IT security professionals may require a government licence to work in future, Home Office minister Charles Clarke has warned, leaving the door open for further regulation of the UK IT industry.

Clarke has refused to rule out including IT consultants in professions covered by the Private Security Industry (PSI) Bill, which was originally intended to cover bouncers and wheel-clampers.

Currently at the committee stage in the House of Commons, the Bill incorporates a clause that covers the activities of anyone advising on "security precautions in relation to any risk to property".

Tim Conway, policy director at the Computer Software and Services Association (CSSA), said the CSSA had objected strongly to the Bill because the clause could relate to professionals in the IT industry even though the government had not consulted representatives of the sector as required.

When asked whether it covered information security issues, which are dealt with by IT staff ranging from systems administrators to ethical hackers, Clarke said: "Just as with tangible assets, there are real threats to the security of information, and advice and precautions are needed to protect it."

He added that the Bill would have no impact on the IT industry until the Department of Trade and Industry (DTI) had consulted with it over current practices. The government would then decide whether regulation was necessary.

Conway said that Clarke's statement was "far from perfect, but was a step on the right road".

But Caspar Bowden, director of internet policy think tank the Foundation for Information Policy Research, explained that, while the government had exempted other professions from being covered by the Bill, Clarke's remarks indicated that this was not the case for IT staff. As a result, he warned, anyone working with encrypted data could require a licence.

"This looks like a tactic to keep the government's options open. Unless there are the same cast iron exemptions for programmers, systems administrators and IT consultants that have been granted to other professions, the government can introduce licensing by order at any time," he claimed.

While other industry associations are still evaluating their stance, some IT professionals welcomed the idea of regulation.

A member of the e-crime unit of the European Information Society Group (EURIM), who asked not to be named, said it would shortly hold a meeting to discuss PSI.

"On one hand, there's a knee-jerk reaction against the measure. But some members feel there does need to be a register of information security consultants. How you check information security people for professionalism has long been an issue," he said.

"The industry needs to decide whether it needs to put its own house in order, and if so, how, before the government tries to do so for it," he added.

A spokeswoman for the Professional Contractors Group (PCG), which is currently fighting a legal battle with the government over tax changes hitting IT consultants, said it was unsure how the proposed legislation would affect IT workers. But she added that the PCG was prepared to meet the DTI to discuss regulation.