Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the potential impact of Chinese-manufactured smart devices in the UK's critical national infrastructure on national security.

National security is the first duty of our government.

Under the Product Security and Telecommunications Infrastructure Act 2022, any connected device intended to be used by consumers must meet three basic requirements: no universal default or easily guessable passwords; transparency about the minimum length of time manufacturers will provide security updates; and information on how to report security vulnerabilities directly to manufacturers.

The Department for Science, Innovation and Technology launched a Call for Views on 12 May 2025 on proposals to strengthen the cyber security of enterprise connected devices. Research commissioned in 2021 by DSIT of 400 businesses showed significant gaps in device security practices with 58% of businesses not requiring security checks when purchasing connected devices. Our Call for Views included a draft Code of Practice, developed with the National Cyber Security Centre, which sets out 11 security principles for manufacturers, covering areas like secure updates, authentication, data protection, and device integrity. Feedback is being considered, and a government response will be published in due course.

The Cyber Security and Resilience Bill will also be introduced when parliamentary time allows, to deliver a step change in the UK’s national security, requiring essential and digital services in scope to have robust cyber security practices and standards. This will include empowering regulators to designate critical suppliers, ensuring the most important suppliers to essential and digital services are subject to the regulatory regime.