(1)The Secretary of State may by regulations specify requirements (“security requirements”) for the purpose of protecting or enhancing the security of—
(a)relevant connectable products made available to consumers in the United Kingdom;
(b)users of such products.
(2)A security requirement is a requirement that—
(a)relates to relevant connectable products, or relevant connectable products of a specified description, and
(b)applies to relevant persons, or relevant persons of a specified description.
In this subsection “specified” means specified in the regulations.
(3)See—
section 4, for the meaning of “relevant connectable product”;
section 7, for the meaning of “relevant person”.
(4)For provision imposing duties on relevant persons to comply with security requirements, see sections 8, 14 and 21.
(5)Section 2 contains further provision about regulations under this section.
(1)A security requirement may relate to (among other things) all the relevant connectable products of—
(a)a relevant person, or
(b)a relevant person of a particular description.
(2)For the purposes of subsection (1), the relevant connectable products of a relevant person are—
(a)in the case of a person who is a manufacturer, any relevant connectable products in respect of which the person is a manufacturer;
(b)in the case of a person who is an importer, any relevant connectable products in respect of which the person is an importer;
(c)in the case of a person who is a distributor, any relevant connectable products in respect of which the person is a distributor.
(3)A security requirement may be described by reference to (among other things)—
(a)any software used for the purposes of, or in connection with, the operation of a relevant connectable product;
(b)any software used by a person in the course of, or in connection with, using a relevant connectable product;
(c)any software used for the purposes of providing a service to a person by means of a relevant connectable product;
and for these purposes it does not matter whether the software is installed on the product or whether the software or service is provided by a manufacturer of the product.
(4)A security requirement may (among other things) require a relevant person to do something in relation to a relevant connectable product, including in relation to times after a relevant connectable product has been made available in the United Kingdom.
(5)Regulations under section 1 are subject to the negative resolution procedure if the only provision they make under that section is provision—
(a)varying any description of—
(i)products to which a security requirement relates, or
(ii)software by reference to which a security requirement is described, or
(b)otherwise altering any term used in describing a security requirement without altering the effect of the security requirement or the extent to which it applies in any case.
(6)Except as provided by subsection (5), regulations under section 1 are subject to the affirmative resolution procedure.
(1)The Secretary of State may by regulations provide that a relevant person is to be treated as having complied with a security requirement relating to a relevant connectable product if specified conditions are met.
(2)The conditions that may be specified under subsection (1) include, among other things, the following—
(a)that the product conforms to a specified standard;
(b)that the relevant person otherwise meets any requirements imposed by a specified standard;
and the standards that may be specified include standards set by a person or body outside the United Kingdom.
(3)Regulations under subsection (1) are subject to the affirmative resolution procedure.
(4)In this section “specified” means specified in the regulations.
(1)In this Part “relevant connectable product” means a product that meets conditions A and B.
(2)Condition A is that the product is—
(a)an internet-connectable product, or
(b)a network-connectable product.
(For the meaning of these terms, see section 5.)
(3)Condition B is that the product is not an excepted product (see section 6).
(1)In this Part “internet-connectable product” means a product that is capable of connecting to the internet.
(2)The reference in subsection (1) to connecting to the internet is a reference to using a communication protocol that forms part of the Internet Protocol suite to send and receive data over the internet.
(3)In this Part “network-connectable product” means a product that—
(a)is capable of both sending and receiving data by means of a transmission involving electrical or electromagnetic energy,
(b)is not an internet-connectable product, and
(c)meets the first connectability condition (see subsection (4)) or the second connectability condition (see subsection (5)).
(4)A product meets the first connectability condition if it is capable of connecting directly to an internet-connectable product by means of a communication protocol that forms part of the Internet Protocol suite.
(5)A product meets the second connectability condition if—
(a)it is capable of connecting directly to two or more products at the same time by means of a communication protocol that does not form part of the Internet Protocol suite, and
(b)it is capable of connecting directly to an internet-connectable product by means of such a communication protocol (whether or not at the same time as it connects to any other product).
(6)In determining whether the condition in subsection (5)(a) is met in relation to a product (“the relevant product”), any product consisting of a wire or cable that is used merely to connect the relevant product to another product is to be disregarded.
(7)In a case where—
(a)two or more products are designed to be used together for the purposes of facilitating the use of a computer,
(b)at least one of the products (the “linking product”) is capable of connecting directly to an internet-connectable product (whether the computer or some other product) by means of a communication protocol that does not form part of the Internet Protocol suite, and
(c)each of the products that is not a linking product (“the input products”) is capable of connecting directly to the linking product, or (where there is more than one linking product) to each linking product—
(i)wirelessly, and
(ii)by means of a communication protocol that does not form part of the Internet Protocol suite,
each of the input products is to be treated for the purposes of subsection (3) as meeting the second connectability condition.
(8)For the purposes of subsections (4) to (7), a product is not to be prevented from being regarded as connecting directly to another product merely because the connection involves the use of a wire or cable.
(1)In this Part “excepted product” means a product of a description specified in regulations made by the Secretary of State.
(2)The provision that may be made by regulations under this section includes, among other things—
(a)provision as to whether, in a case where a product (“the secondary product”) is incorporated into or attached to, or otherwise forms part of, another product (“the primary product”), the primary product is, or is not, to be regarded as an excepted product;
(b)provision as to whether, in such a case, the secondary product is, or is not, to be regarded as an excepted product.
(3)Regulations under this section are subject to the negative resolution procedure if the only provision they make under this section is provision—
(a)varying any description of product specified in regulations under this section, or
(b)specifying any description of product in relation to which requirements relating to security that, in the opinion of the Secretary of State, are equivalent to those specified under this Part will apply.
(4)Except as provided by subsection (3), regulations under this section are subject to the affirmative resolution procedure.
(1)This section has effect for the purposes of this Part.
(2)“Relevant person”, in relation to a relevant connectable product, means any of the following—
(a)a manufacturer of the product (see subsection (3));
(b)an importer of the product (see subsection (4));
(c)a distributor of the product (see subsection (5)).
(3)“Manufacturer” means any of the following—
(a)any person who—
(i)manufactures a product, or has a product designed or manufactured, and
(ii)markets that product under that person’s name or trade mark;
(b)any person (“P”) who markets a product manufactured by another person under P’s name or trade mark.
(4)“Importer”, in relation to a product, means any person who—
(a)imports the product from a country outside the United Kingdom into the United Kingdom, and
(b)is not a manufacturer of the product.
(5)“Distributor”, in relation to a product, means any person who—
(a)makes the product available in the United Kingdom, and
(b)is not a manufacturer or an importer of the product.
(6)But a person is not to be regarded as a distributor of a product if—
(a)the person makes the product available by performing a contract for the carrying out of works that consist of or include the installation of the product into a building or structure, and
(b)products identical to the product are or have been made available to consumers in the United Kingdom otherwise than by the performance of such a contract.
(1)A manufacturer of a relevant connectable product must comply with any relevant security requirements relating to the product if condition A or B is met.
(2)Condition A is that the manufacturer—
(a)intends the product to be a UK consumer connectable product, or
(b)is aware, or ought to be aware, that the product will be a UK consumer connectable product.
(3)Condition B is that—
(a)the product is a UK consumer connectable product, and
(b)at the time it was made available by the manufacturer, condition A was met in relation to the product.
(4)For the meaning of “UK consumer connectable product”, see section 54.
(1)Subsection (2) applies if a manufacturer of a relevant connectable product—
(a)intends the product to be a UK consumer connectable product, or
(b)is aware, or ought to be aware, that the product will be a UK consumer connectable product.
(2)The manufacturer may not make the product available in the United Kingdom unless it is accompanied by—
(a)a statement of compliance, or
(b)a summary of the statement of compliance that is in such form, and contains such information, as is specified in regulations made by the Secretary of State.
(3)A “statement of compliance”, in relation to a product, is a document that—
(a)is prepared by or on behalf of the manufacturer of the product,
(b)is in such form, and contains such information, as is specified in regulations made by the Secretary of State, and
(c)states that, in the opinion of the manufacturer, the manufacturer has complied with the applicable security requirements.
(4)For the purposes of this section “the applicable security requirements”, in relation to a manufacturer of a product, means any relevant security requirements relating to the product, other than—
(a)a security requirement that applies only after the product has been made available in the United Kingdom, or
(b)a security requirement that applies only when the manufacturer is making the product available to customers in the United Kingdom.
(5)In a case where there is more than one manufacturer in relation to a product—
(a)it is sufficient for the purposes of subsection (3)(a) if the document is prepared by or on behalf of all of the manufacturers acting jointly, and
(b)in such a case, any reference to the manufacturer in subsection (3)(c) is to be read as a reference to each of those manufacturers.
(6)The Secretary of State may by regulations make further provision about statements of compliance, including (among other things)—
(a)provision requiring a manufacturer of a product to take specified steps to determine for the purposes of preparing a statement of compliance whether the manufacturer has complied with the applicable security requirements;
(b)provision requiring a manufacturer of a product to retain a copy of the statement of compliance relating to the product for a specified period;
(c)provision about publishing statements of compliance;
(d)provision about making available copies of statements of compliance.
(7)The Secretary of State may by regulations provide that a manufacturer is to be treated as complying with subsection (2) if specified conditions are met.
(8)In subsections (6) and (7) “specified” means specified in the regulations.
(9)Regulations under subsection (7) are subject to the affirmative resolution procedure.
(10)Other regulations under this section are subject to the negative resolution procedure.
(1)This section applies if, at any time after a relevant connectable product has been made available in the United Kingdom—
(a)a manufacturer of the product is informed that there is, or may be, a compliance failure in relation to the product, and
(b)the manufacturer is aware, or ought to be aware, that the product is or will be a UK consumer connectable product.
(2)The manufacturer must take all reasonable steps to investigate whether there is a compliance failure in relation to the product.
(3)In this section “compliance failure” means a failure by a manufacturer of the product to comply with a relevant security requirement relating to the product.
(1)This section applies if, at any time after a relevant connectable product has been made available in the United Kingdom—
(a)a manufacturer of the product becomes aware, or ought to be aware, of a compliance failure in relation to the product, and
(b)the manufacturer is aware, or ought to be aware, that the product is or will be a UK consumer connectable product.
(2)The manufacturer must, as soon as is practicable, take all reasonable steps to—
(a)prevent the product from being made available to customers in the United Kingdom (where it has not already been so made available);
(b)remedy the compliance failure.
(3)The manufacturer must notify the persons listed in subsection (4) of the compliance failure as soon as possible.
This is subject to subsection (8).
(4)The persons referred to in subsection (3) are—
(a)the enforcement authority;
(b)any other manufacturer of the product of which the manufacturer is aware;
(c)any importer or distributor to whom the manufacturer supplied the product;
(d)in a case where specified conditions are met, any customer in the United Kingdom to whom the manufacturer supplied the product.
(5)In subsection (4)(d) “specified” means specified in regulations made by the Secretary of State.
Regulations under this subsection are subject to the negative resolution procedure.
(6)The notification under subsection (3) must include the following information—
(a)details of the compliance failure;
(b)any risks of which the manufacturer is aware that are posed by the compliance failure;
(c)any steps taken by the manufacturer to remedy the compliance failure and whether or not those steps have been successful.
(7)When the manufacturer notifies a person within subsection (4)(b) or (c) of the compliance failure, the manufacturer must also inform the person whether or not the manufacturer has notified the enforcement authority of the compliance failure.
(8)Where the manufacturer became aware of the compliance failure as a result of being contacted about it by a relevant person in accordance with this Chapter, the manufacturer does not need to notify the relevant person of the compliance failure.
(9)In this section “compliance failure” means a failure by a manufacturer of the product to comply with a relevant security requirement relating to the product.
(1)A manufacturer of a relevant connectable product must maintain a record of—
(a)any investigations carried out by the manufacturer in relation to a compliance failure or suspected compliance failure (whether or not as a result of information received as mentioned in section 10(1)(a));
(b)any compliance failures relating to the product.
(2)A record of an investigation must contain the following information—
(a)the outcome of the investigation;
(b)where the manufacturer determined that there was a compliance failure, details of that compliance failure;
(c)any steps taken by the manufacturer to remedy the compliance failure and whether or not those steps were successful.
(3)A record of a compliance failure must contain the following information—
(a)details of the compliance failure;
(b)any steps taken by the manufacturer to remedy the compliance failure and whether or not those steps were successful.
(4)A record of an investigation or a compliance failure must be retained for a period of 10 years beginning with the day on which the record is made.
(5)In a case where there is more than one manufacturer in relation to a product, the duty of each of those manufacturers to maintain a record under this section may be met by those manufacturers jointly maintaining a single record.
(6)In this section “compliance failure” means a failure by a manufacturer of the product to comply with a relevant security requirement relating to the product.
(1)This section applies if, at any time after a relevant connectable product is made available in the United Kingdom—
(a)an authorised representative of a manufacturer of the product is informed that there is, or may be, a compliance failure in relation to the product, and
(b)the authorised representative is aware, or ought to be aware, that the product is or will be a UK consumer connectable product.
(2)The authorised representative must contact the manufacturer about the compliance failure (or potential compliance failure) as soon as possible.
(3)The authorised representative must notify the enforcement authority of the compliance failure (or potential compliance failure) as soon as possible after the authorised representative has contacted (or attempted to contact) the manufacturer in accordance with subsection (2).
(4)In this section “compliance failure” means a failure by a manufacturer of the product to comply with a relevant security requirement relating to the product.
(1)An importer of a relevant connectable product must comply with any relevant security requirements relating to the product if condition A or B is met.
(2)Condition A is that the importer—
(a)intends the product to be a UK consumer connectable product, or
(b)is aware, or ought to be aware, that the product will be a UK consumer connectable product.
(3)Condition B is that—
(a)the product is a UK consumer connectable product, and
(b)at the time it was made available by the importer, condition A was met in relation to the product.
(4)For the meaning of “UK consumer connectable product”, see section 54.
(1)Subsection (2) applies if an importer of a relevant connectable product—
(a)intends the product to be a UK consumer connectable product, or
(b)is aware, or ought to be aware, that the product will be a UK consumer connectable product.
(2)The importer may not make the product available in the United Kingdom unless it is accompanied by—
(a)a statement of compliance, or
(b)a summary of the statement of compliance prepared in accordance with section 9(2)(b).
(3)The importer must retain a copy of the statement of compliance, or the summary of the statement of compliance (as the case may be), for a period specified in regulations made by the Secretary of State.
(4)The Secretary of State may by regulations require an importer of a relevant connectable product to make available the statement of compliance relating to the product, or the summary of the statement of compliance (as the case may be), in accordance with provision made by the regulations.
(5)In a case where regulations made under section 9(7) provide that a manufacturer of a relevant connectable product is to be treated as complying with section 9(2) if conditions specified in the regulations are met—
(a)an importer of the product who meets the condition in subsection (1)(a) or the condition in subsection (1)(b) of this section may not make the product available in the United Kingdom unless the importer is satisfied that the conditions specified in the regulations have been met, and
(b)subsections (2) and (3), and any regulations made under subsection (4), do not apply.
(6)Regulations under this section are subject to the negative resolution procedure.
(1)An importer of a relevant connectable product may not make the product available in the United Kingdom if—
(a)the importer—
(i)intends the product to be a UK consumer connectable product, or
(ii)is aware, or ought to be aware, that the product will be a UK consumer connectable product, and
(b)the importer knows or believes that there is a compliance failure in relation to the product.
(2)In this section “compliance failure” means a failure by a manufacturer of a product to comply with a relevant security requirement relating to the product.
(1)This section applies if, at any time after an importer of a relevant connectable product makes it available in the United Kingdom—
(a)the importer is informed that there is, or may be, a compliance failure in relation to the product, and
(b)the importer is aware, or ought to be aware, that the product is or will be a UK consumer connectable product.
(2)The importer must take all reasonable steps to investigate whether there is a compliance failure in relation to the product.
(3)In this section “compliance failure” means a failure by the importer, or by a manufacturer of the product, to comply with a relevant security requirement relating to the product.
(1)This section applies if, at any time after an importer of a relevant connectable product makes it available to a customer in the United Kingdom—
(a)the importer becomes aware, or ought to be aware, of a compliance failure in relation to the product, and
(b)the importer is aware, or ought to be aware, that the product is a UK consumer connectable product.
(2)The importer must, as soon as is practicable, take all reasonable steps to remedy the compliance failure.
(3)The importer must notify the persons listed in subsection (4) of the compliance failure as soon as possible.
(4)The persons referred to in subsection (3) are—
(a)the enforcement authority, and
(b)in a case where specified conditions are met, any customer in the United Kingdom to whom the importer supplied the product.
(5)In subsection (4)(b) “specified” means specified in regulations made by the Secretary of State.
Regulations under this subsection are subject to the negative resolution procedure.
(6)The notification under subsection (3) must include the following information—
(a)details of the compliance failure;
(b)any risks of which the importer is aware that are posed by the compliance failure;
(c)any steps that have been taken by the importer to remedy the compliance failure and whether or not those steps have been successful.
(7)In this section “compliance failure” means a failure by the importer to comply with a relevant security requirement relating to the product.
(1)This section applies if, at any time after an importer of a relevant connectable product makes it available in the United Kingdom—
(a)the importer becomes aware, or ought to be aware, of a compliance failure in relation to the product, and
(b)the importer is aware, or ought to be aware, that the product is or will be a UK consumer connectable product.
(2)In this section “compliance failure” means a failure by a manufacturer of the product to comply with a relevant security requirement relating to the product.
(3)The importer must contact the manufacturer about the compliance failure as soon as possible.
This is subject to subsection (10)(b).
(4)If it appears to the importer that it is unlikely that the compliance failure will be remedied in accordance with section 11(2)(b), the importer must, as soon as is practicable, take all reasonable steps to prevent the product from being made available to customers in the United Kingdom (where it has not already been so made available).
(5)The importer must notify the persons listed in subsection (6) of the compliance failure as soon as possible after the importer has contacted (or attempted to contact) the manufacturer in accordance with subsection (3) (or, if subsection (10)(b) applies, as soon as possible).
This is subject to subsection (10)(a) and (c).
(6)The persons referred to in subsection (5) are—
(a)the enforcement authority,
(b)any distributor to whom the importer supplied the product, and
(c)in a case where specified conditions are met, any customer in the United Kingdom to whom the importer supplied the product.
(7)In subsection (6)(c) “specified” means specified in regulations made by the Secretary of State.
Regulations under this subsection are subject to the negative resolution procedure.
(8)The notification under subsection (5) must include the following information—
(a)details of the compliance failure;
(b)any risks of which the importer is aware that are posed by the compliance failure;
(c)any steps of which the importer is aware that have been taken by the manufacturer to remedy the compliance failure and whether or not those steps have been successful.
(9)When the importer notifies a person within subsection (6)(b) of the compliance failure, the importer must also inform the person whether or not—
(a)the manufacturer is aware of the compliance failure;
(b)the enforcement authority has been notified of the compliance failure.
(10)Where the importer became aware of the compliance failure as a result of being notified of it by a relevant person in accordance with this Chapter—
(a)the importer does not need to notify the relevant person of the compliance failure,
(b)if the relevant person—
(i)is the manufacturer, or
(ii)informs the importer that the manufacturer is aware of the compliance failure,
the importer does not need to contact the manufacturer about the compliance failure, and
(c)if the relevant person informs the importer that the enforcement authority has been notified of the compliance failure, the importer does not need to notify the enforcement authority of the compliance failure.
(1)An importer of a relevant connectable product must maintain a record of—
(a)any investigations carried out by the importer (whether or not as a result of information received as mentioned in section 17(1)(a)) in relation to a compliance failure, or suspected compliance failure, by—
(i)the importer, or
(ii)a manufacturer of the product;
(b)any investigations of which the importer is aware that have been carried out by a manufacturer of the product in relation to a compliance failure, or suspected compliance failure, by the manufacturer.
(2)A record of an investigation must contain the following information—
(a)the outcome of the investigation;
(b)where it was determined that there was a compliance failure, details of that compliance failure;
(c)any steps taken by the importer or the manufacturer (as the case may be) to remedy the compliance failure and whether or not those steps were successful.
(3)An importer is not to be regarded as having failed to comply with the duty imposed by subsection (1)(b) to maintain a record of an investigation carried out by a manufacturer if—
(a)the record of the investigation does not contain all of the information required by subsection (2),
(b)the missing information may only be obtained from the manufacturer, and
(c)the importer has taken reasonable steps to obtain that information from the manufacturer.
(4)A record of an investigation must be retained for a period of 10 years beginning with the day on which the record is made.
(5)In this section “compliance failure”, in relation to a product, means a failure to comply with a relevant security requirement relating to the product.
(1)A distributor of a relevant connectable product must comply with any relevant security requirements relating to the product if condition A or B is met.
(2)Condition A is that the distributor—
(a)intends the product to be a UK consumer connectable product, or
(b)is aware, or ought to be aware, that the product will be a UK consumer connectable product.
(3)Condition B is that—
(a)the product is a UK consumer connectable product, and
(b)at the time it was made available by the distributor, condition A was met in relation to the product.
(4)For the meaning of “UK consumer connectable product”, see section 54.
(1)Subsection (2) applies if a distributor of a relevant connectable product—
(a)intends the product to be a UK consumer connectable product, or
(b)is aware, or ought to be aware, that the product will be a UK consumer connectable product.
(2)The distributor may not make the product available in the United Kingdom unless it is accompanied by—
(a)a statement of compliance, or
(b)a summary of the statement of compliance prepared in accordance with section 9(2)(b).
(3)In a case where regulations made under section 9(7) provide that a manufacturer of a relevant connectable product is to be treated as complying with section 9(2) if conditions specified in the regulations are met—
(a)a distributor of the product who meets the condition in subsection (1)(a) or the condition in subsection (1)(b) of this section may not make the product available in the United Kingdom unless the distributor is satisfied that the conditions specified in the regulations have been met, and
(b)subsection (2) does not apply.
(1)A distributor may not make a relevant connectable product available in the United Kingdom if—
(a)the distributor—
(i)intends the product to be a UK consumer connectable product, or
(ii)is aware, or ought to be aware, that the product will be a UK consumer connectable product, and
(b)the distributor knows or believes that there is a compliance failure in relation to the product.
(2)In this section “compliance failure” means a failure by a manufacturer of a product to comply with a relevant security requirement relating to the product.
(1)This section applies if, at any time after a distributor of a relevant connectable product makes it available to a customer in the United Kingdom—
(a)the distributor becomes aware, or ought to be aware, of a compliance failure in relation to the product, and
(b)the distributor is aware, or ought to be aware, that the product is a UK consumer connectable product.
(2)The distributor must, as soon as is practicable, take all reasonable steps to remedy the compliance failure.
(3)The distributor must notify the persons listed in subsection (4) of the compliance failure as soon as possible.
(4)The persons referred to in subsection (3) are—
(a)the enforcement authority, and
(b)in a case where specified conditions are met, any customer in the United Kingdom to whom the distributor supplied the product.
(5)In subsection (4)(b) “specified” means specified in regulations made by the Secretary of State.
Regulations under this subsection are subject to the negative resolution procedure.
(6)The notification under subsection (3) must include the following information—
(a)details of the compliance failure;
(b)any risks of which the distributor is aware that are posed by the compliance failure;
(c)any steps taken by the distributor to remedy the compliance failure and whether or not those steps have been successful.
(7)In this section “compliance failure” means a failure by the distributor to comply with a relevant security requirement relating to the product.
(1)This section applies if, at any time after a distributor of a relevant connectable product makes it available in the United Kingdom—
(a)the distributor becomes aware, or ought to be aware, of a compliance failure in relation to the product, and
(b)the distributor is aware, or ought to be aware, that the product is or will be a UK consumer connectable product.
(2)In this section “compliance failure” means a failure by a manufacturer of the product to comply with a relevant security requirement relating to the product.
(3)The distributor must contact the manufacturer about the compliance failure as soon as possible.
This is subject to subsection (11)(b).
(4)If—
(a)it is not possible to contact the manufacturer as required by subsection (3), and
(b)a relevant person other than the manufacturer supplied the product to the distributor,
the distributor must (unless subsection (11)(a) applies) contact that other relevant person about the compliance failure as soon as possible.
(5)If it appears to the distributor that it is unlikely that the compliance failure will be remedied in accordance with section 11(2)(b), the distributor must take all reasonable steps to prevent the product from being made available to customers in the United Kingdom (where it has not already been so made available).
(6)The distributor must notify the persons listed in subsection (7) of the compliance failure as soon as possible after the distributor has contacted (or attempted to contact) the manufacturer in accordance with subsection (3) (or, if subsection (11)(b) applies, as soon as possible).
This is subject to subsection (11)(a) and (c).
(7)The persons referred to in subsection (6) are—
(a)the enforcement authority,
(b)any importer or distributor to whom the distributor supplied the product,
(c)if not already notified as a result of subsection (3) or (4), the person from whom the distributor obtained the product, and
(d)in a case where specified conditions are met, any customer in the United Kingdom to whom the distributor supplied the product.
(8)In subsection (7)(d) “specified” means specified in regulations made by the Secretary of State.
Regulations under this subsection are subject to the negative resolution procedure.
(9)The notification under subsection (6) must include the following information—
(a)details of the compliance failure;
(b)any risks of which the distributor is aware that are posed by the compliance failure;
(c)any steps of which the distributor is aware that have been taken by the manufacturer to remedy the compliance failure and whether or not those steps have been successful.
(10)When the distributor notifies a person within subsection (7)(b) or (c) of the compliance failure, the distributor must also inform the person whether or not—
(a)the manufacturer is aware of the compliance failure;
(b)the enforcement authority has been notified of the compliance failure.
(11)Where the distributor became aware of the compliance failure as a result of being notified of it by a relevant person in accordance with this Chapter—
(a)the distributor does not need to notify the relevant person of the compliance failure,
(b)if the relevant person—
(i)is the manufacturer, or
(ii)informs the distributor that the manufacturer is aware of the compliance failure,
the distributor does not need to contact the manufacturer about the compliance failure, and
(c)if the relevant person informs the distributor that the enforcement authority has been notified of the compliance failure, the distributor does not need to notify the enforcement authority of the compliance failure.
(1)The person responsible for enforcing the provisions of this Part, and of regulations made under it, is the Secretary of State (but see also section 27).
(2)For the investigatory powers available to the Secretary of State, see Schedule 5 to the Consumer Rights Act 2015.
(3)In paragraph 10 of Schedule 5 to that Act (duties and powers to which Schedule 5 applies), insert at the appropriate place—
“section 26(1) of the Product Security and Telecommunications Infrastructure Act 2022;”.
(4)Despite paragraph 13(4) of Schedule 5 to that Act, the Secretary of State may exercise the powers in Part 3 of that Schedule (powers in relation to the production of information) for any purpose relating to the enforcement of this Part (and in such a case the restriction imposed by paragraph 13(5) of that Schedule does not apply).
(5)Nothing in this section authorises the Secretary of State to bring proceedings in Scotland for an offence under this Part.
(1)The Secretary of State may by regulations authorise any person to exercise any enforcement function of the Secretary of State.
(2)Regulations under this section may provide for payments to be made by the Secretary of State in respect of the performance of any enforcement function.
(3)Regulations under this section do not prevent the Secretary of State from performing a function to which the regulations relate.
(4)In this Part “enforcement function” means—
(a)any function of the Secretary of State under this Chapter;
(b)any function of the Secretary of State under Schedule 5 to the Consumer Rights Act 2015, so far as exercisable for the purposes of this Part.
(5)Accordingly, in the case of the exercise of an enforcement function by a person authorised by regulations under this section to exercise that function, any reference in this Chapter or that Schedule to the Secretary of State in connection with that function is to be read as a reference to that person.
(6)Regulations under this section are subject to the affirmative resolution procedure.
(1)If the Secretary of State has reasonable grounds to believe that a person has failed to comply with a relevant duty, the Secretary of State may give a compliance notice to the person.
(2)A compliance notice is a notice under this section requiring the person to whom it is given to comply with the relevant duty specified in the notice within a specified period.
(3)A compliance notice given to a person must—
(a)set out the reasons for giving the compliance notice;
(b)explain what may happen if the person does not comply with it;
(c)explain how the person may appeal against it.
(4)A compliance notice given to a person may—
(a)require the person to take any specified steps within a specified period in order to comply with the relevant duty;
(b)require the person within a specified period to provide evidence to the satisfaction of the Secretary of State that the person has complied with, or is complying with, the relevant duty.
(5)Before giving a compliance notice to a person, the Secretary of State must—
(a)notify the person that the Secretary of State intends to give a compliance notice to the person, and
(b)give the person an opportunity to make representations about the giving of the notice.
(6)The Secretary of State may not give a compliance notice to the person until the end of the period of 10 days beginning with the day on which the notification required by subsection (5)(a) is given.
(7)A compliance notice may not be given to a person more than once in respect of the same act or omission.
(8)In this section—
“relevant duty” means a duty imposed by or under Chapter 2;
“specified” means specified in the compliance notice.
(1)If the Secretary of State has reasonable grounds to believe that a person is carrying on, or is likely to carry on, an activity in breach of a relevant duty, the Secretary of State may give a stop notice to the person.
(2)A stop notice is a notice under this section requiring the person to whom it is given to stop carrying on an activity specified in the notice within a specified period.
(3)A stop notice given to a person must—
(a)set out the reasons for giving the stop notice;
(b)explain what may happen if the person does not comply with it;
(c)explain how the person may appeal against it.
(4)A stop notice given to a person may—
(a)require the person to take any specified steps within a specified period for the purpose of complying with the stop notice;
(b)require the person within a specified period to provide evidence to the satisfaction of the Secretary of State that the person is complying with the stop notice;
(c)require the person to take steps to inform customers of any risks posed by using a product to which the notice relates;
(d)provide that, if the person takes specified steps within a specified period for the purpose of complying with the relevant duty, the stop notice will be revoked;
(e)require the person within a specified period to provide evidence to the satisfaction of the Secretary of State that the person has taken those steps.
(5)Before giving a stop notice to a person, the Secretary of State must—
(a)notify the person that the Secretary of State intends to give a stop notice to the person, and
(b)give the person an opportunity to make representations about the giving of the notice.
(6)The Secretary of State may not give a stop notice to the person until the end of the period of 10 days beginning with the day on which the notification required by subsection (5)(a) is given.
(7)Subsections (5) and (6) do not apply if the Secretary of State considers that there is an urgent need to give a stop notice to the person.
(8)In this section—
“relevant duty” means a duty imposed by or under Chapter 2;
“specified” means specified in the stop notice.
(1)Subsection (2) applies if—
(a)the Secretary of State has reasonable grounds to believe that there is a compliance failure in relation to any UK consumer connectable products that have been supplied to customers,
(b)the Secretary of State considers that the action (if any) being taken by any relevant person in relation to the compliance failure is inadequate, and
(c)the Secretary of State considers that any action which the Secretary of State may take under section 28, 29 or 42 would not be sufficient to deal with the risks posed by the compliance failure.
(2)The Secretary of State may give a recall notice to any of the following—
(a)in the case of a compliance failure by a manufacturer of the products—
(i)any manufacturer of the products;
(ii)an authorised representative of a manufacturer of the products;
(iii)any importer or distributor who made any of the products available in the United Kingdom;
(b)in the case of a compliance failure by an importer or distributor who supplied any of the products to a customer, that importer or distributor.
(3)A recall notice is a notice under this section requiring the person to whom it is given (“P”) to make arrangements within a specified period for the return of the products to P or to another person specified in the notice.
(4)A recall notice given to a person must—
(a)set out the reasons for giving the recall notice;
(b)explain what may happen if the person does not comply with it;
(c)explain how the person may appeal against it.
(5)A recall notice given to a person may—
(a)require the person to take specified steps within a specified period for the purpose of complying with the recall notice;
(b)require the person within a specified period to provide evidence to the satisfaction of the Secretary of State that the person is complying with the recall notice;
(c)require the person to provide the Secretary of State with specified information in relation to the products, including information relating to times after the products have been returned;
(d)require the person to take steps to inform customers of any risks posed by using the products.
(6)Before giving a recall notice to a person, the Secretary of State must—
(a)notify the person that the Secretary of State intends to give a recall notice to the person, and
(b)give the person an opportunity to make representations about the giving of the notice.
(7)The Secretary of State may not give a recall notice to the person until the end of the period of 10 days beginning with the day on which the notification required by subsection (6)(a) is given.
(8)Subsections (6) and (7) do not apply if the Secretary of State considers that there is an urgent need to give a recall notice to the person.
(9)In this section—
“compliance failure”, in relation to a product, means a failure by a relevant person to comply with a relevant security requirement in relation to the product;
“specified” means specified in the recall notice.
(1)The Secretary of State may vary or revoke an enforcement notice.
(2)But the Secretary of State may not vary an enforcement notice in order to make it more onerous.
(1)It is an offence for a person to fail to comply with an enforcement notice.
(2)It is a defence for a person (“P”) charged with an offence under this section to show that P took all reasonable steps to comply with the notice.
(3)P is to be taken to have shown the fact mentioned in subsection (2) if—
(a)sufficient evidence of the fact is adduced to raise an issue with respect to it, and
(b)the contrary is not proved beyond reasonable doubt.
(4)P may not rely on a defence under subsection (2) which involves a third party allegation unless P has—
(a)given a notice to the prosecutor in accordance with this section, or
(b)obtained the permission of the court.
(5)In subsection (4) “third party allegation” means an allegation that the failure to comply with the notice was due to—
(a)the act or omission of another person, or
(b)P’s reliance on information provided by another person.
(6)The notice under subsection (4)(a) must give any information in P’s possession which identifies, or may assist in identifying, the person mentioned in subsection (5).
(7)In the case of proceedings in England and Wales or Northern Ireland, the notice under subsection (4)(a) must be given to the prosecutor no later than 7 clear days before the hearing of the proceedings.
(8)In the case of proceedings in Scotland, the notice under subsection (4)(a) must be given to the prosecutor—
(a)where an intermediate diet is to be held, at or before that diet;
(b)where such a diet is not to be held, no later than 10 clear days before the trial diet.
(9)A person guilty of an offence under this section is liable—
(a)on summary conviction in England and Wales, to a fine;
(b)on summary conviction in Scotland, to a fine not exceeding level 5 on the standard scale;
(c)on summary conviction in Northern Ireland, to a fine not exceeding level 5 on the standard scale.
(1)A person who is given an enforcement notice may appeal to the First-tier Tribunal (“the Tribunal”) against the enforcement notice or any provision of it.
(2)An appeal under this section is to be brought before the end of the period of 28 days beginning with—
(a)the day on which the notice was given, or
(b)if the appeal is in respect of the variation of a notice under section 31, the day on which the notice was varied.
(3)On an appeal under this section, the Tribunal—
(a)if it is satisfied that any of the grounds in subsection (4) applies, may—
(i)vary the notice, or
(ii)cancel the notice or any part of it;
(b)if it is not so satisfied, must confirm the notice.
(4)The grounds referred to in subsection (3)(a) are—
(a)that the decision to give the notice, or to include any provision in the notice, was based, wholly or partly, on an error of fact;
(b)that the decision to give the notice, or to include any provision in the notice, was wrong in law;
(c)that the notice, or any provision of it, was unfair or unreasonable for any other reason.
(5)If the Tribunal cancels an enforcement notice (in whole or in part), it may refer the matter back to the person that gave the notice with a direction to reconsider and make a new decision in accordance with its ruling.
(6)But the Tribunal may not direct the person that gave the notice to take any action which the person would not otherwise have the power to take.
(7)In determining an appeal under this section, the Tribunal may—
(a)review any determination of fact on which the decision to give the notice, or to include any provision in it, was based;
(b)take into account evidence which was not available to the person that gave the notice.
(8)Where an appeal in respect of an enforcement notice, or the variation of an enforcement notice, is made under this section, the notice or variation (as the case may be) is of no effect until the appeal is determined or withdrawn.
(9)Where an appeal is or may be made to the Upper Tribunal in relation to a decision of the Tribunal under this section, the Upper Tribunal may suspend the notice to which the appeal relates, or any provision of it, until the appeal is determined or withdrawn.
(1)This section applies if—
(a)the Secretary of State gives a stop notice or a recall notice to a person,
(b)the relevant breach in respect of which the notice was given did not occur, and
(c)the decision to give the notice was not attributable to any neglect or default by the person.
(2)The Secretary of State is liable to pay compensation to the person to whom the notice was given in respect of any loss or damage caused as a result of the giving of the notice.
(3)The amount of compensation payable to a person under this section is to be determined by the Secretary of State.
(4)In determining that amount, the Secretary of State may have regard to the extent to which the person took reasonable steps to reduce any loss or damage caused as a result of the giving of the notice.
(5)A person seeking compensation under this section must make a claim to the Secretary of State.
(6)The claim—
(a)must be made in such form, and such manner, as the Secretary of State may direct;
(b)must contain evidence of the loss or damage in respect of which compensation is sought;
(c)must specify the amount of compensation which the person is seeking.
(7)The Secretary of State must, before the end of the period of 45 days beginning with the day on which the Secretary of State receives the claim—
(a)decide whether the person is entitled to compensation under this section and, if so, the amount of that compensation, and
(b)notify the person of the decision.
(8)In this section “relevant breach” means—
(a)in the case of a stop notice, a breach of a duty imposed by or under Chapter 2;
(b)in the case of a recall notice, a compliance failure within the meaning of section 30.
(1)A person may appeal to the First-tier Tribunal (“the Tribunal”) against—
(a)a decision not to award compensation to the person under section 34, or
(b)the amount of compensation awarded to the person under that section.
(2)An appeal under this section is to be brought before the end of the period of 28 days beginning with the day on which the person is notified in accordance with section 34(7)(b).
(3)On an appeal under this section against a decision not to award compensation under section 34, the Tribunal—
(a)if it is satisfied that the ground in subsection (6)(a) or the ground in subsection (6)(b) applies, may quash the decision;
(b)if it is not so satisfied, must confirm the decision.
(4)If the Tribunal quashes a decision under subsection (3)(a), the Tribunal may—
(a)direct the Secretary of State to pay compensation of an amount determined by the Tribunal, or
(b)refer the matter back to the Secretary of State with a direction to reconsider and make a new decision in accordance with its ruling.
(5)On an appeal under this section against the amount of compensation awarded under section 34, the Tribunal—
(a)if it is satisfied that any of the grounds in subsection (6) applies, may—
(i)vary the amount of compensation awarded, or
(ii)refer the matter back to the Secretary of State with a direction to reconsider and make a new decision in accordance with its ruling;
(b)if it is not so satisfied, must confirm the amount of compensation awarded.
(6)The grounds referred to in subsections (3)(a) and (5)(a) are—
(a)that the decision appealed against was based, wholly or partly, on an error of fact;
(b)that the decision appealed against was wrong in law;
(c)that the amount of compensation awarded was unfair or unreasonable for any other reason.
(7)In determining an appeal under this section, the Tribunal may—
(a)review any determination of fact on which the decision appealed against was based;
(b)take into account evidence which was not available to the Secretary of State.
(8)The Tribunal may not direct the Secretary of State under this section to pay any compensation which the Secretary of State would not otherwise be liable to pay under section 34(2).
(1)If the Secretary of State is satisfied on the balance of probabilities that a person has failed to comply with a relevant duty, the Secretary of State may give a penalty notice to the person.
(2)A penalty notice is a notice under this section requiring the person to pay a penalty of a specified amount to the Secretary of State within a specified period.
(3)A person may not be given more than one penalty notice in respect of a single relevant breach.
(4)A penalty notice may not require a person to pay a penalty of an amount greater than the relevant maximum in respect of a single relevant breach.
For the relevant maximum, see section 38.
(5)A penalty notice given in respect of a relevant breach may, in addition to requiring the person to pay a penalty of a specified amount (“the fixed penalty”), require the person to pay to the Secretary of State within a specified period a further daily penalty, of a specified amount not exceeding £20,000, for each day for which the relevant breach continues after the end of the period specified for payment of the fixed penalty.
(6)The amount of each such daily penalty is to be disregarded for the purposes of subsection (4).
(7)A penalty notice may not specify a period for paying a penalty that is less than 28 days beginning with the day on which the notice is given.
(8)A penalty notice may be given to a person in respect of a relevant breach whether or not the person has been given an enforcement notice in respect of the relevant breach.
(9)Any penalty received by the Secretary of State in accordance with this section is to be paid into the Consolidated Fund.
(10)In this section—
“relevant breach” means a failure to comply with a relevant duty;
“relevant duty” means a duty imposed by or under Chapter 2;
“specified” means specified in the penalty notice.
(1)A penalty imposed by a penalty notice must be of an amount that the Secretary of State considers to be—
(a)appropriate, and
(b)proportionate to the relevant breach in respect of which it is imposed.
(2)In determining the amount of a penalty to be imposed by a penalty notice on a person, the Secretary of State must take into account the following matters (among others)—
(a)the effects of the relevant breach in respect of which the penalty is imposed;
(b)any action taken by the person to remedy the relevant breach or mitigate its effects.
(3)In this section “relevant breach” has the same meaning as in section 36.
(1)For the purposes of section 36 the relevant maximum, in relation to a person, is the greater of—
(a)£10 million, and
(b)4% of the person’s qualifying worldwide revenue for the person’s most recent complete accounting period.
This is subject to subsections (2) to (6).
(2)Where the Secretary of State is deciding the amount of the penalty to be imposed on a person at a time when the person’s first accounting period has not yet ended, the reference in subsection (1)(b) to the person’s qualifying worldwide revenue for the person’s most recent complete accounting period is a reference to the amount that the Secretary of State estimates is likely to be the person’s qualifying worldwide revenue for that period.
(3)For the purposes of this section, the amount of a person’s qualifying worldwide revenue for an accounting period is, in the event of a disagreement between the person and the Secretary of State, the amount determined by the Secretary of State.
(4)In the case of an accounting period that is not a period of 12 months, the amount of the person’s qualifying worldwide revenue (or estimated qualifying worldwide revenue) for the period is to be adjusted as follows—
(a)if the accounting period is less than 12 months, the amount is to be proportionately increased;
(b)if the accounting period is more than 12 months, the amount is to be proportionately reduced.
(5)If the person does not have an accounting period, the relevant maximum is £10 million.
(6)The Secretary of State may by regulations provide that, where the person is a member of one or more groups, the relevant maximum is to be calculated by reference to a specified percentage of the total qualifying worldwide revenue of those groups, or of members of those groups that are of a specified description, for a specified period.
“Specified” means specified in the regulations.
(7)The Secretary of State may by regulations make provision about how the qualifying worldwide revenue of a person or persons for a period is to be determined for the purposes of this section.
(8)Regulations under this section are subject to the affirmative resolution procedure.
(9)In this section—
“accounting period”, in relation to a person, means a period in respect of which accounts are prepared in relation to that person or, where that person is an individual, in relation to that person’s relevant business;
“group” means a parent undertaking and its subsidiary undertakings;
“parent undertaking” and “subsidiary undertaking” have the same meaning as they have for the purposes of the Companies Act 2006 (see section 1162 of, and Schedule 7 to, that Act);
“relevant business” means—
in the case of a relevant person, the business of being a manufacturer, importer or distributor (as the case may be) of relevant connectable products;
in the case of a person who is an authorised representative, the business of acting as an authorised representative or as part of which the person is an authorised representative.
(1)Before giving a penalty notice to a person, the Secretary of State must—
(a)notify the person of the Secretary of State’s intention to give a penalty notice to the person, and
(b)give the person an opportunity to make representations about the giving of the notice.
(2)The Secretary of State may not give a penalty notice to the person before the end of the period of 28 days beginning with the day on which notification under subsection (1)(a) is given.
(3)A penalty notice must contain the following information—
(a)the reasons for giving the penalty notice;
(b)the amount of the penalty;
(c)how payment may be made;
(d)the period within which payment must be made;
(e)how the person to whom the notice is given may appeal against the imposition of the penalty;
(f)the consequences of failing to pay the penalty.
(4)The Secretary of State may vary or revoke a penalty notice.
(5)But the Secretary of State may not vary a penalty notice in order to make it more onerous.
(1)In England and Wales, a penalty is recoverable as if it were payable under an order of the High Court.
(2)In Scotland, a penalty may be enforced in the same manner as an extract registered decree arbitral bearing a warrant for execution issued by the sheriff court of any sheriffdom in Scotland.
(3)In Northern Ireland, a penalty is recoverable as if it were payable under an order of the High Court.
(4)Where action is taken under this section for the recovery of a penalty, the penalty—
(a)in relation to England and Wales, is to be treated for the purposes of section 98 of the Courts Act 2003 (register of judgments and orders etc) as if it were a judgment entered in the High Court;
(b)in relation to Northern Ireland, is to be treated for the purposes of Article 116 of the Judgments Enforcement (Northern Ireland) Order 1981 (S.I. 1981/226 (N.I. 6)) (register of judgments) as if it were a judgment in respect of which an application has been accepted under Article 22 or 23(1) of that Order.
(5)In this section “penalty” means a penalty imposed by a penalty notice under section 36.
(1)A person who is given a penalty notice may appeal to the First-tier Tribunal (“the Tribunal”) against—
(a)the imposition of a penalty imposed by the penalty notice;
(b)the amount of such a penalty;
(c)the period within which such a penalty, or any part of it, is required to be paid.
(2)An appeal under this section is to be brought before the end of the period of 28 days beginning with—
(a)the day on which the penalty notice was given, or
(b)if the appeal is in respect of the variation of a notice under section 39(4), the day on which the notice was varied.
(3)On an appeal under this section, the Tribunal—
(a)if it is satisfied that any of the grounds in subsection (4) applies, may—
(i)vary the amount of a penalty imposed by the penalty notice or the period within which such a penalty, or any part of it, is required to be paid, or
(ii)cancel any penalty imposed by the penalty notice;
(b)if it is not so satisfied, must confirm the penalty notice.
(4)The grounds referred to in subsection (3)(a) are—
(a)that the decision appealed against was based, wholly or partly, on an error of fact;
(b)that the decision appealed against was wrong in law;
(c)that the decision appealed against was unfair or unreasonable for any other reason.
(5)If the Tribunal cancels a penalty imposed by a penalty notice, it may refer the matter back to the person that gave the notice with a direction to reconsider and make a new decision in accordance with its ruling.
(6)But the Tribunal may not direct the person that gave the notice to take any action which the person would not otherwise have the power to take.
(7)In determining an appeal under this section, the Tribunal may—
(a)review any determination of fact on which the decision appealed against was based;
(b)take into account evidence which was not available to the person that gave the notice.
(8)Where an appeal in respect of a penalty notice, or the variation of a penalty notice, is made under this section, the notice or variation (as the case may be) is of no effect until the appeal is determined or withdrawn.
(9)Where an appeal is or may be made to the Upper Tribunal in relation to a decision of the Tribunal under this section, the Upper Tribunal may suspend the notice to which the appeal relates until the appeal is determined or withdrawn.
(1)In this section “forfeitable products” means—
(a)any relevant connectable products that—
(i)are in the possession or control of any manufacturer, importer or distributor of the products,
(ii)are in the possession or control of an authorised representative of a manufacturer of the products, or
(iii)are detained under paragraph 28 of Schedule 5 to the Consumer Rights Act 2015;
(b)any relevant connectable products that have been returned to any of the following persons as a result of a compliance failure, or suspected compliance failure, relating to the products—
(i)any manufacturer, importer or distributor of the products;
(ii)an authorised representative of a manufacturer of the products;
(iii)a person acting on behalf of a person within sub-paragraph (i) or (ii);
(iv)a person specified in a recall notice under section 30.
(2)If the Secretary of State has reasonable grounds to believe that—
(a)there is a compliance failure relating to any forfeitable products, and
(b)the products are, or (if no order is made for their forfeiture) will be, UK consumer connectable products,
the Secretary of State may apply to the appropriate court (see subsection (11)(a)) for an order for the forfeiture of the products.
(3)The court may, on an application under this section, make an order for the forfeiture of any forfeitable products if the court is satisfied on the balance of probabilities—
(a)that the products are, or (if no order is made for their forfeiture) will be, UK consumer connectable products,
(b)that there is a compliance failure in relation to the products,
(c)that it is unlikely that the security requirement in respect of which the compliance failure exists will be complied with, and
(d)that it is proportionate to make the order.
(4)For the purposes of this section the court may determine that there is a compliance failure in relation to any forfeitable products if it is satisfied that there is a compliance failure in relation to products that are representative of those products (whether by reason of being of the same model or design or otherwise).
(5)If the court makes an order for the forfeiture of any forfeitable products, it may also order the forfeiture of any other property if it is satisfied on the balance of probabilities that the property is not readily separable from the forfeitable products.
(6)An order under this section for the forfeiture of any property—
(a)may require the property to be delivered up to—
(i)the Secretary of State, or
(ii)such other person as the court may direct;
(b)may permit the Secretary of State, or such other person as the court may direct, to destroy or otherwise dispose of the property in whatever way the Secretary of State or other person considers appropriate;
(c)may require the property to be destroyed or otherwise disposed of in accordance with any directions of the court.
(7)Subsections (8) and (9) apply in a case where the products to which the application relates have been detained under paragraph 28 of Schedule 5 to the Consumer Rights Act 2015.
(8)If the court is not satisfied on the balance of probabilities—
(a)that the products are, or (if no order is made for their forfeiture) will be, UK consumer connectable products,
(b)that there is a compliance failure in relation to the products,
(c)that it is unlikely that the security requirement in respect of which the compliance failure exists will be complied with, or
(d)that it is proportionate to make an order for the forfeiture of the products,
the court must order the products to be returned to a person entitled to them.
(9)Where an order for the return of any products is made under subsection (8), the products (and any other property that is not readily separable from the products) may nevertheless be detained—
(a)until the end of the period within which an appeal under section 44 may be made against the order, or
(b)if such an appeal is made, until the time when it is determined or withdrawn.
But if the Secretary of State decides before the end of the period mentioned in paragraph (a) that there is to be no appeal, the products must be returned as soon as possible after that decision is made.
(10)For the purposes of this section, property is not readily separable from any forfeitable products if, in all the circumstances, it is not reasonably practicable to separate the property from the forfeitable products.
Those circumstances include the time and costs involved in separating the property.
(11)For the purposes of this section—
(a)“the appropriate court” means—
(i)in England and Wales, a magistrates’ court;
(ii)in Scotland, a sheriff;
(iii)in Northern Ireland, a court of summary jurisdiction;
(b)“compliance failure”, in relation to a product, means a failure by a relevant person to comply with a relevant security requirement in relation to the product;
(c)the reference to delivery up of products is, in Scotland, a reference to delivery;
(d)the persons “entitled” to any products are—
(i)any person to whom they belong, and
(ii)in the case of products detained under paragraph 28 of Schedule 5 to the Consumer Rights Act 2015, the person from whom they were seized.
(1)An application under section 42 to a magistrates’ court in England and Wales is to be made by way of complaint.
(2)An application under section 42 to a court of summary jurisdiction in Northern Ireland is to be made by way of complaint under Part 8 of the Magistrates’ Courts (Northern Ireland) Order 1981 (S.I. 1981/1675 (N.I. 26)).
(3)In a case where proceedings have been brought in England and Wales or Northern Ireland for—
(a)an offence under section 32 relating to a compliance failure, or
(b)an offence under paragraph 36(1) or (2) of Schedule 5 to the Consumer Rights Act 2015 arising out of any investigation into a compliance failure,
an application under section 42 relating to the compliance failure may be made in those proceedings.
(4)A court may not order the forfeiture of any products under section 42 unless—
(a)the Secretary of State has given notice of—
(i)the application, and
(ii)the date and location of the proceedings for forfeiture,
to every identifiable person having an interest in the products, or
(b)where the notice required by paragraph (a)(i) or (ii) has not been given to such a person, the court is satisfied that it was reasonable in the circumstances not to give notice to that person.
(5)Any person having an interest in any forfeitable products is entitled to appear in proceedings under section 42 relating to the products.
(6)No order for forfeiture under section 42 may take effect until—
(a)the end of the period within which an appeal under section 44 may be made against the order, or
(b)if such an appeal is made, the time when it is determined or withdrawn.
(7)In this section “compliance failure” and “forfeitable products” have the same meaning as in section 42.
(1)Where an order for the forfeiture of any products has been made under section 42, each of the following persons may appeal against the order—
(a)any party to the proceedings in which the order was made;
(b)any other person entitled to the products.
(2)The Secretary of State may appeal against—
(a)a decision not to make an order for forfeiture under section 42;
(b)an order under subsection (8) of that section for the return of any products.
(3)Where—
(a)the Secretary of State brings an appeal under this section, and
(b)no person entitled to the products in question was a party to the original proceedings,
the Secretary of State must make reasonable efforts to give notice of the appeal to every person who the Secretary of State thinks is or may be entitled to the products.
(4)An appeal under this section is to—
(a)the Crown Court, in England and Wales;
(b)the Sheriff Appeal Court, in Scotland;
(c)a county court, in Northern Ireland.
(5)An appeal under this section is to be brought before the end of the period of 28 days beginning with the date of the order or other decision appealed against.
(6)Subject to subsections (7) and (8), the court hearing the appeal may make any order the court considers appropriate.
(7)If an appeal brought by virtue of subsection (2) is allowed—
(a)the court must order the products to be forfeited, and
(b)sections 42(6) and 43(6) apply with the necessary adaptations.
(8)If an appeal against an order forfeiting any products is allowed—
(a)the court must order the products to be returned to a person entitled to them, and
(b)section 42(9) applies with the necessary adaptations.
(9)The persons “entitled” to any products for the purposes of this section are—
(a)any person to whom they belong, and
(b)in the case of products detained under paragraph 28 of Schedule 5 to the Consumer Rights Act 2015, the person from whom they were seized.
(1)This section applies where the Secretary of State has reasonable grounds to believe that there is a compliance failure in relation to a relevant connectable product.
(2)The Secretary of State may publish whatever information the Secretary of State considers appropriate for the purpose of informing members of the public about the following matters—
(a)the nature of the compliance failure;
(b)any risks posed by using the product;
(c)any steps that may be taken to mitigate the effect of any such risks.
(3)Information may be published under subsection (2) in whatever way the Secretary of State considers appropriate.
(4)In this section “compliance failure”, in relation to a product, means a failure by a relevant person to comply with a relevant security requirement in relation to the product.
(1)The Secretary of State may publish details of a failure by a relevant person to comply with a relevant security requirement in relation to a product.
(2)The Secretary of State may publish details of any of the following—
(a)an enforcement notice given to a person;
(b)a penalty notice given to a person;
(c)an order made under section 42 for the forfeiture of any products.
(1)This section applies where conditions A and B are met.
(2)Condition A is that the Secretary of State has reasonable grounds to believe that there is a compliance failure in relation to any UK consumer connectable products that have been supplied to customers.
(3)Condition B is that—
(a)a person to whom a recall notice was given in relation to the compliance failure has failed to comply with it, or
(b)it is not possible to give a recall notice in relation to the compliance failure to one or more of the persons mentioned in section 30(2).
(4)The Secretary of State may—
(a)make arrangements for the delivery of the products to the Secretary of State or another person;
(b)destroy or otherwise dispose of the products in whatever way the Secretary of State considers appropriate;
(c)permit any person to whom the products are delivered under the arrangements mentioned in paragraph (a) to destroy or otherwise dispose of them—
(i)in accordance with a direction of the Secretary of State, or
(ii)in whatever way the person considers appropriate.
(5)The Secretary of State may pay such amounts as the Secretary of State considers appropriate to any customer who returns a product in accordance with arrangements made under this section
(6)Where an amount is paid to a customer under subsection (5) in respect of a product, a relevant person may deduct that amount from any amount which the relevant person is required to pay to the customer (whether as a result of the exercise of the customer’s statutory rights or otherwise) in respect of the product.
(7)In a case where a person to whom a recall notice was given in relation to a compliance failure failed to comply with it, the Secretary of State may recover from the person any costs or expenses reasonably incurred by the Secretary of State or another person in taking any action under this section in relation to the compliance failure.
(8)In this section “compliance failure”, in relation to a product, means a failure by a relevant person to comply with a relevant security requirement in relation to the product.
(1)The Secretary of State may disclose to a person any information obtained by the Secretary of State in connection with the Secretary of State’s enforcement functions if the disclosure is made for a purpose connected with an enforcement function of the Secretary of State.
(2)A person may disclose any information to the Secretary of State if the disclosure is made for the purposes of enabling or assisting the Secretary of State to exercise any enforcement function.
(3)A disclosure of information authorised by this Chapter does not breach—
(a)any obligation of confidence owed by the person making the disclosure in relation to that information, or
(b)any other restriction on the disclosure of information (however imposed).
(4)But nothing in this Chapter authorises either of the following—
(a)the making of a disclosure which would contravene the data protection legislation (but in determining whether a disclosure would do so, the powers conferred by this Chapter are to be taken into account);
(b)the making of a disclosure which is prohibited by any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016.
(5)In this section “the data protection legislation” has the same meaning as in the Data Protection Act 2018 (see section 3 of that Act).
(6)Subsections (1) and (2) do not affect any power to disclose that exists apart from this section.
(7)In Schedule 14 to the Enterprise Act 2002 (restrictions on disclosure of information: list of enactments under or by virtue of which information is obtained), at the appropriate place insert—
“Part 1 of the Product Security and Telecommunications Infrastructure Act 2022.”
(1)A person who is not authorised to exercise a function of the Secretary of State under this Chapter commits an offence if the person purports to act as a person who is so authorised.
(2)A person guilty of an offence under this section is liable—
(a)on summary conviction in England and Wales, to a fine;
(b)on summary conviction in Scotland, to a fine not exceeding level 5 on the standard scale;
(c)on summary conviction in Northern Ireland, to a fine not exceeding level 5 on the standard scale.
(1)A notice under this Chapter may be given to a person by—
(a)handing it to the person,
(b)leaving it at the person’s proper address,
(c)sending it by post to the person at that address, or
(d)subject to subsection (7), sending it to the person by electronic means.
(2)A notice to a body corporate may be given to the secretary or clerk of that body.
(3)A notice to a partnership may be given to a partner or a person who has the control or management of the partnership business.
(4)For the purposes of this section and of section 7 of the Interpretation Act 1978 (service of documents by post) in its application to this section, the proper address of a person is—
(a)in the case of a body corporate or its secretary or clerk, the address of the body’s registered or principal office;
(b)in the case of a partnership, a partner or a person having the control or management of the partnership business, the address of the principal office of the partnership;
(c)in any other case, the person’s last known address.
(5)For the purposes of subsection (4) the principal office of a company registered outside the United Kingdom, or of a partnership carrying on business outside the United Kingdom, is its principal office within the United Kingdom.
(6)If a person has specified an address in the United Kingdom, other than the person’s proper address within the meaning of subsection (4), as the one at which the person or someone on the person’s behalf will accept notices of the same description as a notice under this Chapter, that address is also treated for the purposes of this section and section 7 of the Interpretation Act 1978 as the person’s proper address.
(7)A notice may be sent to a person by electronic means only if—
(a)the person has indicated that notices of the same description as a notice under this Chapter may be given to the person by being sent to an electronic address and in an electronic form specified for that purpose, and
(b)the notice is sent to that address in that form.
(8)A notice sent to a person by electronic means is, unless the contrary is proved, to be treated as having been given at 9 am on the working day immediately following the day on which it was sent.
(9)In this section—
“electronic address” means any number or address used for the purposes of sending or receiving documents or information by electronic means;
“working day” means a day other than a Saturday, a Sunday, Christmas Day, Good Friday or a bank holiday under the Banking and Financial Dealings Act 1971 in any part of the United Kingdom.
(1)This section applies where a manufacturer that is not established in the United Kingdom authorises a person in the United Kingdom, with the agreement of that person, to perform any of the duties listed in subsection (3) on behalf of the manufacturer.
(2)In this Part “authorised representative”, in relation to a manufacturer, means a person authorised by the manufacturer as mentioned in subsection (1).
(3)The duties referred to in subsection (1) are—
(a)any duties under regulations made under section 9(6) (duties relating to statements of compliance);
(b)the duties under section 11(2) and (3) (duties to take action in relation to compliance failures);
(c)the duty under section 12(1) (duty to maintain records).
(4)If the authorised representative fails to comply with the duty, the authorised representative may be proceeded against under this Part for failing to comply with the duty.
(5)Subsection (4) does not affect the liability of the manufacturer under this Part for a failure to comply with the duty.
(1)Where an offence under this Part has been committed by a body corporate and it is proved that the offence—
(a)has been committed with the consent or connivance of a person listed in subsection (2), or
(b)is attributable to any neglect on the part of such a person,
that person (as well as the body corporate) is guilty of that offence and liable to be proceeded against and punished accordingly.
(2)The persons referred to in subsection (1)(a) are—
(a)a director, manager, secretary or other similar officer of the body;
(b)any person who was purporting to act in such a capacity.
(3)Where the affairs of a body corporate are managed by its members, subsection (1) applies in relation to the acts and defaults of a member, in connection with that management, as if the member were a director of the body corporate.
(4)Where an offence under this Part has been committed by a Scottish partnership and it is proved that the offence—
(a)has been committed with the consent or connivance of a partner in the partnership or a person purporting to act as such a partner, or
(b)is attributable to any neglect on the part of such a person,
that person (as well as the partnership) is guilty of that offence and liable to be proceeded against and punished accordingly.
(1)The Secretary of State may issue guidance about the effect of any provision made by or under this Part.
(2)The enforcement authority may issue guidance about the exercise of any of its enforcement functions.
(3)A person who issues guidance under this section may from time to time revise the guidance.
(4)A person who issues guidance under this section must publish—
(a)the guidance, and
(b)any revisions of the guidance.
(1)In this Part “UK consumer connectable product” means a relevant connectable product that meets condition A or B.
(2)Condition A is that the product—
(a)is or has been made available to consumers in the United Kingdom, and
(b)has not been supplied by a relevant person to any customer (whether or not in the United Kingdom) at any time before being so made available.
(3)Condition B is that—
(a)the product is or has been made available to customers in the United Kingdom who are not consumers,
(b)the product has not been supplied by a relevant person to any customer (whether or not in the United Kingdom) at any time before being so made available, and
(c)products identical to the product meet condition A.
(4)Subsections (5) to (9) apply for the purposes of subsections (2)(b) and (3)(b).
(5)Where—
(a)a product that has been supplied to a customer (“the original customer”) is returned to a relevant person in the exercise of any right (whether statutory or otherwise) to return unwanted products, and
(b)the product is subsequently made available to customers in the United Kingdom,
the product is not to be treated as having been supplied to the original customer.
(6)Where—
(a)a product that has been supplied to a customer (“the original customer”) is returned to a relevant person—
(i)in accordance with arrangements made for the purposes of, or in connection with, this Part, or
(ii)as a result of any other action taken under, or for the purposes of, this Part, and
(b)the product is subsequently made available to customers in the United Kingdom,
the product is not to be treated as having been supplied to the original customer.
(7)Where a product that has been supplied to a customer is reconditioned by or on behalf of a manufacturer of the product before being made available to customers in the United Kingdom, the product is not to be treated as having been supplied to that customer.
(8)The reference in subsection (7) to reconditioning a product is a reference to doing anything to the product, or its packaging, in order to prepare the product to be made available to customers.
(9)Where a product has been supplied to a customer (“C”) who would, in the absence of section 7(6), be a distributor of the product—
(a)the product is not to be treated as having been supplied to C, and
(b)where any of subsections (5) to (7) applies, the product is not to be treated as having been supplied to C or to any customer of C.
(10)The Secretary of State may by regulations—
(a)repeal subsection (2)(b) or (3)(b);
(b)make any amendments of this Part that the Secretary of State considers necessary or appropriate in consequence of such repeal.
(11)Regulations made under subsection (10) are subject to the affirmative resolution procedure.
(1)This section has effect for the purposes of this Part.
(2)Any reference to supplying a product is a reference to supplying the product in the course of business, and includes a reference to doing any of the following—
(a)providing the product in exchange for any non-monetary consideration;
(b)providing the product in, or in connection with, the performance of a statutory function;
(c)giving the product as a prize or otherwise making a gift of the product.
(3)Any reference to supplying a product does not include a reference to hiring out or lending the product, except where—
(a)the hiring out or lending is by a manufacturer of the product, or
(b)the product is supplied under a hire-purchase agreement.
(4)Where a product has at any time been supplied by being hired out or lent to a person, neither of the following is to be treated as a further supply of the product to that person—
(a)a continuation or renewal of the hire or loan (whether on the same or different terms);
(b)any transaction for the transfer after that time of any interest in the product to the person.
(5)The performance of a contract for the carrying out of works that consist of or include the installation of a product into a building or structure is to be treated as a supply of the product in so far as, but only in so far as, it involves the provision of the product to a person by means of its installation into the building or structure.
(6)The performance of a contract by the construction of a building or structure on land is to be treated as a supply of a product in so far as, but only in so far as, it involves the provision of the product to a person by means of its incorporation into the building or structure.
(7)Any reference to supplying a product does not include a reference to any supply of a product that is effected by the creation or disposal of an interest in land, or by the performance of an agreement for the creation or disposal of such an interest, except where—
(a)the product is incorporated into or contained in a building (or part of a building) constructed on the land,
(b)the building (or part) is to be used for a particular purpose, and
(c)at the time of the supply, the building (or part) has not previously been used for that purpose.
(8)Any reference to supplying a product does not include a reference to supplying the product by a sale of the product as scrap (that is to say, for the value of materials included in the product rather than for the value of the product itself).
(9)Any reference to supplying a product does not include a reference to merely providing transport services for the purposes of enabling the product to be supplied to any person.
(10)Where a product that has been supplied to a customer is temporarily returned for any reason to a relevant person by a person (“P”) who is—
(a)the customer to whom the product was supplied, or
(b)the customer’s successor in title,
the return of the product to P is not to be treated as a supply of the product to P.
(11)Where a person (“the ostensible supplier”) supplies a product to another person (“the customer”) under a relevant agreement and the ostensible supplier—
(a)carries on the business of financing the provision of products for others by means of relevant agreements, and
(b)in the course of that business, acquired an interest in the product supplied to the customer as a means of financing the provision of the product for the customer by a further person (“the effective supplier”),
the effective supplier and not the ostensible supplier is to be regarded as supplying the product to the customer.
(12)In this section—
“non-monetary consideration” means consideration other than money;
“relevant agreement” means—
a conditional sale agreement (within the meaning of the Consumer Credit Act 1974);
a credit-sale agreement (within the meaning of that Act);
a hire-purchase agreement (within the meaning of that Act);
an agreement for the hiring of a product (other than a hire-purchase agreement).
(1)In this Part—
“authorised representative” has the meaning given by section 51(2);
“business” includes—
any trade or profession;
the activities of a local or public authority;
the activities of a government department;
the activities of a charity;
“compliance notice” has the meaning given by section 28(2);
“consumer” means an individual acting for purposes that are wholly or mainly outside the individual’s business;
“customer”, in relation to a product, means any person to whom the product is supplied, other than—
a relevant person acting in that capacity in relation to the product, or
an authorised representative of a manufacturer of the product in its capacity of acting on behalf of the manufacturer in relation to the product;
“distributor” has the meaning given by section 7(5);
“the enforcement authority” means—
the Secretary of State, or
any person authorised to exercise a function of the Secretary of State by regulations under section 27;
“enforcement function” has the meaning given by section 27(5);
“enforcement notice” means—
a compliance notice,
a stop notice, or
a recall notice;
“excepted product” has the meaning given by section 6(1);
“importer” has the meaning given by section 7(4);
“internet-connectable product” has the meaning given by section 5(1);
“manufacturer” has the meaning given by section 7(3);
“network-connectable product” has the meaning given by section 5(3);
“penalty notice” has the meaning given by section 36(2);
“recall notice” has the meaning given by section 30(3);
“relevant connectable product” has the meaning given by section 4;
“relevant person” has the meaning given by section 7(2);
“relevant security requirement”, in relation to a relevant person, means a security requirement applying to the relevant person;
“security requirement” is to be read in accordance with section 1(1) and (2);
“statement of compliance” has the meaning given by section 9(3);
“stop notice” has the meaning given by section 29(2);
“supply” is to be read in accordance with section 55;
“UK consumer connectable product” has the meaning given by section 54.
(2)In this Part any reference to making a product available in the United Kingdom is a reference to supplying, or offering to supply, the product to a person in the United Kingdom.