Ossian Smyth (Dún Laoghaire, Green Party) | Oireachtas source

I move amendment No. 5:

In page 10, between lines 28 and 29, to insert the following:

“ “high-risk vendor measure” has the meaning given to it by section 25;”.

Before I discuss amendments Nos. 5 to 9, inclusive, I wish to draw my colleagues' attention to amendment No. 6, which is now included in a substitute list. This is to amend a cross-referencing error, which had previously read "a direction under section 32(2),”.", and which now reads "a direction under section 33(2),”."

I am introducing amendment No. 5 in order to define a “high-risk vendor measure”, of which eight measures are listed in section 25. Amendment No. 6 is required for these subsections to be defined as regulatory breaches under the Bill when enacted. The amendment will add these new subsections to the definition of regulatory breach. The definition will now mean that a failure to comply with these measures is a regulatory breach and subject to the administrative sanction process set out in Part 7 of the Bill.

Under section 33(2), ComReg may serve a direction on a provider requiring them to show information that they have complied with a high-risk vendor measure and if they have not complied to explain why not, to submit a possible security audit, and to bear any costs associated with that audit.

Amendment No. 7 is required to clarify that a person affected by a high-risk vendor measure or a variation of such a measure can only challenge the decision through an appeal to the High Court. This amendment is required to ensure consistency with the policy objectives and other similar provisions in the Bill, as currently an appeal of a measure under Part 2, security of networks and services, does not exclude the traditional judicial review but does allow the High Court to grant remedies on the basis of what might be called judicial review assessments.

I am not able to accept amendment No. 8 where the Deputy seeks "to delete "electronic communications networks or electronic communications services” and substitute “public 5G telecommunication networks”, as this would narrow the scope of the legislation and what it is setting out to achieve. This is future-facing legislation and it must be flexible to deal with emerging threats. It would be unwise to limit the legislation to just 5G networks prior to having carried out the risk assessment set forth in this section.

I do not propose to accept amendment No. 9. This would delete the definition of "high-risk vendor" from the interpretation of Part 3. I earlier introduced an amendment for the definition of “high-risk vendor measure” to follow the definition of “high-risk vendors". Both definitions have the meaning given to them in individual sections and it would not make sense to remove any of these from the interpretation sections.

See this speech in context