Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) (No. 2) Regulations 2025

I shall move on to the amendments. Regulations 4 and 8 amend the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 to provide for deemed compliance with the requirement, under Section 9 of the 2022 Act, that relevant connectable products must be accompanied by a statement of compliance. Under new Regulation 4A of and new Schedule 2A to the 2023 regulations, a manufacturer will be deemed to have complied with this requirement where the relevant connectable product carries a valid label under Japan’s JC-STAR STAR-1 labelling scheme or a label under any level of the Singapore cybersecurity labelling scheme. Regulations 5 to 7 amend Schedule 2 to the 2023 regulations to provide for deemed compliance with the relevant security requirements set out in Schedule 1 to those regulations, where a manufacturer’s product carries either of these labels and where that label is valid. Regulation 3 inserts definitions of the Japan JC-STAR STAR-1 scheme and the Singapore cybersecurity labelling scheme into the 2023 regulations for the purposes of these deeming provisions.

The UK’s Department for Science, Innovation and Technology signed MoUs on working towards co-operation on cybersecurity—including the possibility of mutual recognition of our respective consumer internet of things cybersecurity regimes—with Singapore and Japan, on 23 October and 5 November respectively. When both MoUs come into effect, UK businesses will benefit from streamlined access to the Japanese and Singaporean labelling schemes, boosting their product credibility and market appeal in those regions.

Cybersecurity is not just a technical issue; it is a strategic priority. By aligning with like-minded nations and reducing unnecessary barriers to trade, we are strengthening our digital resilience, supporting UK businesses and protecting consumers. The UK must continue to lead by example by championing the global adoption of cybersecurity standards and advancing mutual recognition, which are vital parts of establishing a trusted global supply chain of connected products.

This instrument will extend and apply to the whole of the United Kingdom and will have practical effect throughout the United Kingdom. I hope that the Committee will recognise the importance of these regulations. I beg to move.

In summary, international co-operation on cyber standards is vital and these regulations represent a sensible step in that direction. We support the intention to streamline compliance while upholding robust protections for UK consumers. However, continued oversight and clarity from the Government will be essential to ensure confidence in the system as it develops. I look forward to hearing the Minister’s response.

On the question of business impact and how to make the most of it, it is true that the trade corridors for manufactured goods between us and Japan and Singapore are perhaps not the most active. However, the latest figures show that in 2024 approximately £183 million of exports to Japan and £442 million of imports were goods potentially within the scope of PSTI. For Singapore, those figures were £84 million of exports and £88 million of imports. We are keen to publicise and make it clear that these regimes will enable those businesses that can take advantage of them to do so, along with all our normal trade promotion activities. I hope that that addresses the questions raised by noble Lords.

To conclude: as we know, we have more connected products than ever. It is very rare to find a UK household that does not own a connected product, and this connectivity brings convenience but also risks. The cyber- security regulatory landscape is evolving and countries around the world, such as Japan and Singapore, are introducing similar regimes. We are keen to keep our leadership in this space by co-operating with like-minded regimes.

The draft instrument we have considered today will ensure that the UK remains a global leader in product cybersecurity, while strengthening our position as an attractive destination for digital innovation and trade. We are reducing regulatory burdens and supporting UK businesses to bring compliant products to our market. This is a practical step forward in our mission to drive economic growth and build a more resilient digital economy. It complements efforts to harmonise security standards across other major economies in partnerships with, for example, Brunei, the UAE, Australia, Germany, Finland, South Korea, Canada, Japan, Singapore and Hungary via the global cybersecurity labelling initiative.

With forecasts suggesting that the global IoT market will grow to 24.1 billion devices by 2030, generating over £1 trillion of annual revenue, it is more essential than ever that we enhance the security of connected products on a global scale. This is a good step towards achieving this goal. I look forward to working further on this and commend the instrument to the Committee.