Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the UK’s level of dependence on foreign manufactured Common Information Models (CIMs); and what steps his Department is taking to ensure the resilience and sovereignty of UK infrastructure that depends on CIM‑enabled connectivity.

Common Information Models are used across a range of UK CNI sectors. This includes telecommunications, where CIMs enable interoperability between different network management and operational systems. They support efficient operation and automation in complex, multivendor networks, but do not themselves control telecommunications networks.

The Government keeps under review the resilience and security of the UK’s telecommunications infrastructure, including potential dependencies on overseas technologies and suppliers.

As the government set out in its response to the Telecommunications Supply Chain Diversification (TSCD) Advisory Council report, security and resilience risks can arise when critical network functions may rely on a limited range of suppliers or technologies, including software based systems used for network monitoring, configuration and management.

The Telecommunications (Security) Act 2021 and the National Security and Investment Act 2021 provide frameworks through which the Government can assess and address national security risks in the telecommunications sector, including risks associated with hostile state interference. The government response to the TSCD Advisory Council report also sets out the steps the government is taking to manage the risks associated with vendor concentration in UK telecoms networks.

The Cyber Security and Resilience Bill will strengthen the resilience of the UK's critical infrastructure, including by strengthening duties on operators of essential services to manage risks in their supply chains. The Bill will also provide the Secretary of State with a power of direction, enabling the government to act where necessary and proportionate to address national security risks to regulated entities.

The government works closely with the National Cyber Security Centre to assess and manage risks to UK critical national infrastructure, including those arising from dependence on foreign-manufactured technologies

The Government seeks to build sovereign capability in critical technologies, as set out in the June 2025 Modern Industrial Strategy and the accompanying Digital and Technologies Sector Plan.

More broadly, on the development of global digital standards, the UK supports an open, inclusive, multistakeholder approach and is actively engaged to ensure our interests and values are well-accounted for. DSIT, NCSC and other government departments and agencies engage directly in standards development where the UK has critical interests to seek to ensure that UK needs are met.