This bill was authored by the Most Honourable Severian Churchill, 13th Duke of Marlborough, as a Private Member's Bill.
Information Security Bill 2019A Bill for the protection of the British Information Technology Network from interference by foreign adversaries.
Be it enacted by the Queen's most Excellent Majesty, by and with the advice and consent of the Lords Spiritual and Temporal, and Commons, in this present Parliament assembled, and by the authority of the same, as follows:—
1 Prohibition of Information Technology Transfers with Foreign Adversaries
- The following actions are prohibited: any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service (transaction) by any person, or with respect to any property, subject to the jurisdiction of the United Kingdom, where the transaction involves any property in which any foreign country or a national thereof has any interest (including through an interest in a contract for the provision of the technology or service), where the transaction was initiated, is pending, or will be completed after the date of the passage of this act, and where the Minister of State for Trade (Minister), in consultation with the Chancellor of the Exchequer, the Foreign Secretary, the Home Secretary, Secretary of State for Defence, and, as appropriate, the heads of other cabinet departments and agencies (agencies), has determined that:
- the transaction involves information and communications technology or services designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary; and the transaction:
- poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United Kingdom;
- poses an undue risk of catastrophic effects on the security or resiliency of United Kingdom critical infrastructure or the digital economy of the United Kingdom; or
- otherwise poses an unacceptable risk to the national security of the United Kingdom or the security and safety of United Kingdom persons.
- The Minister, in consultation with the heads of other agencies as appropriate, may at the Minister’s discretion design or negotiate measures to mitigate concerns identified under section 1(a) of this act. Such measures may serve as a precondition to the approval of a transaction or of a class of transactions that would otherwise be prohibited pursuant to this order.
- The prohibitions in subsection (a) of this section apply except to the extent provided by statutes, or in regulations, orders, directives, or licences that may be issued pursuant to this order, and notwithstanding any contract entered into or any licence or permit granted prior to the effective date of this order.
2 Extent, commencement, and short title
- This Act may be cited as the Information Security Act 2019.
- This Act comes into force six months following its passage into law.
- This Act extends to the entirety of the United Kingdom of Great Britain and Northern Ireland.