Part 1 Access to customer data and business data

Introductory

1 Customer data and business data _I1,I2

(1)

This Part confers powers on the Secretary of State and the Treasury to make provision in connection with access to customer data and business data.

(2)In this Part—

• “ business data ”, in relation to a trader, means—

  (a)

  information about goods, services and digital content supplied or provided by the trader,

  (b)

  information relating to the supply or provision of goods, services and digital content by the trader (such as, for example, information about—

  (i)

  where goods, services or digital content are supplied or provided,

  (ii)

  prices or other terms on which they are supplied or provided,

  (iii)

  how they are used, or

  (iv)

  their performance or quality),

  (c)

  information relating to feedback about the goods, services or digital content (or their supply or provision), and

  (d)

  information relating to the provision of information described in paragraphs (a) to (c) to a person in accordance with data regulations;

• “ customer data ” means information relating to a customer of a trader, including—

  (a)

  information relating to goods, services and digital content supplied or provided by the trader to the customer or to another person at the customer’s request (such as, for example, information about—

  (i)

  prices or other terms on which goods, services or digital content are supplied or provided to the customer or the other person,

  (ii)

  how they are used by the customer or the other person, or

  (iii)

  their performance or quality when used by the customer or the other person), and

  (b)

  information relating to the provision of information described in paragraph (a), or of other information relating to a customer of a trader, to a person in accordance with data regulations;

• “ data holder ”, in relation to customer data or business data of a trader, means—

  (a)

  the trader, or

  (b)

  a person who, in the course of a business, processes the data;

• “ data regulations ” means regulations under section 2 or 4 (and see section 23 );

• “ trader ” means a person who supplies or provides goods, services or digital content in the course of a business, whether acting personally or through another person acting in the trader’s name or on the trader’s behalf.

(3) For the purposes of this Part, a person (“ C ”) is a customer of a trader (“ T ”) if C has at any time—

(a)purchased goods, services or digital content supplied or provided by T (whether for use by C or another person),

(b)been supplied or provided by T with goods, services or digital content purchased from T by another person, or

(c)otherwise received goods, services or digital content free of charge from T.

(4)In subsection (3), the references to purchase, supply, provision or receipt of goods, services or digital content at any time include purchase, supply, provision or receipt before this section comes into force.

(5)In subsections (3) and (4), references to purchasing goods, services or digital content include entering into an agreement to do so.

(6)In this Part—

(a)

a reference to providing customer data or business data to a person (however expressed) includes a reference to providing the person with access to such data or with the ability to provide other persons with access to such data, and

(b)

a reference to a person receiving customer data or business data (however expressed) includes a reference to a person obtaining access to such data or the ability to provide other persons with access to such data.

Data regulations

2 Power to make provision in connection with customer data _I3,I4

(1)The Secretary of State or the Treasury may by regulations make provision requiring a data holder to provide customer data—

(a)to the customer, at the customer’s request, or

(b) to a person of a specified description who is authorised by the customer to receive the data (an “authorised person”), at the customer’s request or at the authorised person’s request.

(2) In this Part, in relation to customer data, “ third party recipient ” means a person of a description specified by provision made under subsection (1) (b) (and see section 25 (1) ).

(3)The Secretary of State or the Treasury may by regulations make provision enabling or requiring a data holder—

(a)to produce, collect or retain, or arrange for the production, collection or retention of, customer data;

(b)to make changes to customer data, including to require rectification of inaccurate customer data, at the request of a customer or authorised person.

(4)The Secretary of State or the Treasury may by regulations make provision for a person who is an authorised person in relation to customer data to take, on the customer’s behalf, action that the customer could take in relation to goods, services or digital content supplied or provided by a person who is, or has been, a data holder in relation to the customer data.

(5)In deciding whether to make regulations under this section, the Secretary of State or the Treasury must have regard to (among other things)—

(a)the likely effects for existing and future customers,

(b)the likely effects for data holders,

(c)the likely effect on small businesses and micro businesses,

(d)the likely effect on innovation in the supply or provision of goods, services and digital content affected by the regulations or other goods, services and digital content, and

(e)the likely effect on competition in markets for goods, services and digital content affected by the regulations or other markets.

3 Customer data: supplementary _I5,I6

(1)This section is about provision that regulations under section 2 may (among other things) contain.

(2)The regulations may include—

(a)provision about the procedure by which customers authorise persons to receive customer data or to do other things;

(b)provision restricting the persons that may be authorised to persons that comply with specified conditions;

(c)provision for a specified person to decide whether a person satisfies the conditions for authorisation (and see section 6 for further provision about decision-makers).

(3)The regulations may make provision about requests relating to customer data, including provision about the circumstances in which a data holder may or must refuse to act on a request.

(4)The regulations may make provision about the providing of customer data and the taking of action described in section 2(4), including—

(a)provision requiring a data holder to provide customer data on one or more occasions, for a specified period or at specified intervals;

(b)provision requiring a data holder, customer or third party recipient to use specified facilities or services, including dashboard services, other electronic communications services or application programming interfaces;

(c)provision requiring a data holder or third party recipient to comply with specified standards, or participate in specified arrangements, relating to, or to the use of, such facilities or services;

(d)provision requiring a data holder or third party recipient to provide, or arrange for, specified assistance in connection with the establishment, maintenance or management of such facilities or services;

(e)provision about interface bodies (see section 7).

(5)The regulations may include—

(a)provision enabling or requiring a data holder to produce, collect or retain, or arrange for the production, collection or retention of, records of customer data provided in accordance with the regulations;

(b)provision enabling or requiring a third party recipient to produce or retain, or arrange for the production or retention of, records of customer data received in accordance with the regulations.

(6)The regulations may make provision requiring a person who, in the course of a business, processes customer data of a trader to assist, or take specified steps to assist, the trader in complying with regulations under this Part.

(7)The regulations may make provision about the processing of customer data provided to a third party recipient in accordance with the regulations, including—

(a)provision requiring a third party recipient to use specified facilities or services, including dashboard services, other electronic communications services or application programming interfaces;

(b)provision requiring a third party recipient to comply with specified standards, or participate in specified arrangements, relating to, or to the use of, such facilities or services;

(c)provision requiring a third party recipient to provide, or arrange for, specified assistance in connection with the establishment, maintenance or management of such facilities or services;

(d)provision about interface bodies (see section 7);

(e)provision about further disclosure of the data, including provision for a person to whom customer data is further disclosed to be subject to—

(i)some or all of the obligations imposed on a third party recipient by the regulations in relation to the customer data;

(ii)conditions imposed by the third party recipient.

(8)The regulations may make provision enabling or requiring a data holder or a third party recipient to publish specified information relating to the rights and obligations of persons under the regulations, including—

(a)information about the rights of customers in relation to customer data processed by the data holder or a third party recipient;

(b)information about the activities carried out by the data holder or a third party recipient in performance of their obligations under the regulations.

(9)The regulations may make provision about complaints, including provision requiring data holders or third party recipients to implement procedures for the handling of complaints.

(10)The regulations may make provision about procedures for the resolution of disputes, including—

(a)provision appointing, or providing for the appointment of, a person to determine disputes;

(b)provision about the person’s powers when determining disputes;

(c)provision about the effect of decisions relating to disputes;

(d)provision about the review of decisions relating to disputes;

(e)provision about appeals to a court or tribunal.

(11)In subsections (4)(d) and (7)(c), references to assistance include actual or contingent financial assistance (such as, for example, a grant, loan, guarantee or indemnity or buying a company’s share capital).

4 Power to make provision in connection with business data _I7,I8

(1)The Secretary of State or the Treasury may by regulations make provision requiring a data holder to publish business data or to provide business data—

(a)to a customer of the trader to whom the business data relates, or

(b)to another person of a specified description.

(2) In this Part, in relation to business data, “ third party recipient ” means a person of a description specified by provision made under subsection (1) (b) (and see section 25 (1) ).

(3)The Secretary of State or the Treasury may by regulations make provision enabling or requiring a data holder to produce, collect or retain, or arrange for the production, collection or retention of, business data.

(4)The Secretary of State or the Treasury may by regulations—

(a)make provision requiring a public authority that is a third party recipient in relation to business data (whether by virtue of those regulations or other data regulations), or a person appointed by such a public authority to do something with the business data, to publish business data or to provide business data—

(i)to a customer of the trader to whom the business data relates, or

(ii)to another person of a specified description,

(b)make provision requiring a person who is a third party recipient in relation to business data (whether by virtue of those regulations or other data regulations), and who is appointed by a public authority to do something with the business data, to publish or provide business data as described in paragraph (a)(i) or (ii),

(c)in relation to the public authority, or the appointed person referred to in paragraph (a) or (b), make any provision that could be made in relation to a data holder, in connection with business data, in reliance on subsection (3) or sections 5 to 21, other than provision imposing a levy on the public authority or person, and

(d)in relation to a person to whom the public authority or appointed person is required to provide business data by virtue of provision made under paragraph (a) or (b), other than a customer described in paragraph (a)(i), make any provision that could be made in relation to a third party recipient in reliance on sections 5 to 21.

(5)In deciding whether to make regulations under this section, the Secretary of State or the Treasury must have regard to (among other things)—

(a)the likely effects for existing and future customers,

(b)the likely effects for data holders,

(c)the likely effect on small businesses and micro businesses,

(d)the likely effect on innovation in the supply or provision of goods, services and digital content affected by the regulations or other goods, services and digital content, and

(e)the likely effect on competition in markets for goods, services and digital content affected by the regulations or other markets.

5 Business data: supplementary _I9,I10

(1)This section is about provision that regulations under section 4 may (among other things) contain.

(2)The regulations may require business data to be provided on request and make provision about requests, including—

(a)provision for requests to be made by a customer, a third party recipient or another person;

(b)provision about the circumstances in which a data holder may or must refuse to act on a request.

(3)The regulations may make provision requiring business data to be provided to customers, or third party recipients, who are approved to receive it, including—

(a)provision restricting the persons that may be approved to persons that comply with specified conditions;

(b)provision for a specified person to decide whether a person satisfies the conditions for approval (and see section 6 for further provision about decision-makers).

(4)The regulations may make provision about the providing or publishing of business data, including—

(a)provision requiring a data holder to provide or publish business data on one or more occasions, for a specified period or at specified intervals;

(b)provision requiring a data holder, customer or third party recipient to use specified facilities or services, including dashboard services, other electronic communications services or application programming interfaces;

(c)provision requiring a data holder or third party recipient to comply with specified standards, or participate in specified arrangements, relating to, or to the use of, such facilities or services;

(d)provision requiring a data holder or third party recipient to provide, or arrange for, specified assistance in connection with the establishment, maintenance or management of such facilities or services;

(e)provision about interface bodies (see section 7).

(5)The regulations may include—

(a)provision enabling or requiring a data holder to produce, collect or retain, or arrange for the production, collection or retention of, records of business data provided in accordance with the regulations;

(b)provision enabling or requiring a third party recipient to produce or retain, or arrange for the production or retention of, records of business data received in accordance with the regulations.

(6)The regulations may make provision requiring a person who, in the course of a business, processes business data of a trader to assist, or take specified steps to assist, the trader in complying with regulations under this Part.

(7)The regulations may make provision about the processing of business data provided to a third party recipient in accordance with the regulations, including—

(a)provision requiring a third party recipient to use specified facilities or services, including dashboard services, other electronic communications services or application programming interfaces;

(b)provision requiring a third party recipient to comply with specified standards, or participate in specified arrangements, relating to, or to the use of, such facilities or services;

(c)provision requiring a third party recipient to provide, or arrange for, specified assistance in connection with the establishment, maintenance or management of such facilities or services;

(d)provision about interface bodies (see section 7);

(e)provision about further disclosure of the data, including provision for a person to whom business data is further disclosed to be subject to some or all of the obligations imposed on customers or third party recipients by the regulations in relation to the business data.

(8)The regulations may make provision enabling or requiring a data holder or a third party recipient to publish specified information relating to the rights and obligations of persons under the regulations, including information about the activities carried out by the data holder or third party recipient in performance of their obligations under the regulations.

(9)The regulations may make provision about complaints, including provision requiring data holders or third party recipients to implement procedures for the handling of complaints.

(10)The regulations may make provision about procedures for the resolution of disputes, including—

(a)provision appointing, or providing for the appointment of, a person to determine disputes;

(b)provision about the person’s powers when determining disputes;

(c)provision about the effect of decisions relating to disputes;

(d)provision about the review of decisions relating to disputes;

(e)provision about appeals to a court or tribunal.

(11)In subsections (4)(d) and (7)(c), references to assistance include actual or contingent financial assistance (such as, for example, a grant, loan, guarantee or indemnity or buying a company’s share capital).

6 Decision-makers _I11,I12

(1)This section is about the provision about decision-makers that regulations under section 2 or 4 may or must (among other things) contain.

(2) In this Part, “ decision-maker ” means a person who is authorised or required to take a decision described in section 3 (2) (c) (authorisation) or 5 (3) (b) (approval).

(3)The regulations may make provision about the appointment of a decision-maker.

(4)The regulations may make provision enabling or requiring a decision-maker to suspend or revoke a decision.

(5) The regulations may confer powers on a decision-maker for the purpose of monitoring compliance with conditions for authorisation or approval (“monitoring powers”) (and see section 8 for provision about enforcement of requirements imposed in exercise of those powers).

(6)The monitoring powers that may be conferred on a decision-maker include powers to require the provision of documents or information (but such powers are subject to the restrictions in section 9 as well as any restrictions included in the regulations).

(7)The regulations must make provision about the rights of persons affected by the exercise of a decision-maker’s functions under the regulations and such provision may include (among other things)—

(a)provision about the review of decision-makers’ decisions;

(b)provision about appeals to a court or tribunal.

(8)The regulations may make provision about complaints, including provision requiring a decision-maker to implement procedures for the handling of complaints.

(9)The regulations may make provision enabling or requiring a decision-maker to publish, or provide to a specified person, specified documents or information relating to the exercise of the decision-maker’s functions.

(10)The regulations may make provision for a decision-maker to arrange for its monitoring powers to be exercised by another person.

(11)The regulations may—

(a)provide for functions under the regulations to be exercisable by more than one decision-maker (whether jointly or concurrently);

(b)where functions of decision-makers are exercisable concurrently—

(i)provide for one of the decision-makers to be the lead decision-maker;

(ii)require the other decision-makers to consult the lead decision-maker before exercising the functions in a particular case;

(iii)provide for the lead decision-maker to give directions as to which decision-maker is to exercise a function in a particular case.

(12)The regulations may make provision enabling or requiring a decision-maker—

(a)to produce guidance about how it proposes to exercise its functions under the regulations (including provision enabling or requiring decision-makers with functions exercisable jointly or concurrently to produce joint guidance),

(b)to publish the guidance, and

(c)to provide copies to specified persons.

7 Interface bodies _I13,I14

(1)This section is about the provision that regulations under section 2 or 4 may (among other things) contain about bodies with one or more of the following tasks—

(a) establishing a facility or service used, or capable of being used, for providing, publishing or otherwise processing customer data or business data or for taking action described in section 2 (4) (referred to in this Part as an “ interface ”);

(b) setting standards, or making other arrangements, relating to, or to the use of, an interface (referred to in this Part as “ interface standards ” and “interface arrangements”);

(c)maintaining or managing an interface, interface standards or interface arrangements.

(2) Such bodies are referred to in this Part as “ interface bodies ”.

(3)The regulations may—

(a)

require a data holder or a third party recipient to set up an interface body;

(b)make provision about the type of body to be set up.

(4)In relation to an interface body (whether or not it is required to be set up by regulations under section 2 or 4), the regulations may—

(a)make provision about the body’s composition and governance;

(b)make provision requiring a data holder or a third party recipient to provide, or arrange for, assistance for the body;

(c)impose other requirements relating to the body on a person who is required to set it up or to provide, or arrange for, assistance for the body;

(d)make provision requiring the body to carry on all or part of a task described in subsection (1);

(e)make provision requiring the body to do other things in connection with its interface, interface standards or interface arrangements;

(f)make provision about how the body carries out its functions (such as, for example, provision about the body’s objectives or matters to be taken into account by the body);

(g) confer powers on the body for the purpose of monitoring use of its interface, interface standards or interface arrangements (“monitoring powers”) (and see section 8 for provision about enforcement of requirements imposed in exercise of those powers);

(h)make provision for the body to arrange for its monitoring powers to be exercised by another person;

(i)make provision about the rights of persons affected by the exercise of the body’s functions under the regulations, including (among other things)—

(i)provision about the review of decisions made in exercise of those functions;

(ii)provision about appeals to a court or tribunal;

(j)make provision about complaints, including provision requiring the body to implement procedures for the handling of complaints;

(k)make provision enabling or requiring the body to publish, or provide to a specified person, specified documents or information relating to its interface, interface standards or interface arrangements;

(l)make provision enabling or requiring the body to produce guidance about how it proposes to exercise its functions under the regulations, to publish the guidance and to provide copies to specified persons.

(5)The monitoring powers that may be conferred on an interface body include power to require the provision of documents or information (but such powers are subject to the restrictions in section 9 as well as any restrictions included in the regulations).

(6)Examples of facilities or services referred to in subsection (1) include dashboard services, other electronic communications services and application programming interfaces.

(7)In subsection (4)(b) and (c), the references to assistance include actual or contingent financial assistance (such as, for example, a grant, loan, guarantee or indemnity or buying a company’s share capital).

Enforcement

8 Enforcement of regulations under this Part _I15,I16

(1)The Secretary of State or the Treasury may by regulations make provision—

(a)for the purpose of monitoring compliance with regulations under this Part or requirements imposed in exercise of a power conferred by such regulations, and

(b)for the enforcement of such regulations or requirements,

including provision for monitoring or enforcement by a specified public authority.

(2) In this Part, “ enforcer ” means a public authority that is authorised or required to carry out monitoring or enforcement described in subsection (1) .

(3)The following subsections make provision about what regulations under subsection (1) may or must (among other things) contain (and see sections 9 and 10).

(4)The regulations may confer powers of investigation on an enforcer, including—

(a)powers to require the provision of documents or information,

(b)powers to require an individual to attend at a place and answer questions, and

(c)powers of entry, inspection, search and seizure,

but such powers are subject to the restrictions in section 9 (as well as any restrictions included in the regulations).

(5)The regulations may—

(a) make provision enabling an enforcer to issue a notice (“ a compliance notice ”) requiring compliance with—

(i)regulations under this Part;

(ii)a condition for authorisation or approval (referred to in sections 3(2) and 5(3));

(iii)any other requirement imposed in exercise of a power conferred by regulations under this Part;

(b)make provision for the enforcement of compliance notices, including provision for their enforcement as if they were orders of a court or tribunal;

(c)make provision enabling an enforcer to publish a statement to the effect that the enforcer considers that a person is not complying with—

(i)a requirement imposed by regulations under this Part,

(ii)a requirement imposed by a compliance notice, or

(iii)any other requirement imposed in exercise of a power conferred by regulations under this Part.

(6)The regulations may make provision creating offences punishable with an unlimited fine, or a fine not exceeding a specified amount, in respect of—

(a)the provision of false or misleading information in response to a request made in accordance with regulations under this Part;

(b)an act or omission (including falsification) which prevents an enforcer, an interface body or a decision-maker from accessing information, documents, equipment or other material.

(7)The regulations may make provision enabling a financial penalty to be imposed by an enforcer in respect of—

(a)the provision of false or misleading information in response to a request made in accordance with regulations under this Part;

(b)a failure to comply with a requirement imposed by regulations under this Part;

(c)a failure to comply with a requirement imposed by a compliance notice;

(d)a failure to comply with any other requirement imposed in exercise of a power conferred by regulations under this Part;

and see section 10 for further provision about financial penalties.

(8)The regulations may make provision about the rights of persons affected by the exercise of an enforcer’s functions under the regulations, including—

(a)provision about the review of a decision made in exercise of those functions;

(b)provision about appeals to a court or tribunal.

(9)The regulations may make provision about complaints, including provision requiring an enforcer to implement procedures for the handling of complaints.

(10)The regulations may make provision enabling or requiring an enforcer to publish, or to provide to a specified person, specified documents or information relating to monitoring or enforcement described in subsection (1), including—

(a)documents or information relating to the exercise of the enforcer’s functions, and

(b)documents or information relating to convictions for offences.

(11)The regulations may make provision for an enforcer to arrange for its powers of investigation under the regulations to be exercised by another person.

(12)The regulations may—

(a)provide for functions under the regulations to be exercisable by more than one enforcer (whether jointly or concurrently);

(b)where functions of enforcers are exercisable concurrently—

(i)provide for one of the enforcers to be the lead enforcer;

(ii)require the other enforcers to consult the lead enforcer before exercising the functions in a particular case;

(iii)provide for the lead enforcer to give directions as to which enforcer is to exercise a function in a particular case.

(13)The regulations may make provision enabling or requiring an enforcer—

(a)to produce guidance about how it proposes to exercise its functions under the regulations (including provision enabling or requiring enforcers with functions exercisable jointly or concurrently to produce joint guidance),

(b)to publish the guidance, and

(c)to provide copies to specified persons.

9 Restrictions on powers of investigation etc _I17,I18

(1)Regulations under this Part may not—

(a)authorise entry to a private dwelling without a warrant issued by a justice, or

(b)require a person to provide information within subsections (2) to (7) to a decision-maker, an interface body or an enforcer.

(2)Information is within this subsection if requiring a person to provide the information would involve an infringement of the privileges of either House of Parliament.

(3)Information is within this subsection if it is information in respect of a communication which is made—

(a)between a professional legal adviser and the adviser’s client, and

(b)in connection with the giving of legal advice to the client with respect to obligations, liabilities or rights imposed or conferred by or under regulations made under this Part.

(4)Information is within this subsection if it is information in respect of a communication which is made—

(a)between a professional legal adviser and the adviser’s client or between such an adviser or client and another person,

(b)in connection with, or in contemplation of, proceedings under or arising out of regulations made under this Part (including proceedings arising out of the exercise of powers conferred by such regulations), and

(c)for the purposes of such proceedings.

(5)In subsections (3) and (4), references to the client of a professional legal adviser include references to a person acting on behalf of the client.

(6)Information is within this subsection if requiring a person to provide the information would, by revealing evidence of the commission of an offence, expose the person to proceedings for that offence.

(7)The reference to an offence in subsection (6) does not include an offence under—

(a)regulations made under this Part;

(b)section 5 of the Perjury Act 1911 (false statements made otherwise than on oath);

(c)section 44(2) of the Criminal Law (Consolidation) (Scotland) Act 1995 (false statements made otherwise than on oath);

(d)Article 10 of the Perjury (Northern Ireland) Order 1979 (S.I. 1979/1714 (N.I. 19)) (false statutory declarations and other false unsworn statements).

(8)An oral or written statement provided by a person in response to a request for information made by a decision-maker, an interface body or an enforcer in accordance with regulations under this Part may not be used in evidence against that person on a prosecution for an offence (other than an offence under regulations made under this Part) unless in the proceedings—

(a)in giving evidence the person provides information inconsistent with the statement, and

(b)evidence relating to the statement is adduced, or a question relating to it is asked, by that person or on that person’s behalf.

(9) In this section, “ justice ” means—

(a)in England and Wales, a justice of the peace,

(b)in Scotland, a sheriff or summary sheriff, and

(c)in Northern Ireland, a lay magistrate.

10 Financial penalties _I19,I20

(1)This section is about provision that regulations under this Part conferring power on an enforcer to impose a financial penalty may or must (among other things) contain.

(2)The regulations must provide for the amount of a financial penalty to be—

(a)a specified amount or an amount determined in accordance with the regulations, or

(b)an amount not exceeding such an amount,

unless section 16 confers power to provide otherwise.

(3)The regulations must include provision—

(a)requiring an enforcer to produce guidance about how the enforcer proposes to exercise any discretion to determine the amount of a financial penalty and to have regard to such guidance in exercising its discretion;

(b)requiring an enforcer to publish the guidance;

(c) requiring an enforcer, before imposing a financial penalty on a person, to give the person written notice (a “notice of intent”) of the proposed financial penalty;

(d)ensuring that the person is given an opportunity to make representations about the proposed financial penalty;

(e)requiring the enforcer, after the period for making representations, to decide whether to impose the financial penalty;

(f) requiring the enforcer, if they decide to impose the financial penalty, to give the person notice in writing (a “final notice”) imposing the penalty;

(g)enabling a person on whom a financial penalty is imposed to appeal to a court or tribunal in accordance with the regulations;

(h)as to the powers of the court or tribunal on such an appeal.

(4)The regulations may include provision—

(a)requiring or enabling an enforcer to provide copies of guidance described in subsection (3)(a) to specified persons;

(b)enabling a notice of intent or final notice to be withdrawn or amended;

(c)requiring an enforcer to withdraw a final notice in specified circumstances;

(d)for a financial penalty to be increased in the event of late payment by—

(i)a specified amount or an amount determined in accordance with the regulations, or

(ii)an amount not exceeding such an amount;

(e)as to how financial penalties are recoverable;

(f)about what must or may be done with amounts paid as penalties.

Fees etc and financial assistance

11 Fees _I21,I22

(1)The Secretary of State or the Treasury may by regulations—

(a)make provision enabling a person listed in subsection (2), or a person acting on their behalf, to require other persons to pay fees in connection with activities described in subsection (3), and

(b)make provision about what must or may be done with amounts paid as fees.

(2)Those persons are—

(a)data holders;

(b)decision-makers;

(c)interface bodies;

(d)enforcers;

(e)other persons on whom duties are imposed, or powers are conferred, by or under regulations made under this Part.

(3)Those activities are performing duties, or exercising powers, imposed or conferred on the person listed in subsection (2) by or under regulations made under this Part.

(4)Regulations under subsection (1)—

(a)may only provide for a fee to be payable by persons that appear to the Secretary of State or the Treasury to be capable of being directly affected by the performance of duties, or the exercise of powers, imposed or conferred by or under regulations made under this Part;

(b)may provide for the amount of a fee to be an amount which is intended to exceed the cost of the things in connection with which the fee is charged (and for the total amount of fees payable in connection with things to exceed the total cost).

(5)Regulations under subsection (1) must provide for the amount of a fee to be—

(a)a specified amount or an amount determined in accordance with the regulations, or

(b)an amount not exceeding such an amount,

unless section 15 confers power to provide otherwise.

(6)Regulations under subsection (1) may provide for the amount, or maximum amount, of a fee to increase at specified times and by—

(a)a specified amount or an amount determined in accordance with the regulations, or

(b)an amount not exceeding such an amount.

(7)Regulations under subsection (1) enabling a person to determine the amount of a fee must require the person to publish information about the amount and how it is determined.

(8)Regulations under subsection (1) may (among other things) make provision about—

(a)interest on any unpaid amounts;

(b)the recovery of unpaid amounts.

(9)The Secretary of State or the Treasury may by regulations make provision about whether a person listed in subsection (2), or a person acting on their behalf, who could require payment in connection with an activity described in subsection (3) otherwise than in reliance on regulations under subsection (1) may do so.

(10)Where duties or powers are imposed or conferred—

(a)on a person in their capacity as a third party recipient by or under regulations made under this Part, other than regulations made in reliance on section 4(4)(a), (b) or (c), or

(b)on a person in their capacity as a person described in section 4(4)(d) by or under regulations made under this Part,

nothing in this section, or in regulations under subsection (1) or (9), prevents the person, or a person acting on their behalf, from requiring payment in connection with the performance or exercise of those duties or powers, or restricts their ability to do so, where the person could do so otherwise than in reliance on regulations under subsection (1).

(11)Examples of requiring payment otherwise than in reliance on regulations under subsection (1) include doing so in reliance on other legislation or a contract or other arrangement (whenever entered into).

12 Levy _I23,I24

(1)The Secretary of State or the Treasury may by regulations—

(a)impose, or provide for a specified public authority to impose, a levy on data holders or third party recipients for the purpose of meeting expenses described in subsection (2), and

(b)make provision about what must or may be done with funds raised by means of the levy.

(2)Those expenses are expenses incurred, or to be incurred, during a period by a person listed in subsection (3), or a person acting on their behalf, in performing duties, or exercising powers, imposed or conferred on the person listed in subsection (3) by or under regulations made under this Part.

(3)Those persons are—

(a)decision-makers;

(b)interface bodies;

(c)enforcers;

(d)public authorities subject to requirements imposed by regulations made in reliance on section 4(4).

(4)Regulations under subsection (1) may only provide for a levy in respect of expenses of a person to be imposed on data holders or third party recipients that appear to the Secretary of State or the Treasury to be capable of being directly affected by the exercise of some or all of the functions conferred on the person by or under regulations made under this Part.

(5)Regulations under subsection (1) providing for a specified public authority to impose a levy must—

(a)make provision about how the rate of the levy is to be determined;

(b)make provision about how the period in respect of which the levy is payable is to be determined;

(c)require the public authority to publish information about the rate, the period and how they are determined.

(6)Regulations under subsection (1) may (among other things) make provision about—

(a)interest on any unpaid amounts payable by way of a levy;

(b)the recovery of such unpaid amounts.

13 Financial assistance _I25,I26

(1)The Secretary of State or the Treasury may give financial assistance to a person for the purpose of—

(a)meeting expenses incurred, or to be incurred, by the person in performing duties, or exercising powers, imposed or conferred by or under regulations made under this Part, or

(b)exercising other functions in connection with such regulations.

(2)But subsection (1) does not enable financial assistance to be provided to a person listed in subsection (3) or to a person acting on their behalf.

(3)Those persons are—

(a)data holders,

(b)customers, or

(c)third party recipients, other than a third party recipient that is a public authority subject to requirements imposed by regulations made in reliance on section 4(4).

(4)The financial assistance may be given on such terms and conditions as the Secretary of State or the Treasury considers appropriate.

(5) In this section, “ financial assistance ” means any kind of financial assistance whether actual or contingent, including a grant, loan, guarantee or indemnity, but does not include buying a company’s share capital.

Financial services sector

14 The FCA and financial services interfaces _I27,I28

(1) The Treasury may by regulations make provision enabling or requiring the Financial Conduct Authority (referred to in this Part as “ the FCA ”) to make rules—

(a)requiring financial services providers described in the regulations to use a prescribed interface, comply with prescribed interface standards or participate in prescribed interface arrangements, when providing or receiving customer data or business data which is required to be provided by or to the financial services provider by data regulations;

(b)requiring persons described in the regulations to use a prescribed interface, comply with prescribed interface standards or participate in prescribed interface arrangements, when the person, in the course of a business, receives, from a financial services provider, customer data or business data which is required to be provided to the person by data regulations;

(c)requiring section 2(4) actors described in the regulations to use a prescribed interface, comply with prescribed interface standards or participate in prescribed interface arrangements when taking, facilitating or doing other things in connection with relevant financial services action;

(d)imposing interface-related requirements on a description of person falling within subsection (3).

(2) Such rules are referred to in this Part as “ FCA interface rules ”.

(3)The following persons fall within this subsection—

(a)an interface body linked to the financial services sector;

(b)a person required by regulations made in reliance on section 7 to set up an interface body linked to the financial services sector;

(c)a person who uses an interface, complies with interface standards or participates in interface arrangements linked to the financial services sector or who is required to do so by data regulations or rules made by virtue of regulations under subsection (1)(a), (b) or (c).

(4)For the purposes of this section, requirements are interface-related if they relate to—

(a)the composition, governance or activities of an interface body linked to the financial services sector,

(b)an interface, interface standards or interface arrangements linked to the financial services sector, or

(c)the use of such an interface, compliance with such interface standards or participation in such interface arrangements.

(5)For the purposes of this section—

(a)an interface body is linked to the financial services sector to the extent that its interface, interface standards or interface arrangements are linked to the financial services sector;

(b)interfaces, interface standards and interface arrangements are linked to the financial services sector to the extent that they are used, or intended to be used, by financial services providers (whether or not they are used, or intended to be used, by other persons).

(6) The Treasury may by regulations make provision enabling or requiring the FCA to impose requirements on a person to whom FCA interface rules apply (referred to in this Part as “ FCA additional requirements ”) where the FCA considers it appropriate to impose the requirement—

(a)

in response to a failure, or likely failure, by the person to comply with an FCA interface rule or FCA additional requirement, or

(b)in order to advance a purpose which the FCA is required to advance when exercising functions conferred by regulations under this section (see section 15(3)(a)).

(7)Regulations under subsection (6) may, for example, provide for the FCA to impose requirements by giving a notice or direction.

(8)The restrictions in section 9 apply in connection with FCA interface rules and FCA additional requirements as they apply in connection with regulations under this Part.

(9)In section 9 as so applied—

(a)the references in subsections (1)(b) and (8) to an enforcer include the FCA, and

(b)the references in subsections (3) and (4) to regulations made under this Part include FCA interface rules and FCA additional requirements.

(10)In this section—

• “ financial services provider ” means a person providing financial services;

• “ prescribed ” means prescribed in FCA interface rules;

• “ relevant financial services action ” means action described in section 2 (4) taken in relation to services or digital content provided or supplied by a financial services provider;

• “ section 2(4) actor ” means—

  (a)

  a person who, in reliance on regulations under subsection (4) of section 2, takes action described in that subsection;

  (b)

  a data holder or other person who facilitates or does other things in connection with such action.

15 The FCA and financial services interfaces: supplementary _I29,I30

(1)This section is about provision that regulations under section 14 may or must (among other things) contain.

(2)The regulations—

(a)may require or enable the FCA to impose interface-related requirements that could be imposed by regulations made in reliance on section 7(4) or (5), but

(b)may not require or enable the FCA to require a person to set up an interface body.

(3)The regulations must—

(a)require the FCA, so far as is reasonably possible, to exercise functions conferred by the regulations in a manner which is compatible with, or which advances, one or more specified purposes;

(b)specify one or more matters to which the FCA must have regard when exercising functions conferred by the regulations;

(c)if they require or enable the FCA to make rules, make provision about the procedure for making rules, including provision requiring such consultation with persons likely to be affected by the rules or representatives of such persons as the FCA considers appropriate.

(4)The regulations may—

(a)require the FCA to carry out an analysis of the costs and benefits that will arise if proposed rules are made or proposed changes are made to rules and make provision about what the analysis must include;

(b)require the FCA to publish rules or changes to rules and to provide copies to specified persons;

(c)make provision about the effect of rules, including provision about circumstances in which rules are void and circumstances in which a person is not to be taken to have contravened a rule;

(d)make provision enabling or requiring the FCA to modify or waive rules as they apply to a particular case;

(e)make provision about the procedure for imposing FCA additional requirements;

(f)make provision enabling or requiring the FCA to produce guidance about how it proposes to exercise its functions under the regulations, to publish the guidance and to provide copies to specified persons.

(5)The regulations may require or enable the FCA to impose the following types of requirement on a person as FCA additional requirements—

(a)a requirement to review the person’s conduct;

(b)a requirement to take remedial action;

(c)a requirement to make redress for loss or damage suffered by others as a result of the person’s conduct.

(6)The regulations may require or enable FCA interface rules to require a person listed in subsection (7) to pay fees to an interface body or another person listed in that subsection, or to a person acting on behalf of such a body or person, in connection with activities described in subsection (8).

(7)Those persons are—

(a)persons falling within section 14(3)(b) or (c);

(b)financial services providers.

(8)Those activities are performing or exercising—

(a)duties or powers imposed or conferred on the interface body or person listed in subsection (7) by FCA interface rules, and

(b)other duties or powers imposed or conferred on that body or person by or under regulations made under this Part.

(9)Regulations made in reliance on subsection (6)—

(a)may enable rules to provide for the amount of a fee to be an amount which is intended to exceed the cost of the things in connection with which the fee is charged (and for the total amount of fees payable in connection with things to exceed the total cost);

(b)may require or enable rules to make provision about the amount, or maximum amount, of a fee, including provision about how a fee is to be determined;

(c)may require or enable rules to make provision about the amount, or maximum amount, by which the amount, or maximum amount, of a fee must or may increase and the times at which it must or may increase;

(d)must require rules, where relevant, to require a person who determines an amount referred to in paragraph (b) or (c) to publish information about the amount and how it is determined;

(e)may require or enable rules to make provision about what must or may be done with amounts paid as fees;

(f)may require or enable rules to make provision about—

(i)interest on any unpaid amounts;

(ii)the recovery of unpaid amounts.

(10)Regulations under section 14 may enable FCA interface rules to make provision about whether an interface body or a person listed in subsection (7), or a person acting on behalf of such a body or person, who could require payment in connection with an activity described in subsection (8) otherwise than in reliance on FCA interface rules may do so.

(11)Examples of requiring payment otherwise than in reliance on FCA interface rules include doing so in reliance on other legislation or a contract or other arrangement (whenever entered into).

(12)Regulations under section 14 may provide that powers to make FCA interface rules include powers to do things described in section 21(1)(a) to (h) (supplementary powers) (ignoring the restriction in relation to fees in section 21(3)).

(13) In this section, “financial services provider” and “ interface-related ” have the meaning given in section 14 .

(14)The reference in subsection (5)(c) to making redress includes—

(a)paying interest, and

(b)providing redress in the form of a remedy or relief which could not be awarded in legal proceedings.

16 The FCA and financial services interfaces: penalties and levies _I31,I32

(1)Subsections (2) and (3) are about the provision that regulations made by the Treasury under this Part providing for the FCA to enforce requirements under FCA interface rules may (among other things) contain in relation to financial penalties.

(2)The regulations may require or enable the FCA—

(a)to set the amount or maximum amount of, or of an increase in, a penalty imposed in respect of failure to comply with a requirement imposed by the FCA in exercise of a power conferred by regulations under section 14 (whether imposed by means of FCA interface rules or an FCA additional requirement), or

(b)to set the method for determining such an amount.

(3)Regulations made in reliance on subsection (2)—

(a)must require the FCA to produce and publish a statement of its policy with respect to the amount of the penalties;

(b)may require the policy to include specified matters;

(c)may make provision about the procedure for producing the statement;

(d)may require copies of the statement to be provided to specified persons;

(e)may require the FCA to have regard to a statement published in accordance with the regulations.

(4)The Treasury may by regulations—

(a)impose, or provide for the FCA to impose, a levy on data holders or third party recipients for the purpose of meeting expenses incurred, or to be incurred, during a period by the FCA, or by a person acting on the FCA’s behalf, in performing duties, or exercising powers, imposed or conferred on the FCA by regulations under section 14, and

(b)make provision about what must or may be done with funds raised by means of the levy.

(5)Regulations under subsection (4) may only provide for a levy in respect of expenses of the FCA to be imposed on persons that appear to the Treasury to be capable of being directly affected by the exercise of some or all of the functions conferred on the FCA by regulations under section 14.

(6)Regulations under subsection (4) providing for the FCA to impose a levy must—

(a)make provision about how the rate of the levy is to be determined;

(b)make provision about how the period in respect of which the levy is payable is to be determined;

(c)require the FCA to publish information about the rate, the period and how they are determined.

(7)Regulations under subsection (4) may (among other things) make provision about—

(a)interest on any unpaid amounts payable by way of a levy;

(b)the recovery of such unpaid amounts.

17 The FCA and co-ordination with other regulators _I33,I34

The Treasury may by regulations amend section 98 of the Financial Services (Banking Reform) Act 2013 (payment systems: duty of the FCA and other regulators to ensure co-ordinated exercise of relevant functions) by—

(a) amending the definition of “relevant functions” so as to add or remove a function conferred on the FCA by regulations under this Part, and

(b) amending the definition of “objectives” so as to add or remove an objective of the FCA relevant to such a function.

Supplementary

18 Liability in damages _I35,I36

(1)The Secretary of State or the Treasury may by regulations provide that a person listed in subsection (2) is not liable in damages for anything done or omitted to be done in the exercise of functions conferred by or under regulations made under this Part.

(2)Those persons are—

(a)a public authority;

(b)a member, officer or member of staff of a public authority;

(c)a person who could be held vicariously liable for things done or omitted to be done by a public authority.

(3)Regulations under this section may not—

(a)make provision removing liability for an act or omission which is shown to have been in bad faith, or

(b)make provision so as to prevent an award of damages made in respect of an act or omission on the ground that the act or omission was unlawful as a result of section 6(1) of the Human Rights Act 1998.

19 Duty to review regulations _I37,I38

(1) The relevant person must, by regulations, provide for the review of provision made by the relevant person in exercise of powers to make regulations under other sections in this Part (“Part 1 provision”) (but see the exceptions in subsection (8) ).

(2) In this section, “ the relevant person ” means—

(a)in relation to Part 1 provision made by the Secretary of State, the Secretary of State, and

(b)in relation to Part 1 provision made by the Treasury, the Treasury.

(3)Regulations under subsection (1) must require the relevant person—

(a)to review the Part 1 provision,

(b)to prepare and publish a report setting out the findings of each review, and

(c)to lay a copy of the report before Parliament.

(4)The regulations must require the relevant person—

(a)to publish the report setting out the findings of the first review of the Part 1 provision before the end of the period of 5 years beginning with the day on which the provision comes into force, and

(b)to publish reports setting out the findings of subsequent reviews at intervals of not more than 5 years.

(5)The regulations must require that, in carrying out a review, the relevant person must consider whether the Part 1 provision remains appropriate, having regard to (among other things)—

(a)the objectives it is intended to achieve, and

(b)to the extent that it is part of data regulations, the matters to which the relevant person was required to have regard in deciding whether to make the provision (see sections 2(5) and 4(5)).

(6)The regulations must provide that the relevant person may omit material from a report before publication if the relevant person thinks that the publication of that material might harm the commercial interests of any person.

(7)The regulations may (whether made by the Secretary of State or the Treasury) provide for the Secretary of State and the Treasury to carry out a joint review, and to produce a joint report, in respect of Part 1 provision made by the Secretary of State and Part 1 provision made by the Treasury.

(8)Subsection (1) does not apply in relation to—

(a)Part 1 provision that is required to be reviewed by the relevant person by virtue of existing regulations under this section, or

(b)Part 1 provision that makes, amends or revokes provision described in paragraph (a),

nor does it require the relevant person to provide for the review of Part 1 provision that has been revoked.

(9)Section 28 of the Small Business, Enterprise and Employment Act 2015 (duty to review regulatory provisions in secondary legislation) does not apply in relation to a power to make regulations under this Part.

20 Restrictions on processing and data protection _I39,I40

(1)Except as provided by subsection (2), regulations under this Part may provide for the processing of information in accordance with the regulations not to be in breach of—

(a)any obligation of confidence owed by the person processing the information, or

(b)any other restriction on the processing of information (however imposed).

(2)Regulations under this Part are not to be read as authorising or requiring processing of personal data that would contravene the data protection legislation (but in determining whether particular processing of data would do so, take into account the power conferred or duty imposed by the provision of the regulations in question).

(3)In this section—

• “ the data protection legislation ” has the same meaning as in the Data Protection Act 2018 (see section 3(9) of that Act );

• “ personal data ” has the same meaning as in that Act (see section 3(2) of that Act ).

21 Regulations under this Part: supplementary _I41,I42

(1)Regulations under this Part may (among other things)—

(a)make provision generally or in relation to particular cases;

(b)make different provision for different purposes or areas;

(c)make provision about the form and manner in which things must or may be done;

(d)make provision about the content of requests, notices or other documents;

(e)make provision about the time by which, or period within which, things must or may be done;

(f)make provision by reference to standards, arrangements, specifications or technical requirements as published from time to time;

(g)confer functions on a person, including functions involving the exercise of a discretion, and make provision in connection with the procedure for exercising the functions;

(h)make consequential, supplementary, incidental, transitional, transitory or saving provision.

(2)Regulations under this Part may not require or enable a person to set the maximum amount of a fine for an offence, except that such regulations may make provision about the maximum amount referring to the standard scale, the statutory maximum or a similar amount.

(3)Regulations under this Part may not require or enable a person to set the amount or maximum amount of, or of an increase in, a penalty or fee or to set the method for determining such an amount, except as provided by subsection (4) and sections 11(9), 15 and 16.

(4)Regulations under this Part—

(a)may make provision about the amount or method described in subsection (3) referring to a published index, and

(b)may require or enable a person to make decisions, in accordance with a maximum amount or method set out in the regulations, about the amount of, or of an increase or reduction in, a penalty or fee payable in a particular case.

(5)Regulations under this Part making the following types of provision may amend, repeal or revoke primary legislation—

(a)provision about the handling of complaints;

(b)provision about the resolution of disputes;

(c)provision about appeals;

(d)provision described in subsection (1)(h).

22 Regulations under this Part: Parliamentary procedure and consultation _I43,I44

(1)The following regulations under this Part are subject to the affirmative resolution procedure—

(a)the first regulations under each of section 2(1), (3) and (4) making provision about a particular description of customer data,

(b)the first regulations under each of section 4(1), (3) and (4) making provision about a particular description of business data,

(c)regulations under section 2 or 4 which make the requirements of regulations under this Part more onerous for data holders or interface bodies,

(d)regulations under section 6(5), 7, 8, 11, 12, 14, 16, 17 or 18, and

(e)regulations described in section 21(5) which amend, repeal or revoke primary legislation.

(2)Other regulations under this Part are subject to the negative resolution procedure.

(3)Before making regulations described in subsection (1), the Secretary of State or the Treasury (as the case may be) must consult such of the following as the Secretary of State or the Treasury considers appropriate—

(a)persons likely to be affected by the regulations or representatives of such persons;

(b)sectoral regulators with functions in relation to data holders likely to be affected by the regulations.

(4)The requirement in subsection (3) may be satisfied by consultation undertaken before the day on which this Act is passed.

23 Related subordinate legislation _I45,I46

(1) This section is about cases in which subordinate legislation, other than regulations under this Part, contains provision described in section 2 (1) to (4) or 4 (1) to (4) (and such provision is referred to in this section as “ related subordinate legislation ”).

(2)The regulation-making powers under this Part may be exercised so as to make, in connection with the related subordinate legislation, any provision that they could be exercised to make as part of, or in connection with, provision made under section 2(1) to (4) or, as appropriate, section 4(1) to (4).

(3) In this Part, references to “data regulations” include regulations made in reliance on subsection (2) to the extent that they make provision described in sections 2 to 7 .

(4)For the purposes of determining whether subordinate legislation contains provision described in sections 2(1) to (4) or 4(1) to (4), references in those sections to something specified are to be read as including something specified by or under any subordinate legislation.

(5) In this section, “ subordinate legislation ” has the same meaning as in the Interpretation Act 1978 (see section 21 of that Act ).

24 Repeal of provisions relating to supply of customer data _I47,I48

Omit sections 89 to 91 of the Enterprise and Regulatory Reform Act 2013 (supply of customer data).

25 Other defined terms _I49,I50

(1)In this Part—

• “ application programming interface ” means a facility for allowing software to make use of facilities contained in other software;

• “ dashboard service ” means an electronic communications service by means of which information may be requested by and provided to a person;

• “ digital content ” means data which is produced and supplied in digital form;

• “ electronic communications service ” has the meaning given by section 32 of the Communications Act 2003 ;

• “ goods ” includes water, gas and electricity (however supplied);

• “ micro business ” has the meaning given by section 33 of the Small Business, Enterprise and Employment Act 2015 , read with any regulations under that section;

• “ primary legislation ” means—

  (a)

  an Act of Parliament;

  (b)

  an Act of the Scottish Parliament;

  (c)

  a Measure or Act of Senedd Cymru;

  (d)

  Northern Ireland legislation;

• “ processing ” has the same meaning as in the Data Protection Act 2018 (see section 3(4) of that Act ) and related terms are to be interpreted accordingly;

• “ public authority ” means a person whose functions—

  (a)

  are of a public nature, or

  (b)

  include functions of that nature;

• “ small business ” has the meaning given by section 33 of the Small Business, Enterprise and Employment Act 2015 , read with any regulations under that section;

• “ specified ” means specified, or of a description specified, by regulations under this Part, or in exercise of a power conferred by such regulations, except to the extent otherwise provided in this Part;

• “ third party recipient ” means—

  (a)

  in section 3, a third party in relation to customer data (see section 2(2)),

  (b)

  in sections 4 and 5, a third party recipient in relation to business data (see section 4(2)), and

  (c)

  in other sections, a third party recipient in relation to customer data or business data (see sections 2(2) and 4(2)).

(2) In this Part, references to doing something “in the course of a business” include doing something in the course of—

(a)a trade, craft or profession, or

(b)any other undertaking carried on for gain or reward.

(3)In this Part—

(a)

references to making arrangements include producing model arrangements,

(b)

references to managing a facility (or an interface that is a facility) include operating, or overseeing the operation, of a facility,

(c)references to managing a service (or an interface that is a service) include providing, or overseeing the provision of, a service, and

(d)references to managing standards or arrangements include assisting people to use them or overseeing how they are used.

(4)In this Part, references to regulations made under subsection (3) of section 4 or any of sections 5 to 21 (and references which include such regulations) include regulations made under section 4(4)(c) or (d) which make provision that could be made under the other subsection or section.

26 Index of defined terms for this Part _I51,I52

The Table below lists provisions that define or otherwise explain terms defined for the purposes of this Part.

Part 2 Digital verification services

DVS register

39 Fees for applications for registration, supplementary notes, etc _I65

(1)The Secretary of State may by regulations make provision for or in connection with—

(a)the payment of fees for applications under sections 33, 35, 36 and 37, and

(b)the payment of fees in connection with continued registration in the DVS register.

(2)The regulations may not provide for payment of fees to anyone other than the Secretary of State.

(3)The regulations must—

(a)specify the amount, or the maximum amount of a fee, or

(b)provide for a fee, or the maximum amount of a fee, to be determined in accordance with regulations.

(4)The regulations may provide for the amount of a fee to exceed the administrative costs of determining the application or the administrative costs associated with the continued registration (as the case may be).

(5)Regulations under subsection (1) may (among other things) make provision about the following—

(a)when fees are to be paid;

(b)the manner in which fees are to be paid;

(c)the payment of discounted fees;

(d)exceptions to requirements to pay fees;

(e)the refund of fees (in whole or in part);

(f)interest on any unpaid amounts,

including provision conferring functions on the Secretary of State in relation to the matters in paragraphs (a) to (e).

(6)A fee payable under regulations made under subsection (1)(b), and any interest payable in respect of it, is recoverable summarily (or, in Scotland, recoverable) as a civil debt.

(7)The regulations may—

(a)make different provision for different purposes;

(b)make transitional, transitory or saving provision.

(8)Regulations under this section are subject to the negative resolution procedure.

Supplementary

52 Arrangements for third party to exercise functions _I78

(1)The Secretary of State may make arrangements for a person prescribed by regulations under this section to exercise a relevant function of the Secretary of State (and, where arrangements are made, references in this Part, or in regulations made under this Part, to the Secretary of State are to be read accordingly).

(2)Arrangements under this section may—

(a)provide for the Secretary of State to make payments to the person, and

(b)make provision as to the circumstances in which any such payments are to be repaid to the Secretary of State.

(3)Regulations under this section are subject to the affirmative resolution procedure.

(4) In this section, “ relevant function ” means a function of the Secretary of State conferred by or under this Part (including the function of charging or recovering fees under regulations under section 39 ) other than a power to make regulations.

(5)If a person exercises the function of charging or recovering fees by virtue of arrangements under this section, the person must pay the fees to the Secretary of State, except to the extent that the Secretary of State directs otherwise.

55 Powers relating to verification of identity or status _I81

(1)In section 15 of the Immigration, Asylum and Nationality Act 2006 (penalty for employing a person subject to immigration control), after subsection (7) insert—

“(8)An order under subsection (3) containing provision described in subsection (7)(a), (b) or (c) may, in particular—

(a)specify a document generated by a DVS-registered person or a DVS-registered person of a specified description;

(b)specify a document which was provided to such a person in order to generate such a document;

(c)specify steps involving the use of services provided by such a person.

(9)In subsection (8), “DVS-registered person” means a person who is registered in the DVS register maintained under Part 2 of the Data (Use and Access) Act 2025 (“the DVS register”).

(10)An order under subsection (3) which specifies a description of DVS-registered person may do so by, for example, describing a DVS-registered person whose entry in the DVS register includes a note relating to specified services (see section 36 of the Data (Use and Access) Act 2025).”

(2)In section 34 of the Immigration Act 2014 (requirements which may be prescribed for the purposes of provisions about occupying premises under a residential tenancy agreement)—

(a)in subsection (1)—

(i) in paragraph (a), after “occupiers” insert “, a DVS-registered person or a DVS-registered person of a prescribed description” ,

(ii) in paragraph (b), after “occupiers” insert “, a DVS-registered person or a DVS-registered person of a prescribed description” , and

(iii)in paragraph (c), at the end insert “, including steps involving the use of services provided by a DVS-registered person or a DVS-registered person of a prescribed description”, and

(b)after that subsection insert—

“(1A)An order prescribing requirements for the purposes of this Chapter which contains provision described in subsection (1)(a) or (b) may, in particular—

(a)prescribe a document generated by a DVS-registered person or a DVS-registered person of a prescribed description;

(b)prescribe a document which was provided to such a person in order to generate such a document.

(1B)In subsections (1) and (1A), “DVS-registered person” means a person who is registered in the DVS register maintained under Part 2 of the Data (Use and Access) Act 2025 (“the DVS register”).

(1C)An order prescribing requirements for the purposes of this Chapter which prescribes a description of DVS-registered person may do so by, for example, describing a DVS-registered person whose entry in the DVS register includes a note relating to prescribed services (see section 36 of the Data (Use and Access) Act 2025).”

(3)In Schedule 6 to the Immigration Act 2016 (illegal working compliance orders etc), after paragraph 5 insert—

Prescribed checks and documents

5A(1)Regulations under paragraph 5(6)(b) or (c) may, in particular—

(a)prescribe checks carried out using services provided by a DVS-registered person or a DVS-registered person of a prescribed description;

(b)prescribe documents generated by such a person;

(c)prescribe documents which were provided to such a person in order to generate such documents.

(2)In sub-paragraph (1), “DVS-registered person” means a person who is registered in the DVS register maintained under Part 2 of the Data (Use and Access) Act 2025 (“the DVS register”).

(3)Regulations under paragraph 5(6)(b) or (c) which prescribe a description of DVS-registered person may do so by, for example, describing a DVS-registered person whose entry in the DVS register includes a note relating to prescribed services (see section 36 of the Data (Use and Access) Act 2025).”

Part 3 National Underground Asset Register

56 National Underground Asset Register: England and Wales

(1)After section 106 of the New Roads and Street Works Act 1991 insert—

“Part 3A National Underground Asset Register: England and Wales

The register

106A National Underground Asset Register

(1)The Secretary of State must keep a register of information relating to apparatus in streets in England and Wales.

(2)The register is to be known as the National Underground Asset Register (and is referred to in this Act as “NUAR”).

(3)NUAR must be kept in such form and manner as may be prescribed.

(4)The Secretary of State must make arrangements so as to enable any person who is required, by a provision of this Act, to enter information into NUAR to have access to NUAR for that purpose.

(5)Regulations under subsection (3) are subject to the negative procedure.

(6)The obligations of the Secretary of State under subsection (1) and under Article 45A(1) of the Street Works (Northern Ireland) Order 1995 (S.I. 1995/3210 (N.I. 19)) (keeping of register of information relating to apparatus in streets in Northern Ireland) may be discharged by the keeping of a single register in relation to England, Wales and Northern Ireland.

106B Initial upload of information into NUAR

(1)Before the end of the initial upload period an undertaker having apparatus in a street must enter into NUAR—

(a)all information that is included in the undertaker’s records under section 79(1) on the archive upload date, and

(b)any other information of a prescribed description that is held by the undertaker on that date.

(2)The duty under subsection (1) does not apply in such cases as may be prescribed.

(3)Information must be entered into NUAR under subsection (1) in such form and manner as may be prescribed.

(4)An undertaker who fails to comply with a duty placed on the undertaker under this section—

(a)commits an offence, and

(b)is liable to compensate any person in respect of damage or loss incurred by the person in consequence of the failure.

(5)A person who commits an offence under subsection (4)(a) is liable on summary conviction to a fine.

(6)In criminal or civil proceedings against an undertaker arising out of a failure to comply with a duty under this section, it is a defence for the undertaker to show that all reasonable care was taken to secure that no such failure occurred by—

(a)the undertaker and the undertaker’s employees, and

(b)any contractor of the undertaker and the contractor’s employees.

(7)Section 95 applies in relation to an offence under this section as it applies in relation to an offence under Part 3.

(8)For the purposes of subsection (1) the Secretary of State must by regulations—

(a)specify a date as “the archive upload date”, and

(b)specify a period beginning with that date as the “initial upload period”.

(9)Regulations under this section are subject to the negative procedure.

106C Access to information kept in NUAR

(1)The Secretary of State may by regulations make provision for or in connection with making information kept in NUAR available.

(2)The regulations may (among other things)—

(a)make provision about which information, or descriptions of information, may be made available;

(b)make provision about the descriptions of person to whom information may be made available;

(c)make provision for information to be made available subject to exceptions;

(d)make provision requiring or authorising the Secretary of State to adapt, modify or obscure information before making it available;

(e)make provision authorising all information kept in NUAR to be made available to prescribed descriptions of person under prescribed conditions;

(f)make provision about the purposes for which information may be made available;

(g)make provision about the form and manner in which information may be made available;

(h)make provision for or in connection with the granting of licences by the Secretary of State in relation to any non-Crown IP rights that may exist in relation to information made available (including provision about the form of a licence and the terms and conditions of a licence);

(i)make provision for information to be made available for free or for a fee;

(j)make provision about the amounts of the fees, including provision for the amount of a fee to be an amount which is intended to exceed the cost of the things in respect of which the fee is charged;

(k)make provision about how funds raised by means of fees must or may be used, including provision for funds to be paid to persons who are required, by a provision of this Act, to enter information into NUAR.

(3)Except as otherwise prescribed and subject to section 106I, processing of information by the Secretary of State in exercise of functions conferred by or under section 106A or this section does not breach—

(a)an obligation of confidence owed by the Secretary of State, or

(b)any other restriction on the processing of information (however imposed).

(4)Regulations under this section are subject to the affirmative procedure.

(5)In this section—

• “database right” has the same meaning as in Part 3 of the Copyright and Rights in Databases Regulations 1997 (S.I. 1997/3032);

• “non-Crown IP right” means any copyright, database right or other intellectual property right which is not owned by the Crown.

106D Guidance

(1)The Secretary of State must produce guidance for persons described in subsection (2) about how to protect information kept in, or obtained from, NUAR.

(2)The persons are persons who, pursuant to regulations made under section 106C, are able to access information kept in NUAR.

(3)The Secretary of State may revise or replace the guidance.

(4)The Secretary of State must publish the guidance (and any revised or replacement guidance) in such manner as the Secretary of State considers appropriate for bringing it to the attention of persons described in subsection (2).

(5)The same guidance may discharge the obligations of the Secretary of State under this section and under Article 45D of the Street Works (Northern Ireland) Order 1995 (S.I. 1995/3210 (N.I. 19)).

Requirements for undertakers to pay fees and provide information

106E Fees payable by undertakers in relation to NUAR

(1)The Secretary of State may by regulations make provision requiring undertakers having apparatus in a street to pay fees to the Secretary of State for or in connection with the exercise by the Secretary of State of any function conferred by or under this Part.

(2)The regulations may—

(a)specify the amounts of the fees, or the maximum amounts of the fees, or

(b)provide for the amounts of the fees, or the maximum amounts of the fees, to be determined in accordance with the regulations.

(3)In making the regulations the Secretary of State must seek to secure that, so far as possible and taking one year with another, combined NUAR income matches combined NUAR expenses.

(4)Except where the regulations specify the amounts of the fees—

(a)the amounts of the fees must be specified by the Secretary of State in a statement, and

(b)the Secretary of State must—

(i)publish the statement, and

(ii)lay it before Parliament.

(5)Regulations under subsection (1) may make provision about—

(a)when a fee is to be paid;

(b)the manner in which a fee is to be paid;

(c)the payment of discounted fees;

(d)exceptions to requirements to pay fees;

(e)the refund of all or part of a fee which has been paid.

(6)Before making regulations under subsection (1), the Secretary of State must consult—

(a)such representatives of persons likely to be affected by the regulations as the Secretary of State considers appropriate, and

(b)such other persons as the Secretary of State considers appropriate.

(7)Subject to the following provisions of this section regulations under subsection (1) are subject to the affirmative procedure.

(8)Regulations under subsection (1) that only make provision of a kind mentioned in subsection (2) are subject to the negative procedure.

(9)But the first regulations under subsection (1) that make provision of a kind mentioned in subsection (2) are subject to the affirmative procedure.

(10)In this section—

• “combined NUAR expenses” means the sum of—

  (a)

  expenses incurred by the Secretary of State in, or in connection with, exercising functions conferred by or under this Part (including expenses not directly connected with the keeping of NUAR), and

  (b)

  expenses incurred by the Secretary of State in, or in connection with, exercising functions conferred by or under Articles 45A to 45I of, and Schedule 2ZA to, the Street Works (Northern Ireland) Order 1995 (S.I. 1995/3210 (N.I. 19)) (including expenses not directly connected with the keeping of the register kept under Article 45A(1) of that Order);

• “combined NUAR income” means the sum of—

  (a)

  income received by the Secretary of State from fees payable under regulations under subsection (1), and

  (b)

  income received by the Secretary of State from fees payable under regulations under Article 45E(1) of the Street Works (Northern Ireland) Order 1995 (S.I. 1995/3210 (N.I. 19)).

106F Providing information for purposes of regulations under section 106E

(1)The Secretary of State may by regulations make provision requiring undertakers having apparatus in a street to provide information to the Secretary of State for either or both of the following purposes—

(a)assisting the Secretary of State in determining the provision that it is appropriate for regulations under section 106E(1) or a statement under section 106E(4) to make;

(b)assisting the Secretary of State in determining whether it is appropriate to make changes to such provision.

(2)The Secretary of State may by regulations make provision requiring undertakers having apparatus in a street to provide information to the Secretary of State for either or both of the following purposes—

(a)ascertaining whether a fee is payable by a person under regulations under section 106E(1);

(b)working out the amount of a fee payable by a person.

(3)Regulations under subsection (1) or (2) may require an undertaker to notify the Secretary of State of any changes to information previously provided under the regulations.

(4)Regulations under subsection (1) or (2) may make provision about—

(a)when information is to be provided (which may be at prescribed intervals);

(b)the form and manner in which information is to be provided;

(c)exceptions to requirements to provide information.

(5)Regulations under subsection (1) or (2) are subject to the negative procedure.

Monetary penalties

106G Monetary penalties

Schedule 5A makes provision about the imposition of penalties in connection with requirements imposed by regulations under sections 106E(1) and 106F(1) and (2).

Exercise of functions by third party

106H Arrangements for third party to exercise functions

(1)The Secretary of State may make arrangements for a prescribed person to exercise a relevant function of the Secretary of State.

(2)More than one person may be prescribed.

(3)Arrangements under this section may—

(a)provide for the Secretary of State to make payments to the person, and

(b)make provision as to the circumstances in which such payments are to be repaid to the Secretary of State.

(4)In the case of the exercise of a function by a person authorised by arrangements under this section to exercise that function, a reference in this Part or in regulations under this Part to the Secretary of State in connection with that function is to be read as a reference to that person.

(5)Arrangements under this section do not prevent the Secretary of State from exercising a function to which the arrangements relate.

(6)Except as otherwise prescribed and subject to section 106I, the disclosure of information between the Secretary of State and a person in connection with the person’s entering into arrangements under this section or exercise of functions to which such arrangements relate does not breach—

(a)an obligation of confidence owed by the person making the disclosure, or

(b)any other restriction on the disclosure of information (however imposed).

(7)Regulations under this section are subject to the affirmative procedure.

(8)In this section “relevant function” means a function of the Secretary of State conferred by or under this Part (including the function of charging or recovering fees under regulations under section 106E) other than—

(a)a power to make regulations, or

(b)a function under section 106E(4) (specifying of fees etc).

(9)If a person exercises the function of charging or recovering fees by virtue of arrangements under this section, the person must pay the fees to the Secretary of State, except to the extent that the Secretary of State directs otherwise.

Data protection

106I Data protection

(1)A duty or power to process information that is imposed or conferred by or under this Part does not operate to require or authorise the processing of personal data that would contravene the data protection legislation (but in determining whether processing of personal data would do so, that duty or power is to be taken into account).

(2)In this section—

• “the data protection legislation” has the same meaning as in the Data Protection Act 2018 (see section 3(9) of that Act);

• “personal data” has the same meaning as in that Act (see section 3(2) of that Act).

Supplementary provisions

106J Regulations under this Part

(1)In this Part “prescribed” means prescribed by regulations made by the Secretary of State.

(2)Regulations under this Part may make—

(a)different provision for different purposes;

(b)supplementary and incidental provision.

(3)Regulations under this Part are to be made by statutory instrument.

(4)Before making regulations under this Part the Secretary of State must obtain the consent of the Welsh Ministers in relation to any provision which would be within the legislative competence of Senedd Cymru if contained in an Act of the Senedd (ignoring any requirement for the consent of a Minister of the Crown imposed under Schedule 7B to the Government of Wales Act 2006).

(5)Where regulations under this Part are subject to “the affirmative procedure” the regulations may not be made unless a draft of the statutory instrument containing them has been laid before and approved by a resolution of each House of Parliament.

(6)Where regulations under this Part are subject to “the negative procedure” the statutory instrument containing the regulations is subject to annulment in pursuance of a resolution of either House of Parliament.

(7)Any provision that may be made in regulations under this Part subject to the negative procedure may be made in regulations subject to the affirmative procedure.

106K Interpretation _I82

(1)In this Part the following terms have the same meaning as in Part 3—

• “apparatus” (see sections 89(3) and 105(1));

• “in” (in a context referring to apparatus in a street) (see section 105(1));

• “street” (see section 48(1) and (2));

• “undertaker” (in relation to apparatus or in a context referring to having apparatus in a street) (see sections 48(5) and 89(4)).

(2)In this Part “processing” has the same meaning as in the Data Protection Act 2018 (see section 3(4) of that Act) and “process” is to be read accordingly.”

(2)Section 166 of the New Roads and Street Works Act 1991, so far as relating to Part 3A of that Act (inserted by subsection (1)), extends to England and Wales.

(3)In section 167 of that Act (Crown application), after subsection (5) insert—

“(5A)The provisions of Part 3A of this Act (National Underground Asset Register: England and Wales) bind the Crown.

(5B)Nothing in subsection (5A) is to be construed as authorising the bringing of proceedings for a criminal offence against a person acting on behalf of the Crown.”

(4)Schedule 1 to this Act inserts Schedule 5A into the New Roads and Street Works Act 1991 (monetary penalties).

57 Information in relation to apparatus: England and Wales

(1)The New Roads and Street Works Act 1991 is amended in accordance with subsections (2) to (6).

(2) For the italic heading before section 79 (records of location of apparatus) substitute “Duties in relation to recording and sharing of information about apparatus” .

(3)In section 79—

(a) for the heading substitute “Information in relation to apparatus” ;

(b)in subsection (1), for paragraph (c) substitute—

“(c)being informed of its location under section 80(2)(a),”;

(c)after subsection (1A) (as inserted by section 46(2) of the Traffic Management Act 2004) insert—

“(1B)An undertaker must, except in such cases as may be prescribed, record in relation to every item of apparatus belonging to the undertaker such other information as may be prescribed as soon as reasonably practicable after—

(a)placing the item in the street or altering its position,

(b)inspecting, maintaining, adjusting, repairing, altering or renewing the item,

(c)locating the item in the street in the course of executing any other works, or

(d)receiving any such information in relation to the item under section 80(2)(a).”;

(d)omit subsection (3);

(e)in subsection (3A) (as inserted by section 46(4) of the Traffic Management Act 2004)—

(i) for “to (3)” substitute “and (2A)” ;

(ii) for “subsection (1)” substitute “this section” ;

(f)after subsection (3A) insert—

“(3B)Except in such cases as may be prescribed, where an undertaker records information as required by subsection (1) or (1B), or updates such information, the undertaker must, within a prescribed period, enter the recorded or updated information into NUAR.

(3C)Information must be entered into NUAR under subsection (3B) in such form and manner as may be prescribed.”;

(g) in subsection (4)(a), omit “not exceeding level 5 on the standard scale”;

(h)after subsection (6) insert—

“(7)In this section “prescribed” means—

(a)in subsections (1) to (2)—

(i)in relation to apparatus in streets in England, prescribed by regulations made by the Secretary of State;

(ii)in relation to apparatus in streets in Wales, prescribed by regulations made by the Secretary of State or the Welsh Ministers;

(b)otherwise, prescribed by regulations made by the Secretary of State.

(8)Before making regulations under this section the Secretary of State must obtain the consent of the Welsh Ministers in relation to any provision that relates to apparatus in streets in Wales.

(9)For the meaning of “NUAR”, see section 106A.”

(4)For section 80 (duty to inform undertakers of location of apparatus) substitute—

“80 Duties to report missing or incorrect information in relation to apparatus _I83

(1)Subsection (2) applies where a relevant person executing works of any description in a street finds an item of apparatus which does not belong to the person in relation to which prescribed information—

(a)is not entered in NUAR, or

(b)is entered in NUAR but is incorrect.

(2)Except in such cases as may be prescribed, the person must—

(a)take such steps as are reasonably practicable to inform the undertaker to whom the item belongs of the missing or incorrect information, and

(b)if (having taken such steps) the person is unable to inform the undertaker to whom the item belongs of the missing or incorrect information, enter into NUAR, in such form and manner as may be prescribed, prescribed information in relation to the item.

(3)A person who fails to comply with subsection (2) commits an offence.

(4)A person who commits an offence under subsection (3) is liable on summary conviction to a fine not exceeding level 4 on the standard scale.

(5)Before making regulations under this section the Secretary of State must obtain the consent of the Welsh Ministers in relation to any provision that relates to apparatus in streets in Wales.

(6)Before making regulations under this section the Secretary of State must consult—

(a)such representatives of persons likely to be affected by the regulations as the Secretary of State considers appropriate, and

(b)such other persons as the Secretary of State considers appropriate.

(7)For the purposes of this section a person executing works in a street is a “relevant person” if the person has, pursuant to regulations under section 106C(1), access to NUAR in relation to the street in question.

(8)For the meaning of “NUAR”, see section 106A.”

(5)Before section 81 (duty to maintain apparatus) insert—

“Other duties and liabilities of undertakers in relation to apparatus”.

(6)In section 104 (regulations)—

(a)in subsection (1)—

(i) after “Part” insert “, except in section 79,” ;

(ii) omit from “, which” to the end;

(b)after subsection (1) insert—

“(1A)Regulations under this Part may make—

(a)different provision for different cases;

(b)supplementary or incidental provision.”;

(c) in subsection (2), after “Regulations” insert “made by the Secretary of State” ;

(d)after subsection (2) insert—

“(2A)Regulations made by the Welsh Ministers under section 79 are to be made by statutory instrument and a statutory instrument containing such regulations is subject to annulment in pursuance of a resolution of Senedd Cymru.”

(7)In consequence of the provision made by subsection (4), omit section 47 of the Traffic Management Act 2004.

(8)In Schedule 7B to the Government of Wales Act 2006 (general restriction on competence of Senedd Cymru), in paragraph 11(6)(b) (exceptions to restrictions relating to Ministers of the Crown), before sub-paragraph (i) insert—

“(ai)section 79 of the New Roads and Street Works Act 1991;”.

58 National Underground Asset Register: Northern Ireland

(1)The Street Works (Northern Ireland) Order 1995 (S.I. 1995/3210 (N.I. 19)) is amended in accordance with subsections (2) to (4).

(2)In Article 2 (interpretation), in paragraph (2)—

(a) after the definition of “in” insert—

• ““NUAR provision” means any of Articles 45A to 45I and Schedule 2ZA;”;

(b) in the definition of “prescribed”—

(i) for “means” substitute “means—” ;

(ii) the words from “prescribed by” to the end become paragraph (a);

(iii) at the beginning of that paragraph insert “except in Articles 39 and 40 and a NUAR provision,” ;

(iv)after that paragraph insert—

(3)After Article 45

insert—

“National Underground Asset Register

45A National Underground Asset Register

(1)The Secretary of State must keep a register of information relating to apparatus in streets in Northern Ireland.

(2)The register is to be known as the National Underground Asset Register (and is referred to in this Order as “NUAR”).

(3)NUAR must be kept in such form and manner as may be prescribed.

(4)The Secretary of State must make arrangements so as to enable any person who is required, by a provision of this Order, to enter information into NUAR to have access to NUAR for that purpose.

(5)The obligations of the Secretary of State under paragraph (1) and under section 106A(1) of the New Roads and Street Works Act 1991 (keeping of register of information relating to apparatus in streets in England and Wales) may be discharged by the keeping of a single register in relation to England, Wales and Northern Ireland.

45B Initial upload of information into NUAR

(1)Before the end of the initial upload period an undertaker having apparatus in a street must enter into NUAR—

(a)all information that is included in the undertaker’s records under Article 39(1) on the archive upload date, and

(b)any other information of a prescribed description that is held by the undertaker on that date.

(2)The duty under paragraph (1) does not apply in such cases as may be prescribed.

(3)Information must be entered into NUAR under paragraph (1) in such form and manner as may be prescribed.

(4)An undertaker who fails to comply with a duty placed on the undertaker under this Article—

(a)commits an offence, and

(b)is liable to compensate any person in respect of damage or loss incurred by the person in consequence of the failure.

(5)A person who commits an offence under paragraph (4)(a) is liable on summary conviction to a fine not exceeding level 5 on the standard scale.

(6)In criminal or civil proceedings against an undertaker arising out of a failure to comply with a duty under this Article, it is a defence for the undertaker to show that all reasonable care was taken to secure that no such failure occurred by—

(a)the undertaker and the undertaker’s employees, and

(b)any contractor of the undertaker and the contractor’s employees.

(7)For the purposes of paragraph (1) the Secretary of State must by regulations—

(a)specify a date as “the archive upload date”, and

(b)specify a period beginning with that date as the “initial upload period”.

45C Access to information kept in NUAR

(1)The Secretary of State may by regulations make provision for or in connection with making information kept in NUAR available.

(2)The regulations may (among other things)—

(a)make provision about which information, or descriptions of information, may be made available;

(b)make provision about the descriptions of person to whom information may be made available;

(c)make provision for information to be made available subject to exceptions;

(d)make provision requiring or authorising the Secretary of State to adapt, modify or obscure information before making it available;

(e)make provision authorising all information kept in NUAR to be made available to prescribed descriptions of person under prescribed conditions;

(f)make provision about the purposes for which information may be made available;

(g)make provision about the form and manner in which information may be made available;

(h)make provision for or in connection with the granting of licences by the Secretary of State in relation to any non-Crown IP rights that may exist in relation to information made available (including provision about the form of a licence and the terms and conditions of a licence);

(i)make provision for information to be made available for free or for a fee;

(j)make provision about the amounts of the fees, including provision for the amount of a fee to be an amount which is intended to exceed the cost of the things in respect of which the fee is charged;

(k)make provision about how funds raised by means of fees must or may be used, including provision for funds to be paid to persons who are required, by a provision of this Order, to enter information into NUAR.

(3)Except as otherwise prescribed and subject to Article 45I, processing of information by the Secretary of State in exercise of functions conferred by or under Article 45A or this Article does not breach—

(a)an obligation of confidence owed by the Secretary of State, or

(b)any other restriction on the processing of information (however imposed).

(4)In this Article—

• “database right” has the same meaning as in Part 3 of the Copyright and Rights in Databases Regulations 1997 (S.I. 1997/3032);

• “non-Crown IP right” means any copyright, database right or other intellectual property right which is not owned by the Crown;

• “processing” has the same meaning as in the Data Protection Act 2018 (see section 3(4) of that Act).

45D Guidance

(1)The Secretary of State must produce guidance for persons described in paragraph (2) about how to protect information kept in, or obtained from, NUAR.

(2)The persons are persons who, pursuant to regulations made under Article 45C, are able to access information kept in NUAR.

(3)The Secretary of State may revise or replace the guidance.

(4)The Secretary of State must publish the guidance (and any revised or replacement guidance) in such manner as the Secretary of State considers appropriate for bringing it to the attention of persons described in paragraph (2).

(5)The same guidance may discharge the obligations of the Secretary of State under this Article and under section 106D of the New Roads and Street Works Act 1991.

45E Fees payable by undertakers in relation to NUAR

(1)The Secretary of State may by regulations make provision requiring undertakers having apparatus in a street to pay fees to the Secretary of State for or in connection with the exercise by the Secretary of State of any function conferred by or under a NUAR provision.

(2)The regulations may—

(a)specify the amounts of the fees, or the maximum amounts of the fees, or

(b)provide for the amounts of the fees, or the maximum amounts of the fees, to be determined in accordance with the regulations.

(3)In making the regulations the Secretary of State must seek to secure that, so far as possible and taking one year with another, combined NUAR income matches combined NUAR expenses.

(4)Except where the regulations specify the amounts of the fees—

(a)the amounts of the fees must be specified by the Secretary of State in a statement, and

(b)the Secretary of State must—

(i)publish the statement, and

(ii)lay it before Parliament.

(5)Regulations under paragraph (1) may make provision about—

(a)when a fee is to be paid;

(b)the manner in which a fee is to be paid;

(c)the payment of discounted fees;

(d)exceptions to requirements to pay fees;

(e)the refund of all or part of a fee which has been paid.

(6)Before making regulations under paragraph (1), the Secretary of State must consult—

(a)such representatives of persons likely to be affected by the regulations as the Secretary of State considers appropriate, and

(b)such other persons as the Secretary of State considers appropriate.

(7)In this Article—

• “combined NUAR expenses” means the sum of—

  (a)

  expenses incurred by the Secretary of State in, or in connection with, exercising functions conferred by or under a NUAR provision (including expenses not directly connected with the keeping of NUAR), and

  (b)

  expenses incurred by the Secretary of State in, or in connection with, exercising functions conferred by or under Part 3A of the New Roads and Street Works Act 1991 (including expenses not directly connected with the keeping of the register kept under section 106A(1) of that Act);

• “combined NUAR income” means the sum of—

  (a)

  income received by the Secretary of State from fees payable under regulations under paragraph (1), and

  (b)

  income received by the Secretary of State from fees payable under regulations under section 106E(1) of the New Roads and Street Works Act 1991.

45F Providing information for purposes of regulations under Article 45E

(1)The Secretary of State may by regulations make provision requiring undertakers having apparatus in a street to provide information to the Secretary of State for either or both of the following purposes—

(a)assisting the Secretary of State in determining the provision that it is appropriate for regulations under Article 45E(1) or a statement under Article 45E(4) to make;

(b)assisting the Secretary of State in determining whether it is appropriate to make changes to such provision.

(2)The Secretary of State may by regulations make provision requiring undertakers having apparatus in a street to provide information to the Secretary of State for either or both of the following purposes—

(a)ascertaining whether a fee is payable by a person under regulations under Article 45E(1);

(b)working out the amount of a fee payable by a person.

(3)Regulations under paragraph (1) or (2) may require an undertaker to notify the Secretary of State of any changes to information previously provided under the regulations.

(4)Regulations under paragraph (1) or (2) may make provision about—

(a)when information is to be provided (which may be at prescribed intervals);

(b)the form and manner in which information is to be provided;

(c)exceptions to requirements to provide information.

45G Monetary penalties

Schedule 2ZA makes provision about the imposition of penalties in connection with requirements imposed by regulations under Articles 45E(1) and 45F(1) and (2).

45H Arrangements for third party to exercise functions

(1)The Secretary of State may make arrangements for a prescribed person to exercise a relevant function of the Secretary of State.

(2)More than one person may be prescribed.

(3)Arrangements under this Article may—

(a)provide for the Secretary of State to make payments to the person, and

(b)make provision as to the circumstances in which such payments are to be repaid to the Secretary of State.

(4)In the case of the exercise of a function by a person authorised by arrangements under this Article to exercise that function, a reference in a NUAR provision or in regulations under a NUAR provision to the Secretary of State in connection with that function is to be read as a reference to that person.

(5)Arrangements under this Article do not prevent the Secretary of State from exercising a function to which the arrangements relate.

(6)Except as otherwise prescribed and subject to Article 45I, the disclosure of information between the Secretary of State and a person in connection with the person’s entering into arrangements under this Article or exercise of functions to which such arrangements relate does not breach—

(a)an obligation of confidence owed by the person making the disclosure, or

(b)any other restriction on the disclosure of information (however imposed).

(7)In this Article “relevant function” means a function of the Secretary of State conferred by or under a NUAR provision (including the function of charging or recovering fees under regulations under Article 45E) other than—

(a)a power to make regulations, or

(b)a function under Article 45E(4) (specifying of fees etc).

(8)If a person exercises the function of charging or recovering fees by virtue of arrangements under this Article, the person must pay the fees to the Secretary of State, except to the extent that the Secretary of State directs otherwise.

45I Data protection _I84

(1)A duty or power to process information that is imposed or conferred by or under a NUAR provision does not operate to require or authorise the processing of personal data that would contravene the data protection legislation (but in determining whether processing of personal data would do so, that duty or power is to be taken into account).

(2)In this Article—

• “the data protection legislation” has the same meaning as in the Data Protection Act 2018 (see section 3(9) of that Act);

• “personal data” has the same meaning as in that Act (see section 3(2) of that Act);

• “processing” has the same meaning as in that Act (see section 3(4) of that Act).”

(4)In Article 59 (regulations)—

(a)before paragraph (1) insert—

“(A1)Before making regulations under this Order the Secretary of State must obtain the consent of the Department for Infrastructure.

(A2)Regulations under Article 39 or 40 or under a NUAR provision may make supplementary or incidental provision.”;

(b) in paragraph (1), after “Order” insert “, other than regulations made by the Secretary of State,” ;

(c)before paragraph (2) insert—

“(1B)For the purposes of the Statutory Instruments Act 1946 a power of the Secretary of State to make regulations under this Order is exercisable by statutory instrument, and that Act applies in relation to a document by which such a power is exercised as if this Order were an Act of Parliament passed after the commencement of that Act.

(1C)Regulations made by the Secretary of State under Articles 39, 40, 45A, 45B and 45F are subject to the negative Westminster procedure.

(1D)Subject to paragraphs (1E) and (1F), regulations made by the Secretary of State under Articles 45C, 45E and 45H and paragraph 1 of Schedule 2ZA are subject to the affirmative Westminster procedure.

(1E)Regulations under Article 45E(1) that only make provision of a kind mentioned in Article 45E(2) are subject to the negative Westminster procedure.

(1F)But the first regulations under Article 45E(1) that make provision of a kind mentioned in Article 45E(2) are subject to the affirmative Westminster procedure.

(1G)Where regulations under this Order are subject to “the affirmative Westminster procedure” the regulations may not be made unless a draft of the statutory instrument containing them has been laid before and approved by a resolution of each House of Parliament.

(1H)Where regulations under this Order are subject to “the negative Westminster procedure” the statutory instrument containing the regulations is subject to annulment in pursuance of a resolution of either House of Parliament.

(1I)Any provision that may be made in regulations under this Order subject to the negative Westminster procedure may be made in regulations subject to the affirmative Westminster procedure.”

(5)Article 59(A2) of the Street Works (Northern Ireland) Order 1995 (S.I. 1995/3210 (N.I. 19)) (inserted by subsection (4)(a)) is revoked on the coming into operation of Article 59(1A) of that Order (as inserted by Article 28(3) of the Street Works (Amendment) (Northern Ireland) Order 2007 (S.I. 2007/287 (N.I. 1))).

(6)Schedule 2 to this Act inserts Schedule 2ZA into the Street Works (Northern Ireland) Order 1995 (S.I. 1995/3210 (N.I. 19)) (monetary penalties).

59 Information in relation to apparatus: Northern Ireland

(1)The Street Works (Northern Ireland) Order 1995 (S.I. 1995/3210 (N.I. 19)) is amended in accordance with subsections (2) to (5).

(2) For the italic heading before Article 39 (records of location of apparatus) substitute “Duties in relation to recording and sharing of information about apparatus” .

(3)In Article 39—

(a) for the heading substitute “Information in relation to apparatus” ;

(b)in paragraph (1), for sub-paragraph (c) substitute—

“(c)being informed of its location under Article 40(2)(a),”;

(c)after paragraph (1A) (as inserted by Article 22(2) of the Street Works (Amendment) (Northern Ireland) Order 2007 (S.I. 2007/287 (N.I. 1))) insert—

“(1B)An undertaker must, except in such cases as may be prescribed, record in relation to every item of apparatus belonging to the undertaker such other information as may be prescribed as soon as reasonably practicable after—

(a)placing the item in the street or altering its position,

(b)inspecting, maintaining, adjusting, repairing, altering or renewing the item,

(c)locating the item in the street in the course of executing any other works, or

(d)receiving any such information in relation to the item under Article 40(2)(a).”;

(d)omit paragraph (3);

(e)in paragraph (3A) (as inserted by Article 22(4) of the Street Works (Amendment) (Northern Ireland) Order 2007 (S.I. 2007/287 (N.I. 1)))—

(i) for “to (3)” substitute “and (2A)” ;

(ii) for “paragraph (1)” substitute “this Article” ;

(f)after paragraph (3A) insert—

“(3B)Except in such cases as may be prescribed, where an undertaker records information as required by paragraph (1) or (1B), or updates such information, the undertaker must, within a prescribed period, enter the recorded or updated information into NUAR.

(3C)Information must be entered into NUAR under paragraph (3B) in such form and manner as may be prescribed.”;

(g)after paragraph (5) insert—

“(6)In this Article “prescribed” means—

(a)in paragraphs (1) to (2), prescribed by regulations made by the Secretary of State or the Department for Infrastructure;

(b)otherwise, prescribed by regulations made by the Secretary of State.

(7)For the meaning of “NUAR”, see Article 45A.”

(4)For Article 40 (duty to inform undertakers of location of apparatus) substitute—

“40 Duties to report missing or incorrect information in relation to apparatus _I85

(1)Paragraph (2) applies where a relevant person executing works of any description in a street finds an item of apparatus which does not belong to the person in relation to which prescribed information—

(a)is not entered in NUAR, or

(b)is entered in NUAR but is incorrect.

(2)Except in such cases as may be prescribed, the person must—

(a)take such steps as are reasonably practicable to inform the undertaker to whom the item belongs of the missing or incorrect information, and

(b)if (having taken such steps) the person is unable to inform the undertaker to whom the item belongs of the missing or incorrect information, enter into NUAR, in such form and manner as may be prescribed, prescribed information in relation to the item.

(3)A person who fails to comply with paragraph (2) commits an offence.

(4)A person who commits an offence under paragraph (3) is liable on summary conviction to a fine not exceeding level 4 on the standard scale.

(5)Before making regulations under this Article the Secretary of State must consult—

(a)such representatives of persons likely to be affected by the regulations as the Secretary of State considers appropriate, and

(b)such other persons as the Secretary of State considers appropriate.

(6)For the purposes of this Article a person executing works in a street is a “relevant person” if the person has, pursuant to regulations under Article 45C, access to NUAR in relation to the street in question.

(7)For the meaning of “NUAR”, see Article 45A.”

(5)Before Article 41 (duty to maintain apparatus) insert—

“Other duties and liabilities of undertakers in relation to apparatus”.

(6)As a consequence of the provision made by subsection (4), omit Article 23 of the Street Works (Amendment) (Northern Ireland) Order 2007 (S.I. 2007/287 (N.I. 1)).

(7)A power of the Secretary of State to make regulations under paragraph (1) or (2) of Article 39 of the Street Works (Northern Ireland) Order 1995 (S.I. 1995/3210 (N.I. 19)) (by virtue of subsection (3)(g)) includes power to amend or revoke any provision of the Street Works (Records) Regulations (Northern Ireland) 2004 (S.R. (N.I.) 2004 No. 276) made under the paragraph concerned.

Part 4 Registers of births and deaths

63 Requirements to sign register

(1)The Births and Deaths Registration Act 1953 is amended as follows.

(2)After section 38A insert—

“38B Requirements to sign register _I89

(1)Where any register of births or register of deaths is required to be kept under this Act otherwise than in hard copy form, the Minister may by regulations provide that—

(a)a person’s duty under this Act to sign the register at any time is to have effect as a duty to comply with specified requirements at that time, and

(b)a person who complies with those requirements is to be treated for the purposes of this Act as having signed the register at that time and, in the case of a duty to sign the register in the presence of the registrar, to have done so in the presence of the registrar,

and accordingly, in such a case, the entry in the register is to be taken for the purposes of this Act to have been signed by the person.

(2)The provision that may be made by regulations under this section includes, among other things—

(a)provision requiring a person to sign something other than the register;

(b)provision requiring a person to provide specified evidence of identity in such form and manner as may be specified.

(3)In this section “specified” means specified in regulations under this section.”

(3)In section 39A (regulations made by the Minister: further provisions), after subsection (5) insert—

“(6)A statutory instrument that contains (whether alone or with other provision) regulations made by the Minister under section 38B may not be made unless a draft of the instrument has been laid before, and approved by a resolution of, each House of Parliament.”

Part 5 Data protection and privacy

Chapter 1 Data protection

Terms used in this Chapter

66 The 2018 Act and the UK GDPR _I92

In this Chapter—

• “ the 2018 Act ” means the Data Protection Act 2018 ;

• “ the UK GDPR ” means of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Regulation (EU) 2016/679

Definitions in the UK GDPR and the 2018 Act

69 Consent to law enforcement processing

(1)The 2018 Act is amended as follows.

(2)In section 33 (definitions), after subsection (1) insert—

“(1A)“Consent” of the data subject to the processing of personal data means a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of the personal data (and see section 40A).”

(3) In section 34(2) (overview of Chapter 2 of Part 3) , after paragraph (a) (but before the “and” at the end of that paragraph) insert—

“(aa)section 40A makes provision about processing carried out in reliance on the consent of the data subject,”.

(4)After section 40 insert—

“40A Conditions for consent _I95

(1)This section is about processing of personal data that is carried out in reliance on the consent of the data subject.

(2)The controller must be able to demonstrate that the data subject consented to the processing.

(3)If the data subject’s consent is given in writing as part of a document which also concerns other matters, the request for consent must be made—

(a)in a manner which clearly distinguishes the request from the other matters,

(b)in an intelligible and easily accessible form, and

(c)in clear and plain language.

(4)Any part of a document described in subsection (3) which constitutes an infringement of this Part is not binding.

(5)The data subject may withdraw the consent at any time (but the withdrawal of consent does not affect the lawfulness of processing in reliance on the consent before its withdrawal).

(6)Processing may only be carried out in reliance on consent if—

(a)before the consent is given, the controller or processor informs the data subject of the right to withdraw it, and

(b)it is as easy for the data subject to withdraw the consent as to give it.

(7)When assessing whether consent is freely given, account must be taken of, among other things, whether the provision of a service is conditional on consent to the processing of personal data that is not necessary for the provision of that service.”

(5) In section 206 (index of defined expressions) , in the Table, in the entry for “consent”—

(a) after “consent” insert “(to processing of personal data)” ,