Consumer rights

The Telecommunications Product Security and Infrastructure Bill 2021-22

The Product Safety and Telecommunications Infrastructure Bill goes to second reading on January 26, 2022.

The law project :

  • Authorize the Secretary of State to make regulations to introduce mandatory safety requirements for connectable products sold in the UK; and
  • Make changes to the electronic communications code which governs the rights of telecommunications companies to install infrastructure ashore.

Information on the stages of the bill and related publications are provided on the Parliamentary Bill page.

Safety requirements for connectable products

Part 1 of the bill relates to powers to introduce mandatory security requirements for connectable products such as smart phones, smart TVs and connected speakers. These products can also be described as smart devices or Internet of Things (IoT) devices.

What are the current safety and security requirements for smart devices?

Connectable products must meet certain security standards, but there are currently no mandatory security requirements. There are growing concerns about the risks to consumers associated with some of these products, due to security and privacy breaches and their potential for use in broader cyberattacks.

The government has published a voluntary code of practice for consumer IoT security, in 2018. It provided manufacturers and others with guidance (13 principles) on best practices to ensure the safety of connectable products.

In response to the low uptake of the code of practice and the continuing risks to consumers, the government consulted in 2019 on the introduction of mandatory safety requirements for connectable products. The legislative proposals were consulted in 2020.

What would the bill change?

The bill would give the Secretary of State regulatory powers to introduce safety requirements for connectable products sold in the UK.

The government has stated that it intends the following products to be affected by the bill:

  • smart phones
  • connected cameras, televisions and speakers
  • connected toys and baby monitors for children
  • security-related products such as smoke detectors and door locks
  • IoT base stations and hubs to which multiple devices connect
  • Wearable Connected Fitness Trackers
  • outdoor recreation products, such as portable connected GPS devices that are not portable
  • connected home automation and alarm systems
  • connected devices, such as washing machines and refrigerators
  • smart home assistants.

Certain products would be excluded, such as smart meters, medical devices, vehicles and smart charging stations (for electric vehicles).

The government has said it will use the powers in clause 1 of the bill to introduce the three main guidelines of the code of practice:

  • A ban on default passwords;
  • A requirement for products to have a vulnerability disclosure policy whereby any security weaknesses in a product are identified and notified; and
  • A requirement for transparency on the period during which a manufacturer will provide security updates for the product.

It would also impose obligations on manufacturers, importers and distributors of these products to ensure compliance with legal requirements and to take action in the event of non-compliance.

The bill sets out a number of enforcement actions that could be taken in the event of non-compliance. For serious non-compliance issues, the bill sets the maximum penalty at £10 million or 4% of the company’s worldwide turnover.

Amendments to the Electronic Communications Code

Part 2 of the bill would make changes to the Electronic Communications Code (ECC). The ECC is the main law that governs the rights of telecommunications companies to install infrastructure on land, UK-wide.

Previous reform of the CEC

The ECC was significantly reformed in 2017. This included changes to upgrade and infrastructure sharing rights and changes to dispute resolution processes. It also included changes to how land is valued when determining rent for housing telecommunications equipment under a court-imposed agreement.

ECC reforms have always been hotly contested, with often very opposing views between telecom operators and site providers (land owners). The government must strike a difficult balance between ensuring the wide availability of digital connectivity and respecting property rights.

Land assessment reforms have been particularly controversial, with reports that rents for housing telecommunications equipment have fallen, in some cases dramatically. The ECC would cause delays in the deployment of infrastructure due to lengthy negotiations and legal proceedings.

The government consultation that informed the bill did not take up the subject of property assessment.

What would the bill change?

The bill aims to encourage faster and more collaborative negotiations for the installation and maintenance of telecommunications equipment on private land. The government says this would help ensure the efficient deployment of digital infrastructure such as gigabit broadband and 5G.

Key changes the bill would make include:

  • New provisions to actively encourage alternative dispute resolution rather than court proceedings where possible;
  • Introduce a faster procedure to allow telecommunications operators to obtain temporary rights to access and install terrestrial infrastructure when an occupier does not respond;
  • Give telecom operators the right to automatically upgrade and share equipment installed before 2017;
  • Editorial changes to the ECC to clarify who can grant rights to host infrastructure on land in cases where the infrastructure is already installed;
  • Changes to the renewal conditions of certain types of telecom contracts in place before December 2017;
  • Allow the court to set a time limit for deciding disputes over the renewal of code agreements; and
  • Changes to what may be requested as interim orders during the renewal of a telecommunications infrastructure agreement (for example, access rights in addition to rent payments).

Telcos and site providers had opposing views on most of the above changes, with telcos agreeing that changes needed to be made and most site providers disagreeing.

The bill would apply across the UK.