farmers, growers and garden centres. Since only some of these trees and shrubs have been cleared for movement so far, what will be the process for clearing the rest so that there is ultimately free trade in these iconic species?

Finally, on any agrifood checks, it would really help if there was a veterinary agreement between the United Kingdom and the European Union. Perhaps the Minister could tell the Committee what discussions he has been having with the Commission about how to bring one into being, given that in the vast majority of cases we are still applying EU single market rules to the sector.

On the basis of the Minister’s opening speech, the regulations were designed to protect Northern Ireland consumers from goods that might be damaging and that come not from outside the UK, but from within the UK. I suppose we should be grateful, although I am sure many hon. Members will ask what goods are circulating in the rest of the UK that could be damaging to people in Northern Ireland and from which they need protection, while those protections are not afforded to people in Great Britain, because there is nothing in the regulations about those goods being dealt with and prevented from being sold in Scotland, Wales or England. I was a bit bemused by that argument, but according to the explanatory notes it is central to the justification that the Government give for the regulations.

I want to look at the regulations in two ways. Some people have already given up on the idea that we have broken free of the European Union and that it no longer has any say in the United Kingdom. It is a pity that despite the fact that the Windsor framework has been place for six months, the regulations are being raced through. The explanatory notes accept that no consultation was done, even though there is a legal obligation to carry out such consultation. It is claimed that the consultation did not take place because, “We didn’t have enough time.” We do not have, therefore, the benefit of the opinions of and input from those who will actually feel the impact of the regulations on their businesses, or those who will have to ensure that they are properly enforced.

The regulations also relate to other regulations, such as the plant health regulations and the retail movement regulations that were laid just last week. They are all bound together, but we have not even had sight of them, we will not get a vote on them as they will be taken under the negative resolution procedure, and we will not have a proper discussion of them. That is one reason why people get so suspicious. What is the real motive behind rushing the regulations through?

We should bear in mind that the regulations are not primarily based on decisions made by this Government. They are based on EU regulation 2023/1231, which defines, for example, plant health labelling, which is mentioned 42 times in the regulations. They are not defined by GB or UK legislation—they are defined by the EU. The EU regulation does not even apply to the whole of the EU: it applies specifically to the UK. The requirement for the labelling is part of EU regulation, and for goods to move they have to comply with EU requirements. I know that the Minister has said that the regulations are to help to reduce and do away with the sense of a border, and the Prime Minister has said the same. But look at the conditions that EU regulation 2023/1231 imposes. The goods have to be labelled, they have to be taken over by a trusted trader, they have to have export documents, the retailer has to have a confirmed address in Northern Ireland, and the goods will still be subject to checks—10% initially, and 5% eventually.

I will be interested to hear how the Minister justifies that, because at the minute no border posts have been built to do these checks. By the time the border posts have been built, the rate will be down from 10% to 5%. Do we even have the capacity for these checks? If not—and even if we accept that checks are a good thing in the first place—what does that mean for the movement of goods and the back-up of lorries? I know that that first point will resonate with some Members. These draft regulations are dependent not on what our Government have decided but on specific regulation imposed by the EU on the Government of the UK.

My second point is about what are described as GB standard goods. Goods that come into Northern Ireland must now be examined to ensure that they comply with GB standards. Will the Minister explain why that is the case? In most cases, the standards for these goods are not set for GB alone, because they have been set by UK legislation. Why, therefore, do we have to have this differentiation? Why are goods exported into Northern Ireland to be treated as GB goods that comply with GB standards? If the standards have been set by legislation in this place, on a UK-wide basis, surely there is no need for checks to ensure that goods coming into Northern Ireland comply with GB standards, because all goods should be produced on that basis.

For the life of me, I cannot understand this. I think that the distinction has been made to provide cover. We are talking not about an international border but about border posts designed to ensure that UK standards apply in Northern Ireland. That is the only explanation I can think of for making the distinction: to try to soften the idea that there is an international border between Northern Ireland and GB. But the truth of the matter is that there is an international border for goods that go through the red lane, because they have to go through full international border checks. As I have indicated, the process is not unfettered for those that go through the green lane, because there are requirements on those goods, too.

And here’s the thing about EU regulation 2023/1231: it is clear that the EU can, at any time, without discussion with the UK Government, and without having to give a reason, remove the option of the alternative border—I do not know what else to call it. If the EU believes that the green lane is not working, or if it has other reasons for deciding to get tough, it can remove it. That is its default position. Once again, the Government are telling us, “We have a good deal and we are in control of this,” but that is not the case.

The whole point of these draft regulations is to safeguard our independence, which is why it is so important that we do not look at them in isolation. They depend on the terms of an EU regulation, which states that the border arrangements that the Minister says are so beneficial to Northern Ireland can be removed at any time by the EU. The irony here is that our own Government never sought a default position on the green lane; the only default position is on the red lane. We do not have any alternative whereby we can say, “The way in which you have directed goods to the red lane is unacceptable to us, so we will go to a green lane default position.” We have handed over to the EU the definition of the goods that can comply, we have handed over to the EU the right to decide the nature of the border between Northern Ireland and GB, and we have this justification in place.

One of the purposes of the draft regulations will be to protect Northern Ireland consumers from faulty or non-compliant goods that come from GB. If it is so necessary to have checks for such goods that are so widespread that we have to check 10% of those that go through the green lane, maybe the Minister can tell us what arrangements are in place to protect GB consumers from non-compliant goods.

If there is so much concern about non-compliant goods coming from GB into Northern Ireland and harming Northern Ireland consumers, why is there no such concern about goods coming from the Irish Republic into Northern Ireland that might not comply with UK standards and from which Northern Ireland consumers need protection? Let us just remind ourselves of the food scandals that have occurred: tainted olive oil from Spain, which killed over 1,000 people; pizzas with E. coli, which killed two people; or the scandal of horsemeat in burgers that came from the Irish Republic, France and Spain. I could go on and on about food standards. Indeed, a recent report stated that EU consumers were at a health risk from faulty goods because of inadequate policies and the inadequate policing of food standards in the EU.

If the Minister is so concerned about protecting Northern Ireland consumers from goods that are made in the UK, which presumably do not go through the same checks for GB consumers, why is there no concern about goods that cross the border—and not just into Northern Ireland? Do not forget that Northern Ireland is a conduit for goods that can come from Europe into GB. The justification for the draft regulations does not seem to stand up when we look at things in that way. We deserve an explanation from the Minister as to why, if there is such a fear, it is not dealt with on both sides. I suspect that some of the reasons behind the draft regulations that have been given are not valid and do not carry any serious weight.

Although the new arrangement is presented as an improvement, the Minister has already said that many of the goods that will now be caught under the draft regulations, and have checks imposed on them were not subject to checks under the Northern Ireland protocol because of grace periods. This situation is actually worse, because the grace periods disappear. As a result, more goods will have to go either through the red lane for full international checks, or through the green lane.

I do not want to go through the Minister’s claims, because a lot of this is anecdotal, but I can tell the Committee that promises such as free access to seed potatoes for Northern Ireland are just not true. In Northern Ireland, seed potatoes cannot be sold in retail outlets, garden centres and so on. People like me who do a wee bit of gardening would not buy tons of them; they would buy a wee bag to plant for Christmas time or whatever. That is not available. Many plants are still not available, and many businesses now say that requirements under EU regulation to permit goods to go through the green lane are so onerous that they are simply not going to purchase any more.

Even big retailers say that. Tesco recently indicated, certainly to its own suppliers, that it would do three things—look to the Irish Republic; look to EU supply chains; and find ways to stock its shelves other than bringing goods from GB—because even with what it knows about the Windsor framework arrangements, it would be too onerous to bring goods into Northern Ireland. That is the consequence, and I do not think that we should make claims for these regulations that are not true.

It is nice to see you in the Chair this afternoon, Ms Nokes.

We in the SNP understand the purpose and aims of, and need for, yet another Brexit-related SI, this time relating to the Windsor framework to allow trade to take place between Northern Ireland and Great Britain. The right hon. Member for East Antrim outlined many of the pitfalls that he has concerns about, and I am sure that he could have talked for considerably longer. However, it must be stated that once again a monumental amount of parliamentary time is being wasted as we go through the myriad pitfalls that must still be ironed out in the wake of Brexit. As the right hon. Member for Leeds Central said, there are many still to come.

The reality is that we are seven years on from the Brexit vote and three years on from leaving the European Union, yet valuable parliamentary time is being wasted on such instruments as our constituents struggle to make ends meet. None of this comes close to what EU membership gave us.

Both the Westminster parties support Brexit. The Tories and the Labour party both support taking this self-defeating, self-damaging and insular road. The right hon. Member for Leeds Central spoke about many of the self-damaging pitfalls, so I really hope that he will take that forward to his own party leadership. Both parties seem determined to take the rest of us along with them—whether willingly or unwillingly, it does not seem to matter. The reality is that that is why Scottish independence is sitting so high in the polls, even if not for our own party. It is becoming clear that that is Scotland’s only way of escaping this Brexit madness and once again taking our place among our European friends as a normal, independent nation in the EU.

I am conscious that this is quite a specific debate about the enforcement of the regulations in Northern Ireland. It is tempting to wade into reliving the debate with the EU and the Brexit debate, and to get into topics that are much wider than the SI we are debating . I will resist temptation and try to stick to the SI.

I will try to address the specific questions asked by the right hon. Member for Leeds Central. On his first question, about paragraph 7.4 in the explanatory memorandum, he was quite specific about wording that may appear in legalese to be somewhat confusing. I will try to clarify that as best I can. The first sentence refers to the effect of the EU regulation; the second refers to the situation after the SI steps in to ensure that GB standards can be applied in Northern Ireland to goods that move under the retail movement scheme—if that makes sense. I am more than happy to correspond with him afterwards to try to clarify the position.

The enforcement in Northern Ireland of the retail movement scheme is set out in the Windsor Framework (Retail Movement Scheme) Regulations 2023. The enforcement tools available include suspension or removal from the scheme. However, the relevant competent authorities will take a pragmatic approach to enforcement in the first instance as we work towards maximising compliance with similar domestic schemes. I hope that we will see the compliance and flexibility requested by the right hon. Gentleman.

I did not have time to write down all those trees that the right hon. Gentleman listed, but I will try to deal with his concern. The EU’s risk assessment process for the movement of so-called high-risk trees will also be expedited. Once approved, they will move from GB to Northern Ireland with the Northern Ireland plant label. The 11 most commercially important GB-native and other industry-prioritised trees will be expedited so that they can move in time for the main 2023 planting season. That includes important GB-native trees such as English oak, sycamore, beech and the many others that he mentioned.

The Minister has made an extremely helpful point, but did he also say that the trees would be ready in time for the 2023 planting season?

We are in 2023, so can I take it that the expediting process for the assessment will happen in very, very short order?

We are very keen to expedite this as quickly as possible. Obviously, no one will be planting a tree at this moment in time and we will then move into winter. I will clarify in writing exactly when we hope to have this in place, but we are conscious that we do not want barriers. We want to allow free market movement of goods wherever possible.

I turn to my friend from Northern Ireland, the right hon. Member for East Antrim. I understand his passion and his commitment to Northern Ireland, and we share many of his ambitions. Of course we want Northern Ireland to remain part of the United Kingdom, but in creating the Windsor framework, we are trying to address the challenges that were brought forward through the protocol. He criticises us for not consulting Northern Ireland and those who are affected, but of course there is huge pressure to try to solve this challenge. I know that he would be one of those voices—indeed he was—saying, “Let’s try and overcome the challenges that we face in the protocol.” These are the solutions that we have brought forward and we are trying to expedite those solutions as quickly as possible.

The Windsor framework achieves a long-standing UK Government objective of restoring the smooth flow in trade within the UK internal market. By pursuing a green lane for the movement of goods from GB to Northern Ireland, supporting Northern Ireland’s place in the UK, it restores that smooth flow of trade within the internal market by removing some of those unnecessary burdens that disrupted east-west trade.

When one thinks of smooth trade, one thinks of a lorry leaving here in London and going up to Scotland or Wales: it does not get stopped; it does not need to have labels on the goods; the final destination of the goods does not need to be known; it does not need a trusted trader arrangement for the people involved; and it does not need export papers. How can the Minister claim, when all that has to be in place for goods going to Northern Ireland that are purely for consumption in Northern Ireland, that that can be regarded as smooth trade? It would not be regarded as smooth trade if people had to do it in GB.

Again, I hesitate to wade in, because such matters are often way above my pay grade. However, we have to recognise that there are a number of challenges, not least of which are that we have to respect the Good Friday agreement and we have to respect the phytosanitary integrity of the island of Ireland. That is why we are devising these processes to try to expedite and ease that trade as much as possible while respecting all those other challenges that we face as a Government. We need the regulations so that we continue trade with Northern Ireland.

I appreciate the Minister’s point about safeguarding the Northern Ireland market and making sure that goods are compliant, including with UK law. However, he was the one who emphasised this point in his speech, and it is also emphasised in the explanatory memorandum, so could he explain to me what dangers the UK Government see in goods going from GB into Northern Ireland that could harm Northern Ireland consumers? Is there a volume of goods, and what sectors of the economy are those goods coming from, that require these kinds of checks because he and his explanatory memorandum have emphasised that this is one of the main reasons for the checks?

I am grateful for the right hon. Gentleman’s intervention, but this is about the phytosanitary protection of the island of Ireland. Of course, we have obligations to try to mitigate the spread of any diseases in the United Kingdom. For example, we have measures in place with the Welsh Government, and we have operations that will restrict movement of plants across the United Kingdom to protect other parts of the UK from the spread of disease. It will be similar to moving an infected tree from London to Edinburgh, or from London to Shropshire. We need measures in place to ensure that we do not unwittingly spread disease around the United Kingdom.

The right hon. Member for Leeds Central asked a specific question about titanium dioxide. I will do my best to answer him, but I am more than happy to write to him if he does not feel my answer is adequate. The regulations mean that food items containing titanium dioxide, which is now banned in the EU, can lawfully be sent for sale to consumers in Northern Ireland. Under the Windsor framework, more 60 pieces of EU legislation have been disapplied on retail agrifood goods moving from Great Britain to Northern Ireland under the Northern Ireland retail movement scheme. GB standards will apply instead. That food additive remains authorised for use in Great Britain, so prepacked agrifood goods with this additive may be moved from GB to Northern Ireland under the Northern Ireland retail movement scheme for supply to Northern Ireland consumers. That is consistent with a UK market.

I am grateful for that clarification—I understood that that was the case—but does it not illustrate a point that the right hon. Member for East Antrim made? I would have thought that he would welcome what is in the regulations because under the Northern Ireland protocol—this was why I raised the example—cake and ice cream containing titanium dioxide would not have been able to move from Great Britain to Northern Ireland. It would have been banned because EU regulations applied. Now, because GB standards apply, which are GB-UK standards, it can move. Does that not demonstrate how this position represents an improvement on the mess with which we grappled previously?

I agree with the right hon. Gentleman: it protects the UK internal market, which we are very keen to do. I know that the right hon. Member for East Antrim is also keen to protect that. This is a good example of how things are working.

We have taken a lot of time this afternoon, so I would like to remind members of the Committee of the two critical components of the Windsor framework in the regulations. They will implement the Northern Ireland retail movement scheme, which will establish the new sustainable long-term solution for the movement of agrifood goods from Great Britain to Northern Ireland to the final consumer. Secondly, the Northern Ireland plant health label regime will significantly reduce costs for businesses moving plants to Northern Ireland, putting the process in line with the rest of the UK under the UK plant passport regime. Previously banned seed potatoes will once again be available in Northern Ireland, which is good news for our farms in Northern Ireland and for our Scottish farmers who export top-quality seed potatoes around the UK. This is a big step forward.

Let us not lose sight of the greater narrative. The statutory instrument is part of a wider framework that echoes our resolve to shape a brighter future for Northern Ireland and stands firmly on the pillars of economic prosperity and democratic values. I thank hon. Members for their engagement and questions.

Question put.


That the Committee has considered the draft Windsor Framework (Enforcement etc.) Regulations 2023.

Committee rose.

Draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023

The Committee consisted of the following Members:

Chair: Mr Philip Hollobone

† Afriyie, Adam (Windsor) (Con)

† Bruce, Fiona (Congleton) (Con)

† Byrne, Ian (Liverpool, West Derby) (Lab)

† Creasy, Stella (Walthamstow) (Lab/Co-op)

† Double, Steve (Lord Commissioner of His Majesty's Treasury)

† Fletcher, Mark (Bolsover) (Con)

† Freeman, George (Minister for Science, Research and Innovation)

† Kruger, Danny (Devizes) (Con)

† Mackinlay, Craig (South Thanet) (Con)

† McDonnell, John (Hayes and Harlington) (Lab)

† Morris, Anne Marie (Newton Abbot) (Con)

† Morton, Wendy (Aldridge-Brownhills) (Con)

† Onwurah, Chi (Newcastle upon Tyne Central) (Lab)

† Owatemi, Taiwo (Coventry North West) (Lab)

† Rimmer, Ms Marie (St Helens South and Whiston) (Lab)

Turner, Karl (Kingston upon Hull East) (Lab)

† Villiers, Theresa (Chipping Barnet) (Con)

Bethan Harding, Committee Clerk

† attended the Committee

Second Delegated Legislation Committee

Monday 11 September 2023

[Mr Philip Hollobone in the Chair]

Draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023

I beg to move,

That the Committee has considered the draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.

It is a great pleasure, Mr Hollobone, to serve under your direction and leadership this afternoon.

Consumers have a right to assume that if a product is for sale, it is safe and secure; too often, that is not always the case. Government must act to ensure that when UK consumers and business customers are purchasing consumer connectable products, they are not putting themselves at risk of cyber-attack, theft or even physical danger. Through the draft regulations, the Government are ensuring that protections are implemented for our commonly used items such as smart phones, smart watches and smart baby monitors, and for the UK citizens and businesses that use them.

Cyber-crime is thought to cost the UK billions of pounds—the total cost is estimated at about £27 billion a year—and it is on the rise, in particular cyber-crime that targets the internet of things. Vulnerable IOT products are a key attack vector for criminals, allowing them to compromise not only the device, but potentially the user’s network and the broader connected technology ecosystem. This draft statutory instrument is an essential step in fighting the dangers of such cyber-risks.

The draft regulations are made under powers provided by the Product Security and Telecommunications Infrastructure Act 2022 and the European Union (Withdrawal Agreement) Act 2020. The regulations will mandate the manufacturers of consumer connectable products made available to customers in the UK to meet minimum security requirements, unless excepted. The instrument completes the introduction of the UK’s world-first product security regime established by part 1 of the 2022 Act.

Subject to the approval of the Committee here gathered, the regime will afford UK citizens and businesses world-leading protections from the threats of cyber-crime. Research covering the first two months of this year shows that cyber-attacks targeting IOT devices have tripled since 2021, so the need for action has never been greater. The regime will also equip the Government with the tools to ensure the long-term security of a vital component of the broader UK technology ecosystem. That is especially important as frontier technologies, from artificial intelligence to quantum, allow technology to become more embedded in our economy and society than ever before.

I very much welcome the Government’s efforts to make consumer goods in the so-called internet of things safer and more secure and resilient against cyber-attack, but how confident is the Minister that the regime will work against a determined attack by a hostile state? Recently, the Intelligence and Security Committee of Parliament produced a report saying that China targets UK industry and technology “prolifically and aggressively”. Will the draft instrument be effective in protecting us from that kind of attack?

My right hon. Friend makes an important point. Perhaps I can come back to it in a bit more detail at the end of my comments, but I will make this point now: as I described, the measures will give a minimum level of security assurance to customers. This draft instrument is not the frontline, the arrowhead, of UK international counter-espionage; this is about ensuring that when people buy an iPhone or some such device, they can be confident that basic minimum standards have been met. It is not the basis on which we can all go to bed at night safe and secure, with the whole of UK critical national infrastructure secure. That work is being led by my right hon. Friend the Chancellor of the Duchy of Lancaster and Deputy Prime Minister.

I turn briefly to the basics of the draft instrument. First, on security requirements, the regulations mandate that manufacturers comply with the security arrangements that Parliament has set out in schedule 1. The security requirements are backed by security experts and have been consulted on extensively. In the view of the National Cyber Security Centre, which has been very involved, they will make the most fundamental difference to the vulnerability of consumer connectable products through the guidelines in the UK’s code of practice for consumer IOT security.

The first requirement bans businesses from selling to UK customers consumer smart products with universal defaults or easily guessable default passwords. Such passwords expose users to unacceptable risk of cyber-attack and allow malicious actors to compromise products at scale, equipping them with the computing power to launch significantly disruptive cyber-attacks.

Secondly, manufacturers will be required to publish, in an accessible, clear and transparent manner, the details of a point of contact for the reporting of security vulnerabilities. Despite previous Government interventions and the increasing threat of cyber-crime targeted at these products, less than a third of global manufacturers had any policy for how they can be made aware of vulnerabilities as of 2022.

The final security requirement will ensure that the minimum length of time for which a product will receive security updates is not just published, but published in an accessible, clear and transparent manner. Consumers value security and consider it when purchasing products. Equipped with the vital information mandated by this requirement, UK customers and their intermediaries will be able to drive manufacturers to improve the security protections that they offer through market forces.

I will turn to the conditions for deemed compliance. Where the security outcomes that we are seeking to achieve are entirely or partially delivered through broader international standards, the regime allows manufacturers compliant with those standards to more readily demonstrate their compliance with our security requirements. That is the intent of regulation 4, and schedule 2 sets out conditions based on analogous provisions in two leading international standards. Where those conditions are met, a manufacturer is to be treated as having complied with a particular security requirement. Colleagues will be pleased to know that we have tried to take the opportunity to reduce process-driven bureaucracy and make it easy for proper compliance to be demonstrated in the interest of consumer protection.

The excepted products protocol in the instrument sets out a list of products that we have exempted from the scope of the product security regime. First, select product categories made available for supply in Northern Ireland are exempted. That exemption ensures that the regime upholds the UK’s international commitments under the EU withdrawal agreement while extending the protections and benefits offered by the regime to consumers and businesses across the UK. Additionally, smart charge points, medical devices and smart metering devices are exempted to avoid double regulation and to ensure that those products are secured with the measures most appropriate to the particulars of their functions. To answer the point raised by my right hon. Friend the Member for Chipping Barnet, we would not want to rely on these regulations alone for the safety of medical devices; they are covered, quite rightly, by far more extensive regulations through the Medicines and Healthcare products Regulatory Agency.

I welcome the instrument in general terms, but I have a couple of quick questions. The Minister mentioned that Northern Ireland is outwith the scope of this regime because of its interaction with the European Union as it stands today. In effect, that treats Northern Ireland as not part of the United Kingdom for these purposes. Am I correct in thinking that?

Secondly, I completely agree with the cut-outs for medical devices, smart meters and so on. The Minister may need some inspiration on this, but are vehicles included in the minimum standards, given that lots of them now have autopilot systems and software updates to undertake week in, week out, and passcodes included in the software?

Those are two excellent questions. On Northern Ireland, basically the answer is no. This goes with the grain of the Windsor framework that the Prime Minister has negotiated, and it recognises that for the purposes of consumer standards, Northern Ireland is governed by the EU proposals in this space. I am delighted to say that the UK proposals are a little quicker, more agile and fleet of foot, and to some extent that might give Northern Ireland manufacturers an advantage. Perhaps I could come back to the point about vehicles; it is an important point to which the internet of things is very relevant.

The instrument also exempts laptops, desktop computers and tablets without a cellular connection from the regime scope. Engagement with industry highlighted that the manufacturers of those products would face completely unique challenges in complying with the regime. On many occasions where those products are in use, they are already subject to extensive cyber-protection standards. It is therefore not clear at this stage that including those products in the regime scope would be proportionate. However, as with so many of these things, I am happy and keen to keep a watching eye on that to ensure that we are keeping up with technology.

The administrative provisions in the SI, including those relating to statements of compliance, are uncontroversial. The regime will require that those documents are company products serving as an audit trail to enable compliance across the supply chain and to facilitate effective enforcement. We do not expect every single consumer to read all of that every time they buy a pair of speakers or any digital device, but the active intermediaries on behalf of consumers will be able to access it, and we foresee an active enforcement culture, not least online.

The product security regime, including these regulations, is the first in the world to recognise that the public has a right to expect that the products available for them to purchase are secure, and that the Government have a duty to enforce that. The measures will cement the UK as a world leader in responsibly embracing the enormous potential of emerging technology. They are a first step in the development of a framework that will keep pace with technology. I commend the regulations to the Committee.

The Committee will be delighted to know that the debate can continue until half past seven.

It is a delight to serve under your chairmanship, Mr Hollobone, in this important debate. I thank the Minister for setting out the context for the regulations and their intended effect. I declare an interest: as the Minister is aware—I certainly talk about it enough—before I entered Parliament I worked in tech for 23 years, with the last six at Ofcom as head of telecoms technology, which included internet security.

My experiences at Ofcom and as a chartered electrical engineer gave me a strong awareness of the immense value of new technologies, such as IOT, but also of their potential harms. In 2011, I was the first Member of Parliament to mention the internet of things in this place, in a Westminster Hall debate I secured on machine-to-machine communications. Since then, the market for connected devices has grown exponentially; with smart phones in so many pockets, smart appliances in so many homes and wearables on so many wrists, there is a clear need for robust consumer protections. Let me be clear that the Labour party welcomes the introduction of the regulations, which will provide long overdue protection for users of consumer connectable products.

Although a step in the right direction, it has been a long while coming. According to Cisco, in 2010 there were 12.5 billion devices connected to the internet. Strategy Analytics found that in 2018 that had risen to 22 billion, with much of that growth driven by smart phones and IOT devices. It was only in 2016, when the Government published their national cyber-security strategy, that they set an ambition for the majority of online products and services coming into use to be secure by default by 2021.

Responding to a question I tabled in December 2016, I was told that cyber-security was a top priority for the Government. It was a top priority, however, that inspired almost no action—a little like online harms, where legislation is still to be passed. By the time 2020 came around, the Government had acknowledged the failure of their voluntary code of practice, and were instead proposing a new regulatory regime. As the Minister said, having legislated on the issue in 2022, we now stand to see regulations finally coming into effect in 2024.

It is clearly a case of better late than never. I understand the challenges involved in delivering a set of tech regulations on a complex and technical subject. It is right that there has been an extensive consultation on the subject, which no doubt created a wealth of information that required careful analysis. The reason I bring up the delay is that while the Government were asleep at the wheel, criminals were not. In 2016, hackers used domestic IOT devices, including televisions and baby monitors, to bring down major websites such as Twitter and Spotify. That style of attack poses huge risks to businesses and critical national infrastructure, such as our electricity grid.

Individual consumers have also been left vulnerable. Whether it is smart toys, which enable hackers to target our children, or smart alarm systems that leave people’s properties vulnerable to break-in without forced entry, these are massive and hugely damaging threats for individuals, families, businesses and our national security. In delaying action on the matter, the Government have effectively given hackers the head start.

Recent years have seen a surge in the popularity of smart devices in the home, such as smart speakers and doorbells. In 2016, Ofcom estimated that there were 13.3 million IOT connections in the UK, including 5.7 million categorised as consumer electronics. It is estimated that by 2024, that figure will have increased to 40 million. Globally, we expect that there were 14 billion connections in 2022.

There was an opportunity for the UK to get a consumer protection regime in place ahead of this recent acceleration in the uptake of smart devices. Doing so could have meant that millions of devices being bought by British consumers in the intervening period were sold securely, and it could have given a boost to our innovative businesses in that area by giving clarity of regulation. Instead, consumers and businesses have been left relatively exposed to risks. I ask the Minister, could the Government have delivered this regime more quickly?

Acting faster would have carried significant upsides for British businesses, as I have said, in adapting to the new requirements. These regulations translate the three most critical measures from the voluntary code of practice into the statute book, and, as I have said, we welcome them. However, given that mandating these recommendations seems to have remained the Government’s intention from 2020 onwards, it is more confusing as to why that was not legislated for in primary legislation, as Labour called for during the debates on the Bill in 2022. I fear that in pursuit of maintaining the Bill’s flexibility, despite expert consensus on the importance of the requirements, the Government have kicked the can down the road on providing certainty, which our businesses need in order to drive the economic growth that we all hope to see.

As the impact assessment for the SI notes, the proposals will have significant consequences for thousands of businesses, including around 170 manufacturers and thousands of retailers and charities involved in the sale of these products. In many cases, the cost of compliance would have been hard to avoid, but businesses would have benefited from earlier clarity about the scope of the regulations. That is particularly true when non-compliant equipment will need to be disposed of.

Now that the scope of the regime is finally confirmed, businesses will need guidance to ensure that the benefits of the new requirements are felt by consumers and that the detrimental business impact is minimised. The explanatory memorandum accompanying the SI promises non-statutory guidance for industry. Will the Minister commit to a timeframe for delivering that guidance, or give businesses any sign about when that might become available? As we know, small businesses do not have chief technology officers, and they need the support and help of Government.

I would also like to query some of the inconsistencies that I see in the regulations. As the Minister said, computers, laptops and non-cellular tablets, except those designed for children under 14, have been exempted. The reason seems to be that the situation, particularly the supply chain, is complicated. Could he say a little more about that?

I would also like clarity on the relationship between these measures and cellular internet of things modules or SIMs , which I think is what the hon. Member for Windsor was referring to when he spoke about vehicles. SIMs power much of the consumer connected device landscape by enabling internet access, and are often embedded. China is currently attempting to corner the global market in SIMs, which could have immense national security implications. For example, when it comes to cars, they can transmit location, the route and even videos of the driver and passenger. Will the Minister say clearly whether this legislation is applicable to SIMs? If not, why not, and what protection is to be brought forward in that regard?

Further, while the Product Security and Tele-communications Infrastructure Act gave the Government the power to create requirements on manufacturers, importers and retailers, those seem unevenly applied by this SI. To give just one example, there is no requirement for distributers of these products to publicise the defined support period, but there is such a requirement for manufacturers to do so, even though it is the distributers who often provide the direct interface with the consumer. Will the Minister explain why the Government are taking that approach, and whether they are considering further regulations applicable to distributers?

There is also very little in the SI about enforcement, but the parent Act allows for recall notices, stop notices, penalty fines and forfeiture of products, and the impact assessment says that the Office for Product Safety and Standards will be the enforcing agency and will need to buy devices to test. Will the Minister assure us that the office will have the resources it needs to do this, given the global and, as he said, complicated nature of the market for these products and the embedded nature of the connectivity modules?

I have the greatest respect for the Minister. He knows, and I am sure that he wishes it were otherwise, that his Government’s record on digital inclusion is not the best. There has been no digital inclusion target since 2014, and that has resulted in 10% of our population being excluded. Is he certain that consumers will be adequately protected by the three basic measures—as he himself referred to them—that the SI brings in? He says they will give a minimum level of security, but he also implies that they will keep our citizens safe from cyber-attacks. Does he really think that that is the case?

Regardless, we want to see consumers empowered to understand and assert their rights in this area. My final question to the Minister is whether, in addition to guidance for industry, the Government will issue guidance to consumers on digital inclusion and literacy. To conclude, we support the introduction of the regulations, which will establish much-needed protections for users of connected devices and address significant gaps in our national cyber-security. However, the Government must act fast to communicate the new requirements to businesses and consumers well in advance of commencement, and I hope the Minister will address my questions in his remarks. It is important that these regulations are a success, and I urge him to do all he can to ensure that that is the case in the build-up to April next year.

It is always a pleasure to serve on one of your Committees, Mr Hollobone. Usually, pieces of delegated legislation do not create a great deal of interest, but this is one that I am most excited about, as the Minister will be pleased to hear, because this is a topic that I have been discussing in various quarters for some years.

I am concerned about the internet of things—what is actually happening within the clever software and products? Frankly, they go beyond my full understanding and, I am sure, beyond that of many in the room. If I understand it correctly, the whole concept of the statutory instrument is for consumers to have some certainty that the products they are buying are safe as regards their data security and that they will not be hacked through cyber-activity.

The regulations will apply to a multitude of goods. Those goods are expanding exponentially, whether that is the clever fridge that—if one is lucky enough to buy one—says when more milk is needed, or the Ring door camera telling the owner by text message or some app on their telephone that someone is at the door. If I put my hand in the air—I might even be able to make it happen—Siri starts talking to me. What is happening there? What is Siri listening to, and what is Siri listening to that it should not be listening to? One hopes that software from a known, big global brand has more security, surety and safety associated with it, and I hope our trust in some of these bigger organisations, such as Apple, is duly found.

One need only look on Amazon these days—I am not pointing out Amazon for any great reason—to see that the number of internet of things products available is truly vast. I would not even like to go through the whole gamut of what is available. There are speakers, baby cameras and even lightbulbs—I purchased one not too long ago. Obviously, a variety of watches from big brands is available—or smaller brands from China, available at a fraction of the price of the bigger brands but seemingly to the user doing all the same clever things. One wonders at times whether that cheapness is meant to encourage us to buy a product for good or ill.

I raised that very issue with National Trading Standards in the European Scrutiny Committee. Members might think, “Why on earth is the European Scrutiny Committee thinking about these things?” The hearing was on product standards related to Northern Ireland and border issues. Generally, National Trading Standards is interested in whether something will catch fire when we plug it in. Will it be physically safe and not burn the house down, scald someone or catch light? When I raised my concerns about the in-built software, National Trading Standards said it was a very interesting point, but had no great idea about what to do about it, so a few questions arise.

I note that in the SI there is a required statement of compliance by the manufacturer. The Minister referred to the National Cyber Security Centre. When a product arrives from China or elsewhere into the UK via our purchase from Amazon—not necessarily off the Amazon shelf but perhaps through one of the facilitating agents that it allows—I doubt that the National Cyber Security Centre or National Trading Standards entrench themselves in what it does behind the scenes. That is to say, in the clever software that drives it. Even if they did, it would be at a moment in time.

How often do we buy these products—even a phone? I note that my watch OS is on 9.6.2. It upgraded only last week it is already prodding me that it needs 9.6.3. One wonders, “Why couldn’t they get it right in the first place?” That happens regularly. It could be an innocuous product, such as the baby monitor that we can look at on a clever app on our phone. We merrily download those apps, but after a month or two they scurry off to the internet with all sorts of “agree here” boxes and 15 pages of terms and conditions. I am sure not one person in the room reads them before ticking the box and saying, “I accept all that—just give me the thing”. That item might have been safe when it crossed the border, if it was even tested to that point, which I doubt, but we have very little surety about what happens in the software upgrades. It just scurries off and does its software upgrades; we are all very familiar with that.

Last week, I entered the brave new world of lightbulbs. I had some lighting done and decided on an app that lets me put the lightbulb on from this room should I so wish. Amazing—really consumer friendly. Why did I decide on that app? The electrician who did some work in my home said, “I use this one and I rather like it. It has all the features and does all the bits that one wants it to do.” But do I know what is really happening? Do I know what data is being collected?

There was a report just last week that even something as basic as the Ring camera that tells us when someone is at the front door is scurrying off and sending out all sorts of data—our email address and whatever else we have provided to get it working. Sometimes there is an intrusiveness in the questions asked by some of these apps, and one wonders why they need that sort of information. Often, there is also the question, “Will you allow this app to track you across other websites?” One wonders whether this is just becoming a very grand data capture exercise. I have no concept of where the data goes—for whom, why or anything else. Have any Members in the room had an experience like this? I was discussing a colour of paint with my wife and, lo and behold, I picked up my iPad and Farrow and Ball and Dulux seemed to come up almost before I started writing in the search engine. One wonders what is going on in the background. I ask the Minister: are we likely to test the underlying software when it comes across the border, or simply to rely on self-certification and certificates of compliance?

I am pleased that my hon. Friend the Member for Windsor raised the point about Northern Ireland, because I want us to have very safe and good legislation so that consumers can be sure about the products that they buy. Perhaps the regulations will represent a greater degree of consumer safety than we currently have or had under the old EU legislation. I think that that was the Minister’s intent—for the measures to be world leading and fleet of foot. I think those were the words that he used. But where does that leave us? Products that can enter the EU or are in the EU market—in the Republic of Ireland, for instance—have free access into Northern Ireland. They then have pretty much free access—because we are a United Kingdom, and we should not forget that—into GB. Could we have a situation in which the safety of goods sourced or provided for the consumer in GB, and potentially NI if they can tick the boxes required under single market rules, is degraded when that route from the EU, through the Republic, into NI and into GB, which is allowed, occurs? Or are we going to accept, as we seem to have done, that if CE markings are acceptable in the EU, they are acceptable here?

I will close—I am sure to the great pleasure of many in the room—by saying that this is an expansive debate about serious things, as we connect ourselves to the internet. One wonders: when we buy cheap, are we buying dangerous?

It is a pleasure to serve under your chairmanship, Mr Hollobone. I do not wish to detain the Committee for long, but it strikes me that it would be useful to make a couple of observations, not least that I find myself in substantial agreement with the previous speaker about the importance of this issue.

There are so many stopped clocks around this building at this point in time. I am also now fascinated to see what will come up on my Facebook adverts as a result of the hon. Gentleman’s speech. I suspect I will be getting many about lightbulbs, and Farrow and Ball paints—people can make their own jokes out of that.

I have a few simple questions for the Minister. So far, we have talked about products and the regulation of them, but we have not talked about consumers and consumer experiences. The elephant in the room is Brexit. After all, we were signed up to regulations that were shared across a massive consumer group of 550 million consumers, which meant that we had weight when negotiating with manufacturers. Now we are not, and we are bringing in our own regulations. Whatever one thinks of that decision, it means that there will potentially be some anomalies for consumers, unless our consumers never leave this country, whether to go to Northern Ireland or to mainland Europe. Can the Minister say a little about whether the draft regulations will have an impact on guarantees on consumer standards?

In particular, a lot of people will look at the exchange rate and try to get a better deal by buying goods overseas. What will the measures mean for consumers who might want to use any of these items on their holidays? People might take a baby monitor with them, or if their watches break they might walk into an Apple store in a foreign country and ask for help. What will our having a different set of regulations mean? Should we buy an item overseas to use it here? Could the companies tell us that we have voided our guarantees because we have bought a good in a different territory, where there are different regulations and therefore potentially different software components?

Has the Minister had any conversations with his colleagues about the requirements under the Consumer Rights Act 2015? The consumer protection regulations were written at a time when we all abided by a common framework of regulations, which meant that consumers did not need to worry about these things. Now we are going it alone, so when we go overseas or bring things here from overseas, there will inevitably be conflict and confusion. The Minister said a lot about the companies and the regulations; he has not said as much about the actual consumers—our constituents—who might suddenly find that “Computer says no” repeatedly, and not know to whom they can turn to do anything about it.

Tempted though I am to delay the Committee with long, exhaustive answers to all those points, which were well made, perhaps I could reassure colleagues on both sides of the House that we have thought about them. Some important points were made for the record, and I will try to keep my speech as short as possible. I thank you, Mr Hollobone, and the Committee: the feedback is incredibly helpful. I would value a chance to continue this discussion with those who have spoken today, many of whom have taken an interest in this subject for a long time.

Let me start with the hon. Member for Newcastle upon Tyne Central, speaking for the Opposition. I congratulate her on returning to the position that I like to think of as my shadow. It has been a pleasure working with her. I also congratulate her on being the first to mention the internet of things in this House if indeed that is verifiable—I am sure it is, digitally as well as in many other ways. On the accusation that the Government were a bit slow to move in 2021, I will just gently point out that there were some other things going on, not least the pandemic, and that we are in fact, with this, quicker than the EU that we have just left. This is an example of us being more agile and more forward-leaning.

I will also make this point. Many of us have sat through and nodded through European legislation, knowing that there is really nothing we can do to change it. This is a good example of Members of Parliament, from both sides of the House, raising important points and the Minister listening, to ensure that we get our own legislation right. I think that if we had done that a bit more, we would not have had the frustrations that we did.

On the point about the hackers having a head start, I think the truth is that technology is moving at such a pace that of course those who want to harness technology for ill generally tend to move much more quickly than the Government. That would be true were the hon. Member for Newcastle upon Tyne Central in my position. What we are doing today is moving to shut down that head start. There are genuine questions about how quickly we move and how we get it right. I make the commitment to all colleagues that this is a start and we intend to have an annual process of listening to colleagues in the House, listening to the industry and asking whether we should not be going further faster to keep up with technology. The Opposition, I know, have the monopoly on hindsight, led as they are by the extremely able Leader of the Opposition, often referred to as Captain Hindsight. I will just point out that none of us quite foresaw the pace at which this would all move. I know that Government are often not the fastest mover, but we are, here, moving more quickly than partners in Europe.

I am on a roll. I have to say that no one cheered more loudly than when I heard the hon. Member talk about business certainty. As the right hon. Member for Hayes and Harlington is a member of the Committee, I cannot help but point out that the biggest business certainty was making sure that he never became Chancellor, with his agenda of radical socialism and neo-communism. I notice—for the record—that he is no longer in his place, which is probably a good thing for business certainty.

Let me turn to the points that were raised. Perhaps, with your permission, Mr Hollobone, I can write to everyone with an update on our thinking about the timetable. We are looking to get the regulations in place as quickly as we possibly can. Perhaps I can come back to the point about the timetable, because it requires a detailed answer.

As I said, I will deal with the various points that were made. On the question of exemptions, this is a start. The Government are initially mandating security requirements that, in the opinion of the National Cyber Security Centre—this is not just my whim; it has been consulted on deeply—will have the most fundamental impact on the risks posed today by insecure consumer connectable products. We are confident that the requirements are robustly evidenced, are proportionate and are appropriate to mandate in law at this time. That is not a step we take lightly. The real key is to change the culture and to create a culture in which distributors and all those involved in the supply chains know that they are required by law to do this; they have a responsibility to consumers. However, should the Government deem it appropriate, the parent Act empowers Ministers to introduce further measures in the future, to keep pace with the changes in technology and the threat landscape. Those are powers that we intend to use, in consultation with the House.

Let me turn to the point about security updates, which a number of colleagues raised. The Government do not yet consider it appropriate to mandate and specify minimum security update periods for relevant connectable products, before the impact of the initial security requirements is known. Our mandating necessarily broad regulation across a sector as inherently complex as technology security will always run the risk of imposing obligations on businesses that are disproportionate to the associated security benefits, or leaving citizens exposed to cyber-threats. There is no consensus yet in the industry. One of the things that we hope this measure will do is trigger a broader conversation, on the timescale that we need—each year—to talk to industry about what is happening and ensure that we are keeping up to date.

Let me pick up the point about digital exclusions. A number of people asked, through the consultation, why conventional computers and non-cellular tablets were exempt. We do not have evidence at the moment that including them in the scope of the regime would significantly reduce risk. There is a mature anti-virus-software market that empowers customers to secure their own devices and, alongside this, mainstream operating system vendors already include security features in their services. As ever, we legislate in a way that we think is timely, appropriate and proportionate, trying to deal not with every single risk that one might envisage, but with those that are faced by consumers today. The result is that those devices are not subject to the same level of risk as others.

Let me turn to the point about Northern Ireland made by my hon. Friend the Member for Windsor and others. Customers across the UK will be able to benefit from the security protections that the regime aims to deliver. For selected product categories, honouring the UK’s international commitments has necessitated that the regime will apply differently in Northern Ireland. I stress that, in practice, the exemption applies to limited types of products, such as lifts, pyrotechnic articles and personal watercraft, which are regulated already under legislation contained in the Windsor framework.

We are required to ensure the smooth flow of trade under the United Kingdom Internal Market Act 2020. The Prime Minister has also committed to ensuring smooth-flowing trade within the UK. The House should be reassured that the Government’s position on that is unchanged. My hon. Friend the Member for South Thanet made another, equally important point that we need to ensure that that does not inadvertently allow in a flow of products that would not be compliant.

My hon. Friend the Member for Windsor asked about how we are dealing with automotive vehicles and the internet of things in cars. As we indicated in the April 2021 call for views on the regime, the Government intend to introduce separate regulation to cover the cyber-security of connectable automotive vehicles. To minimise an unnecessarily duplicative regulatory burden on industry, our position remains that cars should be exempted from these draft regulations, because we will be introducing a different framework. Developments in the legislative landscape have precluded the Government from including an exemption for connectable automotive vehicles in this, but we intend to bring forward that legislation as quickly as possible.

I will finish these points, if I may.

On enforcement, astute colleagues have observed that it falls under the Department for Business and Trade. The previous Parliamentary Under-Secretary of State, the Minister for Small Business Consumers and Labour Markets, approved the recommendation for the OPSS to adopt the enforcement role for part 1 of the 2022 Act. The OPSS is part of the DBT and will therefore simply be enforcing the product security regime as the Secretary of State. It will begin enforcement functions as soon as the draft regulations come into force. To the question, I am reassured that the OPSS is properly resourced.

I have some final points. On the international aspect of the IOT security measures, the proportionality of implementing a given cyber-security measure for a product depends on a huge range of factors, from the product’s technical architecture to the settings in which it is ultimately deployed in. The Government are therefore mindful of the risk of imposing obligations on businesses that may in many cases be disproportionate. The Chancellor of the Duchy of Lancaster and Deputy Prime Minister, and the National Cyber Security Centre are keeping an active watch on the importance of updating that.

On SME information, I am absolutely delighted to undertake that we will provide tailored information and guidance to assist small and micro-businesses. As colleagues have observed, they do not always have the relevant bandwidth to keep abreast of technology.

My hon. Friend the Member for South Thanet asked whether the self-certification and compliance mechanism—the duty placed on manufacturers—is sufficient to cover the risk. My answer to that would be that the draft statutory instrument is in our judgment the right place to start, but it is a start. We did not want to introduce heavy-handed legislation on day one, which would undermine business confidence and trigger huge fears in the industry. We wanted to start with something that everyone could at least acknowledge—our very important basic standards—then develop that, through consultation with the House, in a proportionate and agile way. I reinforce my comments on how that is a rather different approach from the EU one.

The hon. Member for Walthamstow made an important point about consumers. On the point about SMEs, we are actively engaging with consumer groups and we will ensure that any of their concerns are also reflected in our ongoing updates.

Will the Minister clarify a simple point? Would a consumer’s guarantee be voided were they to use one of the items overseas, or if they brought an item here and used it on their connection, because there are now two different regimes?

The hon. Member makes an important point. Perhaps I could clarify that in my written note to all Members to follow up. I think everyone would be interested in the enforceability of consumer rights.

I am sure the Committee will be pleased to know that I will not take up the Minister’s provocation as to whether waiting 14 years to address security on the internet of things is a question of hindsight. Can the Minister clarify two points that I may have misunderstood? I heard him say that distributors did have a requirement on them to publicise the information about software upgrades. I may have misunderstood that because I thought it was only manufacturers who did.

More importantly, on cars, I think the Minister is saying that autonomous vehicles are exempted. I may have missed exactly where autonomous vehicles are exempted—it was not in the list of exemptions that I had. I am happy to take a clarification on that. Obviously, not all cars are autonomous vehicles, but is the assumption that any car that has an internet connection is in some way an autonomous vehicle?

All distributors already have a duty to ensure that the goods they are selling and distributing are legal. What we are doing is placing the onus on manufacturers. Distributors take their responsibility to consumers very seriously, and the vast majority will be very concerned and actively move to ensure they are not distributing illegal goods. It is not that there is not an onus on distributors; it is that we are implementing it via the mechanism.

On the point about cars, I did not want to mislead the House—I say this as the previous Minister for the future of transport—but we are in the process of putting together legislation on the digital vehicle and the internet of things in not just autonomous vehicles but smart and intelligent vehicles generally. It is to that process that we are deferring; this SI is not focused on that.

With that, I think I have addressed the points raised. I will happily write to the Committee, and if there are any points that I have not raised, Members should feel free to collar me between now and the picking up of my pen.

We await the Minister’s letter with huge anticipation and great excitement.

Question put and agree to.


That the Committee has considered the draft Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.

Committee rose.