Connected tech cybersecurity standards

#13 — Require providers to adopt network, storage, and cloud security standards for connected tech.

Culture, Media and Sport Committee

Recommendation: Improving cybersecurity of consumer connected devices is an important and positive step, but the proliferation of connected tech in enterprise settings and the gap in the regime regarding network, storage and cloud security still present likely attack vectors that will …

Gov response: We partially accept this recommendation. The Government is thankful to the Committee for highlighting the importance of addressing vulnerabilities in off-device elements of a product’s software stack. It is not, however, correct to suggest that …

Partially Accepted

#14 — Recommend successor Committee examine 5G Supply Chain Diversification, international standards, and technology rollout.

Science, Innovation and Technology Committee

Recommendation: Should our successor Committee wish to examine the UK’s telecommunications infrastructure and domestic capability, we recommend it considers: • The implementation of the 5G Supply Chain Diversification Strategy, and relevant policy and technical developments since the then Committee’s report; • …

No Published Response

#36 — HMRC acknowledges legacy IT systems and poor data management hinder AI adoption and increase cyber risks.

Public Accounts Committee

Recommendation: We asked HMRC whether the age of some of its IT systems were going to make it more difficult to adopt AI. HMRC agreed and considers the “critical thing with AI is making sure you really have a handle on …

Gov response: 6.1 The government agrees with the Committee’s recommendation. Recommendation implemented 6.2 HMRC has written to the Committee alongside this Treasury Minute response. 6.3 HMRC is well positioned to take advantage of emerging technologies, particularly AI, …

Accepted

#31 — HMRC acknowledges security concerns with third-party Making Tax Digital software, setting strict specifications.

Public Accounts Committee

Recommendation: We asked HMRC whether there were potential security concerns that could be posed by the third–party MTD software taxpayers use to submit their tax returns, including whether there were risks to HMRC’s own systems.63 In written evidence provided after our …

Not Addressed

#26 — Prioritise introducing secure digital channels for customers to submit files and messages.

Public Accounts Committee

Recommendation: Last year HMRC acknowledged that is behind many other organisations in enabling customers to communicate securely through digital channels. In 2022–23, approximately 70% of the 22 million items of correspondence HMRC received came in through the post. In January 2025 …

Gov response: 4.3 The government agrees with the Committee’s recommendation. Recommendation implemented 4.4 HMRC has written to the Committee alongside this Treasury Minute response. 4.5 HMRC is changing how it interacts with customers, delivering a more streamlined, …

Accepted

#24 — HMRC’s legacy IT systems pose security, reliability, and cost risks.

Public Accounts Committee

Recommendation: HMRC explained that there are three key risks that arise from operating legacy systems: lower levels of security; lower reliability and resilience; and higher costs of system changes. HMRC said that its executive team and its digital team track how …

Gov response: 4.1 The government agrees with the Committee’s recommendation. Target implementation date: September 2025 4.2 HMRC will write to the Committee on its plans to address the remediation of its legacy IT systems with a forecast …

Accepted

#26 — Balance digital trade and AI growth with strong protections for UK standards and industries.

Business and Trade Committee

Recommendation: Looking ahead, future commitments in the potential Economic Prosperity Deal must balance opportunities for growth in digital trade, AI, and services with strong protections for UK standards, tax sovereignty, and critical domestic industries. (Recommendation, Paragraph 141) 56

Gov response: According to research commissioned by Microsoft, and published last year, over the next decade, digital technologies such as AI and cloud have the potential to create a half a trillion pound opportunity for the UK …

Not Addressed

#21 — Strike balance in digital trade to promote AI while safeguarding UK sovereign capabilities.

Business and Trade Committee

Recommendation: Any future digital trade provisions negotiated under the Economic Prosperity Deal should strike a careful balance: promoting AI adoption and cross-border collaboration to strengthen the Western technological 55 alliance, while safeguarding intellectual property, ensuring fair taxation, and enabling the development …

Gov response: The Government recognises the Committee’s recommendation on digital trade, which is in line with the UK’s approach to EPD discussions. Digital trade has the potential to further economic growth and unlock new opportunities for businesses, …

Accepted

#18 —

Science, Innovation and Technology Committee

Recommendation: Of Ofcom’s two principal duties, it has appeared to have given less prominence to “further[ing] the interests of citizens in relation to communications matters” than it has to “further[ing] the interests of consumers”. Ofcom must ensure that it pursues both …

Gov response: The Government agrees that Ofcom has an important role to play in taking forward this agenda and in helping to create the right market conditions to support the process of diversification within the UK market. …

Accepted

#11 — Produce an implementation plan and commit to codifying remaining IoT security guidelines.

Culture, Media and Sport Committee

Recommendation: The introduction of the product security regime, which codifies three of the original thirteen guidelines set out in the Government’s internationally recognised 2018 Code of Practice for Consumer IoT Security, is an important first step in improving cybersecurity for connected …

Gov response: We partially accept this recommendation. depends on a number of factors, from the products’ technical architecture, to the setting it is ultimately deployed in. The Government is therefore mindful of the risk of imposing excessive …

Partially Accepted

#14 —

Science, Innovation and Technology Committee

Recommendation: The Government should align its strategy for diversifying the 5G vendor market with its support for rolling out 5G network coverage. Wherever the Government provides funds for expanding 5G coverage, it should look for opportunities to simultaneously support vendor diversification, …

Gov response: The Government’s previously stated ambition is for the majority of the population to have access to 5G by 2027. All four Mobile Network Operators have launched their 5G networks and 5G is now available in …

Under Consideration

#19 —

Public Accounts Committee

Recommendation: The regulatory system for product safety is facing multiple new challenges that it will need the skills and resources to be able to respond to. For example: the OPSS and Trading Standards services will need to give greater consideration to …

Gov response: 5: PAC conclusion: The regulatory system is lacking capacity and skills to meet the challenges it faces. 5.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2022 5.2 OPSS is currently reviewing …

Under Consideration

#18 —

Public Accounts Committee

Recommendation: The OPSS estimated that 15% of products bought for the home now include ‘smart’ technology. Products that are connected to the internet create new product safety risks, such as cyber-security risks in the example of a baby monitor which could …

Gov response: 4: PAC conclusion: Gaps in the regulatory framework make it harder to protect consumers from new risks presented by online marketplaces and emerging technologies. 4.1 The government agrees with the Committee’s recommendation. Target implementation date: …

Under Consideration

#31 — Ensure government-provided education devices receive regular software updates for security and reduced e-waste

Education Committee

Recommendation: Since the pandemic, the Government has provided over 1.35 million laptops and tablets to schools, trusts, local authorities and further education providers for disadvantaged children and young people. Edtech has more malware than all other sectors combined, and therefore it …

Gov response: Our strategy to help schools implement reliable and sustainable technology focuses on fixing the basics of connectivity, support with procurement and setting standards, including on devices. During the COVID-19 pandemic, DfE delivered 1.95 million laptops …

Not Addressed

#15 —

Science, Innovation and Technology Committee

Recommendation: The Government identified the concentration of intellectual property rights in the hands of established vendors as a barrier to market entry. It commits in its diversification strategy to working with industry bodies to address this, although the proposed work is …

Gov response: Intellectual property rights, and in particular Standard Essential Patents, play a key role in the design and development of telecoms radio equipment. As set out in the Diversification Strategy, in the context of 5G the …

Under Consideration

#11 —

Science, Innovation and Technology Committee

Recommendation: In addition to conducting security testing and validation, the Government should ensure that the research and testing facilities established through the diversification strategy also drive market diversification by stimulating collaboration and supporting the development and commercialisation of new technologies. (Paragraph …

Gov response: The Government announced an initial £250 million of investment in research and development to drive early work on the diversification agenda. As set out in the Diversification Strategy, the early focus is to address the …

Accepted

#14 —

Public Accounts Committee

Recommendation: Responding to the key challenges the regulatory system faces requires collaboration with other government departments. For example, the Department told us of its engagement with the Department for Digital, Culture, Media and Sport regarding cyber- security threats in products that …

Gov response: 3: PAC conclusion: There is insufficient coordination between the OPSS, local authorities and other parts of government. 3.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2022 3.4 The Department for Business, …

Under Consideration

#18 —

Women and Equalities Committee

Recommendation: The Government should set out in the renewed Women’s Health Strategy a rigorous approach to tackling the risks from ineffective, unsafe and exploitative for-profit FemTech apps. To combat demand for these apps the Government must increase resourcing of the NHS’s …

Response Pending

#12 — Work with OPSS to promote data protection and security guidelines for IoT devices.

Culture, Media and Sport Committee

Recommendation: As the guidelines set out in the 2018 Code of Practice for Consumer IoT Security imply, cybersecurity and data protection are mutually reinforcing. Without cybersecurity, data cannot be meaningfully protected, while data protection can manage the risk and impact of …

Gov response: We accept this recommendation. The Information Commissioner’s Office will work with the Office for Product Safety Standards, either bilaterally or through the Digital Regulation Co-operation Forum, to help support one another’s work, to most effectively …

Accepted

#32 — Set out funding, renewal, and disposal strategies for government-provided school digital devices.

Education Committee

Recommendation: Digital devices provided to schools by the Government must be maintained and kept secure through regular renewals and software updates. The Department for Education must set out a funding and renewal strategy for device management alongside a strategy for disposing …

Gov response: Our strategy to help schools implement reliable and sustainable technology focuses on fixing the basics of connectivity, support with procurement and setting standards, including on devices. During the COVID-19 pandemic, DfE delivered 1.95 million laptops …

Not Addressed

#16 —

Science, Innovation and Technology Committee

Recommendation: Long-standing factors have driven consolidation in the telecommunications vendor market over many years, so it is critical that the Government adopts measures to maintain market diversity as well as to drive the initial diversification. Network operators will be integral to …

Gov response: The Government announced an initial £250 million of investment in research and development to drive early work on the diversification agenda. As set out in the Diversification Strategy, the early focus is to address the …

Accepted

#12 —

Science, Innovation and Technology Committee

Recommendation: Testing facilities do not need to be situated in one physical location. The Government should ensure that any new testing facilities complement existing facilities, and are designed with potential developments in 5G technology in mind to guard against future redundancy.

Gov response: The Government announced an initial £250 million of investment in research and development to drive early work on the diversification agenda. As set out in the Diversification Strategy, the early focus is to address the …

Accepted

#17 —

Transport Committee

Recommendation: The Government needs to act as a consolidator and facilitator to draw together disparate approaches to cybersecurity in the maritime sector. The 2017 Cyber Security Code of Practice for Ships should be updated as soon as possible. The Government should …

Gov response: The Government agrees and is taking an active role in bringing together a wide range of cyber security activities to support the maritime sector. This includes the development of technical guidance to support industry on …

Accepted

#14 —

Transport Committee

Recommendation: There is a fine balance that needs to be struck when it comes to regulating for smart shipping and autonomous vessels. It is important that innovation is able to flourish whilst ensuring that safety standards are maintained and that there …

Gov response: The Government agrees. As noted in the response to recommendation 7, the £206m UK Shipping Office for Reducing Emissions (UK SHORE) was announced as part of the National Shipbuilding Strategy Refresh on 10 March 2022. …

Under Consideration

#7 — Connected vehicles pose new complex challenges for safety, data access, and legal liability.

Transport Committee

Recommendation: Connected vehicles pose new dangers, which the law must evolve to meet. A safety- led culture will require wide access to data, and this must be a higher priority than commercial confidentiality. Ensuring self-driving vehicles are roadworthy will be more …

Gov response: The Government has noted this recommendation. The Government recognises the need to make progress on issues of unresolved policy. Based on the Law Commissions’ review of the law, and extensive consultation on their proposals, the …

Accepted

#21 — Seven million smart meter communication hubs require replacement by 2033 due to network closures.

Public Accounts Committee

Recommendation: The Department also estimates that 7 million communications hubs (a modular component of the smart meter set) will need to be replaced in the South and Central regions ahead of 2033, when 2G and 3G communications networks are closed. These …

Gov response: 5.5 The government agrees with the Committee’s recommendation. Target implementation date: January 2026 5.6 Suppliers have an obligation (Standard Licence Condition 49.4 in electricity Licence and Gas equivalent) to ensure that they take pre-emptive steps …

Accepted

#19 — One point four million smart meters lost communication; replacement incentives for suppliers are weak.

Public Accounts Committee

Recommendation: According to the Department and Energy UK, the third category included around 1.4 million meters that were working at the point of installation but had since lost communication.59 This includes first generation meters, known as SMETS1, that needed to be …

Gov response: 5.1 The government agrees with the Committee’s recommendation. Target implementation date: April 2024 5.2 The department agrees that energy suppliers should have the right resources and analytical insights in place to both monitor and maintain …

Accepted

#5 — Ensure suppliers prioritise replacing faulty smart meters and deploy future-proofed technology.

Public Accounts Committee

Recommendation: Too many smart meters are not fully functioning and millions more will be impacted when the 2G and 3G mobile communication networks close. In March 2023, around 3 million (9%) of smart meters were not working properly in total. Of …

Gov response: The government disagrees with the Committee’s recommendation. Excluding 2G or 3G connectivity from new installations would mean pausing the rollout until 4G communications hubs are ready for deployment at scale. This would drive up the …

Not Accepted

#8 — Lead efforts to resolve policy issues for safe deployment of self-driving vehicles by 2025.

Transport Committee

Recommendation: The Government has put good structures in place, but it is not enough just to participate in or facilitate conversations about unresolved policy issues, including access to data, verifying roadworthiness, legal liability and insurance implications. If self-driving vehicles are to …

Gov response: The Government has noted this recommendation. The Government recognises the need to make progress on issues of unresolved policy. Based on the Law Commissions’ review of the law, and extensive consultation on their proposals, the …

Accepted

#17 — Nine percent of installed smart meters, totalling three million, were not working properly.

Public Accounts Committee

Recommendation: As at March 2023, 3 million smart meters were not working properly; which means that these meters were either not sending energy use information to suppliers or not displaying this information to consumers, or both. This equated to 9% of …

Gov response: 5.1 The government agrees with the Committee’s recommendation. Target implementation date: April 2024 5.2 The department agrees that energy suppliers should have the right resources and analytical insights in place to both monitor and maintain …

Not Addressed

#13 — Solutions being explored for smart meter 'not-spots' in hundreds of thousands of homes

Public Accounts Committee

Recommendation: The Department told us that the Data and Communications Company, the central communications and data platform that provides the network ecosystem for smart meters, is looking into options for ‘not-spots’ which the Department considers applies to only 0.75% of homes.42 …

Gov response: 3.1 The government agrees with the Committee’s recommendation. Recommendation implemented 3.2 The department proactively identified geographic distribution of the rollout as an area for further monitoring; collected and published data alongside the official statistics produced …

Accepted

#14 — Inadequate digital literacy curriculum structure and teacher support negatively impact children's skills.

Education Committee

Recommendation: We welcome the inclusion of digital literacy in the curriculum. However, the curriculum is not structured well enough to keep children safe online. Digital literacy is split across numerous subjects with different focuses and teachers. Teachers must grapple with a …

Gov response: Guidance and support for digital literacy and for the embedding of online safety is being addressed. As part of relationships sex and health education (RSHE), pupils are taught about online relationships, the implications of sharing …

Not Addressed

#12 — Educational apps lack quality standards and an evidence base, confusing parents.

Education Committee

Recommendation: There are over half a million apps claiming to be educational within leading app stores such as the Apple App Store and Google Play, but no quality standards for educational content or design features that apps must align with to …

Gov response: DfE is already working to improve the evidence base around EdTech products and services for schools, working with industry and educational experts. Since the committee’s report was published, we have appointed the Chartered College of …

Partially Accepted

#25 —

Treasury Committee

Recommendation: There is a range of innovations taking place in payments systems and with alternative means of exchange, including crypto-assets, stablecoins, and central bank digital currencies. These innovations could provide opportunities to address weaknesses in international payments systems and potentially to …

Gov response: The government notes the committee’s assessment that there is both opportunity and risk that comes with innovation. With respect to stablecoins, the government set out its intention in April 2022 to bring stablecoins, where used …

Under Consideration

#56 — Bilateral cooperation frameworks and agreements with South Korea and Singapore welcomed

Foreign Affairs Committee

Recommendation: We also welcome the signing of the UK-Republic of Korea bilateral framework of cooperation in June 2022 and the July 2022 data adequacy agreement signed between the UK and the Republic of Korea, as well as the February 2022 Digital …

Gov response: 142. The Government agrees with the Committee’s conclusion. 2023 marked 140 years of UK and Republic of Korea diplomatic relations. The signing of the UK-ROK Downing Street Accord in November last year builds on our …

Not Addressed

#55 — UK-Japan Digital Partnership signed and welcomed for enhanced cooperation

Foreign Affairs Committee

Recommendation: We welcome the UK-Japan Digital Partnership signed in December 2022, under which the two countries will cooperate more closely in 14 areas.

Gov response: 141. The Government agrees with the Committee’s conclusion. The Digital Partnership has turbocharged UK–Japan joint working in an era of increasing global competition on tech and data. The partnership has practical application. For example, it …

Not Addressed

#10 — Allow Ofcom to de-designate legacy devices from prominence provisions based on public usage.

Culture, Media and Sport Committee

Recommendation: It is in the interests of both Public Service Broadcasters and platforms that the Media Bill enables legacy devices to be exempted from requirements, given the technical hurdles involved. However, it is important that any exemption is not exploited. Allowing …

Response Pending