My Lords, I thank the Minister for his explanation. I would say to the noble Lord, Lord Clement-Jones, that something did happen, and that was the general election, which we, unfortunately, lost. That no doubt explains something of the delay.
The noble Lord, Lord Clement-Jones, has asked some pertinent questions. I will keep mine a little more general, because this SI amends the original regulations and broadens the exceptions under Schedule 3. The most notable change concerns the automotive sector, as has been noted, where vehicles were previously exempt from certain cybersecurity provisions.
The new regulations align the UK’s approach with international standards. They recognise the unique nature of vehicle systems and the need for specialised cybersecurity measures. UN Regulation No. 155 on cyber security and cybersecurity management systems, which governs the security of vehicles, is now set to be the primary framework for automotive security. As far as it goes, that would obviously seem eminently sensible, but the noble Lord, Lord Clement-Jones, has highlighted that there are a number of broader, perhaps more philosophical, questions about the direction of travel—that is not a pun—with regard to EVs, self-driving vehicles and vehicle autonomy, which we will have to grapple with at some point in the future. I imagine that this is a subject to which we will return.
My questions are a little more general. The regulations are undoubtedly important for protecting consumers and securing digital infrastructure, but we must consider the broader implications. The automotive sector is rapidly evolving, as has been noted, and the development of automated vehicles holds significant economic and societal potential. However, with innovation comes the risk of regulatory frameworks that struggle to keep pace; that is self-evident. How do we ensure that these cybersecurity measures do not inadvertently stifle technological advancement in areas and sectors such as the automotive sector? How do we end up striking the right balance between securing the technologies and enabling them to flourish?
There is also a question here around consumer awareness; again, this was highlighted by the noble Lord, Lord Clement-Jones. How long would an individual’s data be attached to a particular vehicle, for example, even after it is sold? These regulations require manufacturers to disclose the duration of product security support, but how well are consumers equipped to understand and act on this information? Are we confident that the public are sufficiently informed about the critical nature of cybersecurity? Will the Government commit to taking the necessary steps to help customers and consumers protect their devices and data? It seems to us that this is an area where the education of the public must go beyond the bare minimum. We need to ensure that consumers are not left in the dark about the sorts of security risks that they may face.
We must also consider enforcement. With the proliferation of smart products entering the market at such an unprecedented rate, how will we ensure consistent and effective compliance across such a diverse range of industries, from household appliances to vehicles? As new technologies emerge and evolve, the enforcement mechanisms that are in place today may not be enough. Are we allocating the necessary resources to monitor and enforce these standards effectively? Are the Government allocating additional resources to help those things along? Does the current enforcement mechanism system adequately address the rising complexity and scale of the challenges ahead?
As I said, these are broader, more philosophical questions—I do not expect the Minister to be in a position to answer them and there is no need to write—but these are the sorts of things that we all need to consider as a society. Obviously, that will have political, economic and societal ramifications that we all need to consider, but the Opposition have no objection to these regulations; they make perfect sense for now. I suspect, however, that this is a subject to which we will return.