My Lords, I thank those noble Lords who gave
me a warm welcome—and indeed those who did not. Many noble Lords will know me from my work in the previous department. In the case of the noble Baroness, Lady Merron, who was one of the first to welcome me, it is just a continuation; we seem to be inextricably linked in some way.
I pay tribute to my predecessor, my noble friend Lord Parkinson, for his work as the DCMS Minister. He was widely praised and I think people appreciated his engagement. Those who have engaged with me on previous legislation know that I tend to have a very open policy as well. I am happy to have as many meetings as we need and to facilitate meetings with officials, so please have no fear about asking for those meetings; I will be happy to do that as much as possible.
I turn to Amendment 1, from the noble Lords, Lord Clement-Jones and Lord Fox. I thank them for retabling this amendment, which first appeared in Committee. I also thank them and other noble Lords for meeting me before today.
We think that the threat landscape is ever-changing. Security requirements that are appropriate today could change and differ in the future. Setting that out in primary legislation would limit our ability to respond to threats in the future, impose barriers to innovation and leave unnecessary regulation still on the statute book or unnecessarily complicate the regulatory framework. The vast complexity of the connectable technology landscape means that the definitions used in our security requirements need to be carefully nuanced and readily updatable to avoid imposing unnecessary or inappropriate burdens on industry as those technologies develop. For example, we set out in our 2020 call for reviews that we do not currently consider it appropriate for our intended passport requirements to apply to API queues. Connectable products may be able to access a large number of API interfaces, many of which do not have a material impact on the security of the product. Compelling the Government to extend this password requirement to all APIs key to the product, as this amendment would entail, is exactly the sort of unnecessary industry burden that we are trying to avoid while making sure that we stick to setting out the requirements in regulations.
The Government are unwavering in our commitment to bringing forward security requirements that ban universal default and easily-guessable passwords, mandate the publication of a vulnerability disclosure policy and mandate transparency concerning security update provision. My officials have been working diligently to develop regulations that realise that commitment, and we hope to engage on the regulations in draft by the end of the year. Something that I often to say to my officials, whichever department I have been in, is that there are two phrases that I do not like to see: “in due course” and “at pace”. I like to give an indicative timeframe, so I hope the timeframe of “by the end of the year” gives some assurance.
That is why we do not believe the amendment is necessary, and I hope the noble Lords will consider withdrawing it. On top of that, I am willing to have meetings in future to clarify anything that noble Lords feel has not been clarified.
I turn to Amendment 3, tabled by the same double act of the noble Lords, Lord Fox and Lord Clement-Jones; I think this is going to be a recurring theme in my time as the Minister here. The proposed amendment aims to define online marketplaces as “distributors” for the purposes of the Bill. I assure noble Lords that the Government are on the side of the consumer. That is why the Bill requires all—I repeat, all—UK consumer connectable products to be secure, including those sold via online marketplaces. The Bill will ensure that where online marketplaces manufacture, import or sell products, they bear responsibility for the security of those products. Where this does not happen, I assure noble Lords that they should make no mistake: the regulator will act promptly to address serious risk from insecure products, and work closely with online marketplaces to ensure effective remedy.
We recognise that as well as bringing benefits to consumers e-commerce brings challenges—the double-edged sword of technology. This is one of the reasons why the Government are reviewing the product safety framework. We will publish a consultation later this year—once again, not “in due course” but later this year —with detailed proposals on tackling the availability of unsafe and non-compliant products sold online. Consumers need clarity and better protection, and this will be a priority for our work in this space.
I hope that the ambition of this Bill, its enforcement plan and the outline of further policy engagement will provide some confidence for noble Lords not to press Amendment 3.