My Lords, I thank both noble Lords for their sensible comments and repeat our apology. The noble Lord, Lord Stevenson, commented on the memorial service for Lord Heywood and the quality of the Civil Service, so I agree that it is unfortunate that we are today bringing forward this Statement. I want to make it clear that Ministers, not civil servants, are responsible for the department. Both the Secretary of State and I take our responsibilities seriously. I take this opportunity to pay tribute to the civil servants—nearly all the time, though not in this case—and to say that they work extremely hard to protect children. They are absolutely committed and work flat out—I shall come to the online harms White Paper—so the responsibility lies fairly and squarely with Ministers.
The noble Lord, Lord Stevenson, asked how we learned and when. We were informed early last week—on 11 June, I think. A letter from the BBFC was written on 11 June; the Secretary of State was informed on Friday 14 June. Earlier this week he asked civil servants to tell him what the implications were and whether we could do anything to get age verification in place earlier. He then came before the other House today, as soon as possible, to apologise and explain what had happened.
The noble Lord rightly said that we have had experience of the technical standards and regulations directive. The department notified the Act but not the regulations that fell under it. Again, it was a mistake and we are making sure that it will not happen again.
In connection with making sure that it does not happen again, the noble Lord asked about “external elements”. By that, we mean that the review will include people from outside the department to make sure that there is an independent view. I cannot confirm whether it will be published—I will have to go back to the department to ask that.
As for technology, there have been delays. We need to make sure that the technology is effective and that privacy is taken into account. Obviously, the third-party age verifiers are subject to the new privacy law under the GDPR. One reason for the delay was to make sure that the additional voluntary certification scheme is up and running. I say in answer to the noble Lord,
Lord Clement-Jones, that sites were expecting to have to be ready to comply with the requirement on 15 July. There has been no voluntary compliance before that; I am not surprised by that. With sites having been prepared to do it on 15 July, we would expect them to bring it in within the timescale of roughly six months—to which I shall come in a minute. We do not anticipate any compensation being paid, because sites were expected to do it on 15 July. They may have a little more time, but our intention is that they should do it as soon as possible. We will bring back the same regulations, because we have to bear in mind that this is about protecting children who accidentally stumble on pornography that they would not be able to stumble on in the offline world. We are concerned to get this in place as soon as possible, which is why we are very disappointed with our mistake.
The broader point made by both noble Lords was that this is a limited measure. We have always acknowledged that; it is for commercial sites. There are other areas in which children can come across pornography, such as social media sites, even though that is not their primary business. That is where online harms will come in. The noble Lord, Lord Clement-Jones, asked about pre-legislative scrutiny. We are very much in a cleft stick here. We of course understand the benefits of pre-legislative scrutiny, but we have to move as quickly as we can to correct some of the problems, particularly in respect of things that are already illegal such as child sexual exploitation and terrorism. However, the noble Lord would not expect me to make a commitment on that when the consultation has not even finished; no doubt, he will respond to the consultation to make his point.
The noble Lord, Lord Clement-Jones, mentioned the Video Recordings Act, where it is true that notification did not place under the old technical services directive. That was 25 years ago, in 1984, and it was corrected in 2010. So the noble Lord is right that there was a similar mistake 25 years ago. We will take measures to ensure that, whether in 25 years, two years, or one year, it will not happen again. I acknowledge that this has happened before, albeit some time ago.
The procedure on the guidance now is that it has to be laid before the EU for three months in draft form. If the EU makes some comments on it, it may have to stay for another month. After that period, it will have to be laid before the House, under the negative procedure, as the House has already agreed. That means we have to allow 40 days for any noble Lord to pray against it. It will take roughly six months to get through both Houses at the end of the up-to-four-month period.
There are several technical issues about the enforceability of the policy—not the policy itself. We also have to take this into account for the online harms White Paper. A suite of enforcement options is available. For example, the regulator can use payment providers and ancillary service providers to enforce the regulations, but these have to come in first and that is what we have had to delay.
2.31 pm