Page:ISC-China.pdf/184

CHINA

The ONR is an independent regulator established under the Energy Act 2013. It regulates nuclear safety, nuclear security, conventional health and safety on nuclear sites, and the transport of radioactive materials. In addition, the ONR regulates the holders of sensitive nuclear information, which are normally corporate headquarters and supply chain organisations.

The Nuclear Installations Act 1965 empowers the ONR to attach to each nuclear site such licence conditions as it considers necessary either in the interests of safety or with respect to the handling, treatment and disposal of nuclear matter. Licence conditions can include requirements for cyber security and resilience.

The ONR is responsible for inspections of nuclear sites and for enforcement of the laws and regulations concerning the Civil Nuclear sector, and has the power to prosecute for breaches of relevant legislation in England and Wales, and to recommend prosecution in Scotland. Witnesses noted that these responsibilities can be altered by the Secretary of State:

"in the Civil Nuclear sector, the regulation covers two areas. That is unplanned radiological release and sensitive nuclear information, and the definition … of that is anything interesting to an adversary. So that is extremely broad. Therefore it has to be narrowed down by the Secretary of State for BEIS. … ONR … have a letter from the Secretary of State for BEIS, who dictate the parameters of what they are to regulate for.

So it is within Government's purview, the Secretary of State, to define how broad or how narrow that is. So we work with ONR and with BEIS to articulate the threat and how that is changing, and then they interpret that to regulate."

In the context of Chinese investment in the Civil Nuclear sector, the ONR is responsible for the approvals process for new reactor designs, and is therefore key to China's ambitions to showcase its Hualong One reactor technology at Bradwell. Although the design has been approved from a regulatory point of view, the ONR would also have to approve a nuclear site licence for the Bradwell project.

The ONR has a working relationship with the Centre for the Protection of National Infrastructure (CPNI), NCSC and Joint Terrorism Analysis Centre (JTAC) (and the ONR had staff embedded within JTAC until 2021). As the CEO of NCSC explained to us in January 2017:

"[There] isn't any legislation specifically passed to enforce cybersecurity standards in any [CNI] sector … [but] the Office of the Nuclear Regulator has the power to direct that certain standards in the engineering must be adhered to and the [ONR] consults us on what [those standards] should be in the age of cyber defence and that is, I think, a helpful process."