Computer Millennium Non-compliance (Contingency Plans)

§ Mr. David Atkinson (Bournemouth, East)

I beg to move,

That leave be given to bring in a Bill to require organisations responsible for the provision of essential public services and critical infrastructure to draw up contingency plans in the event of their computer systems failing to deal with calendar dates after 31st December 1999; to require such plans and the names of those responsible for them to be notified to an appropriate authority; to require the plans to be made available on demand; and for connected purposes. In 1995, in a question to the then Prime Minister, my right hon. Friend the Member for Huntingdon (Mr. Major), I warned of the possible consequences for business and government of the threat to computer systems posed by the failure of most of them to recognise the year 2000. On hearing that, the whole House fell about—I do not suppose that there were many hon. Members then who knew what I was talking about. Today, scarcely a day goes by without a reference to the threat of "Y2K", as the issue is technically called. Today, with only 333 days left, there is growing awareness that not enough has been or can now be done to ensure that the commencement of the new century will be trouble free.

It is true that this country is probably ahead of most others in taking the action necessary to avoid problems. In addition to the measures that my right hon. Friend the Member for Huntingdon told me his Government were taking, in response to my Adjournment debate on the issue in June 1996, the then information technology Minister, my hon. Friend the Member for Esher and Walton (Mr. Taylor), announced the establishment of a TaskForce 2000 business awareness campaign. In 1997, the current Government replaced TaskForce 2000 with Action 2000, which last year introduced the millennium bug campaign. In addition, the current Government report quarterly to the House on the progress being made by central Government in tackling the problem.

The Leader of the House made the fourth such statement to the House on 2 December, when in answer to my right hon. Friend the Member for Wokingham (Mr. Redwood) she said that, when she had attended an international conference on the issue, it appeared that this country was much the best prepared. The right hon. Lady also said that we are internationally vulnerable, and she was right to do so. One of the essential messages that everyone needs to understand about this unique issue is that no computer is an island, and no island such as ours can be insulated from the global economy. No matter how well this country is prepared, if our computer systems are linked to others that are not ready, ours will be affected by them.

There is no internationally recognised standard on millennium conformity, or any world test day: I have argued for both of those in the Council of Europe in its role within the Organisation for Economic Co-operation and Development. Today, there is ample evidence that Japan, much of south-east Asia, China, Russia and many European countries with which we trade, such as Spain, will not be millennium ready. Because there is no longer sufficient time left—let alone sufficient resources available—to ensure that such countries will be ready, the early warnings by experts that there will be a tidal wave 738 of chaos affecting whole economies, commencing where the new millennium first arrives, in the Pacific region, and moving westward with the speed of time, are no longer treated with incredulity.

The same logic applies just as crucially to our economy and the provision of public services. It is truly an all or nothing situation. In a network of computer systems, the chain is as strong as its weakest link. If one system is not compliant, all those with which it is linked are at risk. That is why no one can guarantee that we shall avoid problems at the end of the year. The magnitude of the millennium issue is impossible to quantify. The truth is that no one knows what will happen when Big Ben strikes midnight of the new millennium.

To date, the House has kindly allowed me to introduce two Bills to respond to that issue. Because I did not consider that it would be sufficient to rely on voluntary awareness and action on the part of those in the private sector to ensure that British business would be millennium ready, I introduced the Companies (Millennium Computer Compliance) Bill in 1996 and again in 1997. In March last year, I introduced the Millennium Conformity Bill, which would have required all date-related computer systems to conform to the British Standards Institution code. Neither Bill received the support of the Government of the time.

Today, most experts agree that anyone now waking up to the issue and commencing the time-consuming, painstaking process of essential testing will find that there is not enough time left. That is the view of the head of Action 2000, Gwyneth Flower, who recently said: We are too late to have a trouble free transition to the new millennium". That is why it is now essential to ensure that contingency plans are in place, and especially to ensure that our public services are maintained and that our critical infrastructure makes a seamless transition into the next century. That is the purpose of the Bill that I seek the leave of the House to introduce today. It accords with the advice of the Prime Minister, the Leader of the House, the National Audit Office, Action 2000, TaskForce 2000, the second report of the Select Committee on Science and Technology, the 66th report of the Public Accounts Committee and the second report of the Select Committee on Environment, Transport and Regional Affairs. The difference between their advice and my Bill is that they make exhortations to take voluntary action, whereas my Bill would impose a statutory obligation on those concerned.

Why should that obligation be necessary? As I have already emphasised, voluntary action has not resulted and will not now result in this country being completely millennium ready, so it will not ensure that contingency plans will be in place. The Bill would do more to ensure our protection. It would require organisations responsible for providing essential public services and critical infrastructure to draw up contingency plans to maintain continuity in the event of the failure of the computer systems involved. It would require such plans and those responsible for them to be notified to an appropriate authority and to be made available on demand. Hon. Members from both sides of the House are sponsoring the Bill.

It may be said that such a Bill is unnecessary because existing legislation provides for contingency plans to be drawn up to deal with a wide range of civil emergencies, 739 from floods to terrorism and from hurricanes to epidemics, and those arrangements are already in place. That is true, but all that legislation is designed to respond to unforeseen events. Such contingency plans are broadly designed to respond to a variety of situations and, conventionally, to counter physical failures. Year 2000 problems are not a physical failure; they are a logical failure.

It is not well understood that all conventional forms of contingency and disaster recovery planning for information technology systems will not work for year 2000 projects. New forms of contingency plans will be needed. Moreover, existing legislation does not provide for business risk scenarios, and existing private sector contingency plans are also unlikely to be appropriate for potential millennium emergencies.

Unlike most emergency situations, the threat of the millennium bug is utterly predictable in its timing. It will begin to affect non-compliant, date-related computer systems from midnight of the first day of the new century—either with immediate effect or after a period, according to what the computers have been programmed to do. That is a threat on which we can legislate precisely.

My Bill calls for contingency plans to respond precisely to the performance of computer systems. It is confined to those that provide essential public services and infrastructure that is critical to our nation. If passed, it would do much to ensure minimum interruption in our daily lives and the protection of the most vulnerable people. Without such precise legislation in response to such a predictable and unique threat, a growing mood of uncertainty and alarm may develop over the year, altering the behaviour of the public and financial markets. We still have time to avoid that scenario; that is what my Bill will do.