First, this is not an excuse for delaying. The legal advice that the BBFC has received, confirmed by the legal advice that my department has received, is that the guidance needs to be notified to the EU under the technical standards and regulations directive. The other two measures do not, so we are laying only the ones that we need to. I cannot give the noble Earl chapter and verse about the legal reasons today, but I can assure him there was no doubt about it. It was not even 50:50; it was absolutely correct. If there was any other way that we could have done it, without delaying it for this long, we would have done so.
We do not believe that money has been wasted in preparing this: we think that age verification is what Parliament asked for and what the majority of Members of both Houses want. That is the way it has been set up. Although it is technically quite difficult, it is not incompatible with the regulation of the ICO. The ICO, as the noble Earl rightly said, is responsible for data privacy and personal data breaches. The age-verification system is set up to comply with the GDPR and the Data Protection Act. The additional voluntary certification scheme—which is voluntary—is a further reassurance to users that even higher standards than the minimum standards of the GDPR apply. So I think it is correct that we continue with it.
As for why we are having to delay this measure, if we bring in age verification now, it will be unenforceable in UK law, because it will have been incorrectly proceeded with against EU law and against the technical standards and regulation directive. Unfortunately, we have concluded that there is no choice but to delay it.