Lord Clement-Jones

The Government is determined to ensure that any risks arising from the industry-led migration of the Public Switched Telephone Network (PSTN) to Voice over Internet Protocol (VoIP) are mitigated for all customers across the UK.

Major communication providers, including BT, signed a voluntary charter in December 2023 to protect vulnerable customers. A definition of vulnerable customers who may require additional support in the context of the PSTN switch-off was published in November 2024. It includes the landline-dependent and those living in rural areas. In November 2024, providers agreed to additional safeguards in the Non-Voluntary Migrations Checklist. This includes requirements for timely and repeated communication with customers ahead of their non-voluntary migration.

GOV.UK One Login is a centrally funded programme, to deliver one ‘front door’ for government services in order to replace the previous landscape of siloed and duplicative sign-in and identity-proofing methods. This will save time for users and taxpayer money by avoiding duplication across government. As an organisation within government, Companies House services are included in this government programme. As is the case with all other government services on GOV.UK One Login, the service is free to use to enable inclusive and easy access to public services.

The Government is determined to ensure that any risks arising from the industry-led migration of the Public Switched Telephone Network (PSTN) to Voice over Internet Protocol (VoIP) are mitigated for all customers across the UK.

In November 2024, providers agreed to safeguards in the Non-Voluntary Migrations Checklist including requirements to provide resilience solutions (e.g., battery back-up) for vulnerable customers, including the landline-dependent and those living in rural areas, to enable access to emergency organisations for at least one hour in a power outage. After discussions with government ministers, a number of communication providers have gone beyond this minimum, providing battery back-ups of 4-7 hours.

The Office for Digital Identities and Attributes (OfDIA) regularly engages with a wide range of stakeholders including digital verification service providers, civil society, regulators, and other experts from academia and think tanks.

With regard to the GOV.UK Wallet and the mobile driving licence, OfDIA and the Government Digital Service have an event on 14 May 2025 to engage with digital verification providers on how the GOV.UK Wallet can work with and alongside private sector solutions to offer users the best experience and appropriate choice. This will be followed by technical engagement with providers in the coming months.

GOV.UK One Login follows the highest security standards for government and private sector services. As the public rightly expects, protecting the security of government services and the data and privacy of users to keep pace with the changing cyber threat landscape is paramount.

Security best practice is followed with a number of layered security controls which include: Security clearances for staff with ‘Security Check’ clearance required for all developers with production access; Identity and access management controls that block staff from viewing or altering personal information; A secure by design and compartmentalised system architecture; Technical controls around building and deployments; Logging and monitoring to alert on access to environments that contain personally identifiable information; and robust procedures for addressing any unauthorised or unaccounted for access.

The GOV.UK One Login works closely with the National Cyber Security Centre (NCSC) to identify and mitigate risks and align to the Cyber Assessment Framework (CAF) which the Government Cyber Security Strategy 2022-2030 outlines as the assurance framework that should be adopted by the government. Findings from the recent CAF GovAssure process identified areas of good practice including governance, risk management, assurance, monitoring, incident management and lessons learned. The programme has conducted multiple independent risk and threat assessments, such as regular IT Health Checks (ITHC), and these will continue to be part of the programme’s operating approach.

In addition GOV.UK One Login works closely with the Information Commissioners’ Office (ICO) on programme developments, including iterations of the Data Protection Impact Assessment (DPIA).

GOV.UK One Login takes the security clearance and audit of personnel very seriously. All individuals with production access to Government Digital Service (GDS) systems must undergo a Security Check (SC). There are some individuals working within the GOV.UK One Login programme who are not SC-cleared, however they will not have production access to the service.

These comments are outdated and reflect a view from when the programme was in its infancy in 2023. We have worked to address all these concerns as evidenced by multiple external independent assessments such as the recent Cyber Assessment Framework (CAF) GovAssure process which identified areas of good practice including governance, risk management, assurance, monitoring, incident management and lessons learned. Risk mitigation will continue to be central to our approach to ensure we keep pace with the constantly changing cyber threat landscape.

GOV.UK Wallet

The GOV.UK Wallet is in the early stages of its development, and its announcement in January was the beginning of the design and build of the product. The GOV.UK Wallet is subject to the rigorous and well-established process designed to ensure value for money and alignment with government priorities. As we progress, the value and impact (including on businesses) will be further evaluated, including during the forthcoming Spending Review.

GOV.UK One Login

GOV.UK One Login enables the public to interact with government services online with a single account and identity-checking system. GOV.UK One Login can only be used to access government services. Its certification against the trust framework demonstrates it is meeting best practice and high standards, but does not change where or how it can be used.

The Government is determined to ensure any risks arising from the industry-led migration of the Public Switched Telephone Network (PSTN) to Voice over Internet Protocol (VoIP) are mitigated for all customers.

Major communication providers, including BT, signed a voluntary charter in December 2023 to protect vulnerable customers. In November 2024, providers agreed additional safeguards in the Non-Voluntary Migrations Checklist. This includes requirements to provide increased resilience for vulnerable customers, including those who depend on a landline, to enable access to emergency organisations for at least one hour during a power cut. In addition, several networks are bringing in batteries that can provide longer backup during a power cut.

The Government wants all areas of the UK to benefit from good quality mobile coverage. We have delivered our commitment for 95% of the UK to have access to a 4G signal through the Shared Rural Network, but our ambition is to go further, with all populated areas having higher-quality standalone 5G by 2030.

Government recognises the potential for online mis- and dis-information to undermine public trust in the information environment. Mis and disinformation should be tackled through a multi-faceted, whole of society approach. Solutions that enable users and institutions to critically evaluate information online, including discerning whether a piece of content is AI-generated, are a key part of this approach.

We recognise the interest in the use of provenance tools and metadata to identify AI-generated and modified content. The Department for Science, Innovation and Technology is working with other government departments and agencies to explore these technologies, alongside other technical measures.

DSIT regularly engages with Ofcom on the implementation of the Online Safety Act. The Act will help tackle online fraud, including fraudulent advertising. Since 17 March 2025, all services are required to take measures to tackle illegal fraud.

Further fraudulent advertising duties on Category 1 and 2A services will come into effect once the register of categorised services and the relevant codes are in place. Ofcom plans to publish the register this summer and then consult on the draft codes of practice for the remaining duties by early 2026. We anticipate the duties will come into force around a year later.

DSIT regularly engages with Ofcom on the implementation of the Online Safety Act. The Act will help tackle online fraud, including fraudulent advertising. Since 17 March 2025, all services are required to take measures to tackle illegal fraud.

Further fraudulent advertising duties on Category 1 and 2A services will come into effect once the register of categorised services and the relevant codes are in place. Ofcom plans to publish the register this summer and then consult on the draft codes of practice for the remaining duties by early 2026. We anticipate the duties will come into force around a year later.

All departments must adhere to the UK data protection legislation, which requires data protection impact assessments, legally binding agreements and contracts, and privacy notices to ensure transparency and the protection of personal information. This requirement extends to data shared under the Digital Economy Act (DEA) Public Service Delivery power as outlined in the DEA Code of Practice. The register of information sharing agreements under the Digital Economy Act aims to support transparency.

To further reinforce these practices Government Digital Service is developing a trust framework for data sharing, which aims to align with public and stakeholder expectations, ensure compliance with UK data protection laws and best governance practices, and establish an accountable, standardised, secure, and transparent approach to the use of public data assets.

GDS is working to ensure public sector data is fit for purpose, trusted and available via interoperable architecture. Work is ongoing to ensure we can identify our most critical data assets and ensure they are managed and reused to maximise their value for public good within the scope of public sector activities, regardless of the individual departmental source. An initiative trialled across central government departments has already identified approximately 200 assets which will be made discoverable for reuse within the public sector with plans to make them more broadly available. What we learn from this will inform programmes such as the National Data Library.

All departments must follow UK data protection laws and requirements, including on impact assessments, legal agreements, and privacy notices. The Digital Economy Act 2017 supports secure, lawful data sharing with safeguards to protect personal data, while enabling better public services and policy-making. The register of information sharing agreements under this Act supports transparency.

Any proposals to develop changes to data sharing legislation for the public good will be subject to open policy making and full public consultation.

As part of the Government’s blueprint for modern digital government published in January the government has committed to streamline the procurement of cloud services. We will also continue our work to negotiate whole-of-public-sector agreements and contracting once for a limited number of high value cases, including platform services such as cloud.

As part of the Government’s blueprint for modern digital government published in January the government has committed to streamline the procurement of cloud services. We will also continue our work to negotiate whole-of-public-sector agreements and contracting once for a limited number of high value cases, including platform services such as cloud.

During last summer’s unrest, the National Security and Online Information Team identified mis and disinformation themes and trends which resulted from the tragic events in Southport. It worked with wider government and major social media platforms to understand emerging risks and tackle content contributing to the subsequent disorder. This included proactively referring content within the team’s remit for platforms to independently assess and act on in line with their terms of service.

I refer the noble Lord to the answer I gave on 4^th December to Question UIN HL2699. The ICO continue to proactively audit the use of personal data in the edtech sector where evidence supports it. The ICO have audited 10 EdTech service providers, with confirmed plans to audit a further seven, as well as planning to request further information from other providers to support their audit findings.

In respect to the second part of his question, common findings and examples are anonymised and will be published after all audits with service providers are completed. Publication decisions on individual audit findings attributed to named service providers is decided on a case-by-case basis, generally with their consent.

The Government is committed to implementing all remaining provisions of the Product Security and Telecommunications Act 2022 as soon as possible. These measures will help deliver the benefits of advanced digital connectivity.

Most provisions have already been implemented. Those remaining are complex and technical. The Department will bring forward a consultation on the implementation of sections 61 to 64, including transitional provisions, as soon as possible.

The Government is committed to implementing all remaining provisions of the Product Security and Telecommunications Act 2022 as soon as possible. These measures will help deliver the benefits of advanced digital connectivity.

Most provisions have already been implemented. Those remaining are complex and technical. The Department will bring forward a consultation on the implementation of sections 61 to 64, including transitional provisions, as soon as possible.

The Government is committed to implementing all remaining provisions of the Product Security and Telecommunications Act 2022 as soon as possible. These measures will help deliver the benefits of advanced digital connectivity.

Most provisions have already been implemented. Those remaining are complex and technical. The Department will bring forward a consultation on the implementation of sections 61 to 64, including transitional provisions, as soon as possible.

It is for Ofcom to recommend the types of age assurance that it considers to be highly effective for services to meet their duties under the Online Safety Act. Ofcom must ensure guidance is legally robust and based on sufficient evidence to ensure it withstands challenge.

Age assurance methods are developing rapidly and there are a growing range of tools to support children to have a safe and age-appropriate experience online. We welcome research that contributes to the evidence base which may help Ofcom expand the list of recommended technologies in future iterations of the guidance.

The ICO have audited 10 EdTech service providers, have confirmed plans to audit a further seven, and will be requesting further information from other providers to support their audit findings. Common findings and examples are anonymised and will be published after all audits with service providers are completed. Publication decisions on individual audit findings attributed to named service providers is decided on a case-by-case basis, generally with their consent.

Security is central to HMG's Generative AI Framework, which was published in January this year and sets out principles for using generative AI safely and responsibly. The risks posed by prompt injection attacks, including from material provided outside of government, have been assessed as part of this framework and are continually reviewed. The published Generative AI Framework for HMG specifically includes Prompt Injection attacks, alongside other AI specific cyber risks.

BT are a signatory of the Public Switched Telephone Network (PSTN) charter, committing them to protect vulnerable users during the migration. BT, along with other communication providers, are not proactively switching customers to Digital Voice unless they have not used their landline for at least 12 months, though customers can choose to switch at any time. BT provide their customers with at least four weeks of notice, and ensure they have the necessary quality of connection prior to migration. BT does not provide electricity but provide in-home solutions that customers can use in the event of a power outage.

This government is committed to ensuring the security and resilience and fostering diverse growth and innovation of UK data infrastructure, including cloud services.

The government recently designated data centres and cloud infrastructure as Critical National Infrastructure (CNI), recognising their fundamental importance to the UK and the digital economy. This will ensure that the UK is a safe place to develop and invest in data infrastructure.

The government continues to engage with the whole sector to enable and promote a level playing field, where UK cloud hosting providers have equity of access to the public sector cloud market.

This government is committed to ensuring the security and resilience and fostering diverse growth and innovation of UK data infrastructure, including cloud services.

The government recently designated data centres and cloud infrastructure as Critical National Infrastructure (CNI), recognising their fundamental importance to the UK and the digital economy. This will ensure that the UK is a safe place to develop and invest in data infrastructure.

The government continues to engage with the whole sector to enable and promote a level playing field, where UK cloud hosting providers have equity of access to the public sector cloud market.

This government is committed to ensuring the security and resilience and fostering diverse growth and innovation of UK data infrastructure, including cloud services.

The government recently designated data centres and cloud infrastructure as Critical National Infrastructure (CNI), recognising their fundamental importance to the UK and the digital economy. This will ensure that the UK is a safe place to develop and invest in data infrastructure.

The government continues to engage with the whole sector to enable and promote a level playing field, where UK cloud hosting providers have equity of access to the public sector cloud market.

The National Data Library will transform the way the Government manages our national strategic data assets. ​

​It will focus on maximising the value of data for the public good, on growing the economy and creating new jobs, and on delivering data-driven AI-powered public services.

Decisions on the design and implementation of the National Data Library will be taken in due course.

Skills Bootcamps are an important offer in the skills landscape. Latest published data shows that in the 2022/23 financial year, the majority of Skills Bootcamps were in the digital sector, with 61% of starts in digital.

This financial year, Skills Bootcamps are available in digital marketing, cyber security, software engineering, data analytics, and artificial intelligence (AI) and machine learning. Mayoral Combined Authorities and local areas can use their grant funding for Skills Bootcamps in the digital sector where they have identified a local need.

The department recognises the long term importance of supporting learners and employers to develop digital skills. In addition to Skills Bootcamps, learners and employers can benefit from more than 30 high quality digital apprenticeship standards, including the level 3 cyber security technician standard and the level 5 data engineer standard. Learners can study three Digital T Levels which include AI content and there are 77 Higher Technical Qualifications approved and quality marked as providing the skills demanded in the workplace by employers, including AI skills.

The role of Skills England will include developing a coherent picture of our national and regional skills needs, and shaping the technical education needed to meet that demand.