Britain’s biggest phone and web companies have raised serious questions over the cost and feasibility of their delivering the government’s “snooper’s charter” legislation.

Senior figures from BT, Vodafone, 02 Telefonica, EE and 3 have told MPs and peers that the proposals from the home secretary in the draft investigatory powers bill are so technically complex that it is not yet possible to make any meaningful estimate of the costs involved or whether they are technically possible.

The phone and internet companies’ representatives gave evidence on the issues to two parliamentary committees. Their main concerns focus on the Home Office’s estimate that new powers requiring the companies to retain internet connection records – simplified versions of everyone’s web browsing history – will cost only £174m over the next 10 years.

The government has said it will underwrite all “reasonable” costs involved in introducing, retaining and storing internet connection records for 12 months for access by the police and security services.

But the web companies have voiced strong scepticism of the £174m figure, saying it will prove to be a serious underestimate. They have given a clear warning that it will take at least 18 months – long after the legislation has reached the statute book – before they know whether it will be technically feasible to retain and store everybody’s internet connection records.

Antony Walker of techUK told MPs: “I have met very few people across business who would regard it as a properly robust figure.”

Mark Hughes, the president of BT Security, said that despite lengthy consultations over the summer, including a round table with Theresa May, there were still many technical complexities to sort out. He told the Commons science and technology committee that it would cost BT alone “many tens of millions of pounds” to implement. BT said in written evidence: “On overall cost we are not yet able to give a meaningful estimate.”

Senior figures from all the phone companies told MPs and peers on the draft bill scrutiny committee that it might be possible to develop the technical capability to collect everyone’s internet connection records. “The technology does not exist at the moment … We are at the feasibility stage and it will take 18 months before we find a solution.” They said that until the Home Office could precisely define its requirements it was very difficult to speculate on the feasibility or the costs involved. “You cannot underestimate the complexity,” one senior executive told MPs and peers.

Home Office officials giving evidence said the £174m estimate was the cost over 10 years based on their work with the industry and the historical costs of data collection. They suggested the new powers would be phased in. The officials said: “We would not be able to implement everything in one place, as there is only so much industrial capacity. We would phase it over time.”

The Bar Council is to warn that legally privileged conversations between clients and their lawyers will not be protected from eavesdropping and communications surveillance under the new legislation. The organisation, which represents barristers across England and Wales, is due to give evidence in parliament on Wednesday. It will criticise the lack of any statutory provision within the bill covering exchanges between lawyers and their clients, which enjoy a special protected status under the law.

The Bar Council said that providing explicit protection to clients’ conversations only in subsidiary codes of practice would be inadequate since codes of practice do not have legal force and can be changed by statutory instrument.

Peter Carter QC, the chair of the Bar Council’s surveillance and privacy working group, said: “If the privacy of legally privileged communications is not written into law, then the law will not protect citizens from surveillance when consulting with their legal representatives.

“Under the current draft, security services would be allowed to spy on private communications between clients and their lawyers because protections for legal privilege are not written into the bill. Even when codes of practice come into force, the security services will still be able to listen in, facing only mild sanctions if they fail to follow the right procedures.”