Tracking cyber security policy in the UK
A general election is expected in the UK within the next 12 months.
This makes it critical for businesses grappling with the complexities of global cyber regulations to understand how these are likely to evolve under a new or re-elected UK government and to work out where new policies could unlock opportunities for innovation and investment.
Earlier this month, NCC Group’s Government Affairs team attended the UK’s two main political parties’ annual conferences and got under the skin of what a Conservative or a Labour Party ‘programme for government’ could say about technology, cyber resilience, and the future digital economy.
Tech as an enabler and the role of regulation
Both parties see the UK’s technology sector as an enabler of their respective agendas for government, as well as an industry for which (regulatory) guardrails need to be established.
At the Conservative Party Conference,
Tech was positioned as the solution to accelerating growth and empowering individuals, creating a sustainable competitive advantage internationally, and an important ally in addressing modern national security challenges.
This should also be seen in the context of Conservative Ministers advocating for greater entrepreneurialism and risk-taking, driven by an ‘enabling’ government. At the same time, the tech industry was seen by some as creating multiple modern-day challenges that government regulation should hold it accountable and liable for.
The fitness of purpose of the current parliamentary process for technology regulation was questioned more than once, and Ministers agreed that a more principles-based approach to regulation would allow for greater flexibility and agility, highlighting the importance of technical expertise informing regulation.
The Labour Party,
Meanwhile, wants to unleash the UK tech industry’s potential to support the delivery of its five missions and build thriving regional economies – from the “toolmakers in Hull” to the “computer scientists in Manchester.” In some cases, this will mean removing regulatory barriers to innovation and putting in place long-term programmes, such as a 10-year Research & Development budget. In others, regulation would provide clarity to industry, ensure a level playing field across the digital economy and enable emerging technologies to be deployed safely and securely.
As one shadow minister put it, “The government’s job is not just to get out of the way, but to give certainty of where we’re going.”
Whatever form regulation would take under a Labour Government, shadow ministers stressed that the Conservative Government’s flagship laws like the Online Safety Bill and Digital Markets Bill would not be scrapped on Day One. Rather, wholesale reform would only take place if – after a period of time – the laws had not delivered the outcomes they had set out to achieve.
AI buzzword bingo
It was near impossible to have a conversation, attend a reception or a fringe event that did not mention AI in some shape or form – in the words of one Minister, “AI is now such a massive element of the job.” Across both conferences- like tech more broadly- AI was seen as both the solution and the problem.
The Leader of the Labour Party, Sir Keir Starmer, was keen to emphasise the opportunities for AI to deliver social good in his speech to Conference, while Conservative Chancellor, Jeremy Hunt, presented the technology as the great saviour whose transformative potential would finally allow the UK to address the productivity challenges that have long plagued the country – whether that be in education, healthcare, or policing.
At the same time, AI was seen by both parties as a threat that could greatly exacerbate the risks we are already facing from a national security, online safety and fraud perspective (particularly with the deepfake of Starmer doing the rounds on social media).
What did become clear was that the Conservative Government looks to embrace sectoral regulation of AI, relying on the expertise of existing regulators, while developing an internationally interoperable and principles-based framework that offers agreement on the minimum standards for AI safety.
The Global AI Safety Summit in early November was alluded to by one Minister as an attempt to “talk about the Manhattan project before we build the bomb…” For the Labour Party, the Summit – which will focus on the risks associated with frontier AI – was marked as missed opportunity to tackle 'nearer-term' challenges.
The UK in the world
For both parties, the need to address 21st century threats from nation state actors and build sovereign supply chains for critical technologies was high on the agenda.
However, for the Conservative Government, the UK was proudly promoted as a world-leading “science and technology superpower”, with agreements like AUKUS hailed as a game changer of international collaboration and technology transfer. For the Labour Party, the UK’s soft power “has been greatly corroded.”
They set out a vision for a “Britain Reconnected” focused on enhancing relations with the EU, restoring the UK’s leadership in setting global standards and taking a “NATO-first” approach.
So, what next?
We are heartened to come away from the UK political party conference season with the reassurance that – no matter the shape of the next government after an election – technology is seen as the underpinning foundation of the current and future economy. We also see a welcome consensus that technology must be deployed safely and securely, and that proportionate regulation has a key role to play in setting the guardrails.
It is important to us that consensus does not lead to complacency. In line with our purpose to create a more secure digital future, NCC Group will continue to engage with UK and global policymakers to ensure that the decisions they are making about the future of cyberspace reflect the realities we see every day.
The debate in the UK presents a microcosm of discussions we are seeing around the world as we head toward the 2024 bumper election year. This will likely mean further changes to what is an already complex global regulatory landscape. With the insights we gain through our engagement with policymakers around the world, we will continue to help our clients navigate this evolving environment.
About the authors
Kat Sommer
AD Government Affairs/Analyst Relations, NCC Group
Kat leads NCC Group’s political engagement, government relations, and lobbying work, educating policymakers on cyber security and internal audiences on political developments and priorities and shaping the business’s operating environment.
Kat has an international understanding, having studied in Germany and the Netherlands, and worked in Argentina, Brussels, and Strasbourg before settling in the UK. She takes a keen interest in the way the public and private sectors collaborate to improve cyber resilience and is currently working on a campaign to make the UK’s Computer Misuse Act fit for the 21st century.
Verona Hulse
UK Head of Government Affairs, NCC Group
Verona is an experienced government affairs and policy professional currently leading UK public affairs for FTSE250 global cyber security firm NCC Group. In this role, she oversees NCC Group’s engagement with UK government and regulatory decision-makers and the wider policymaking community against a backdrop of the increasing regulation of cyber resilience.
Prior to joining NCC Group, she has overseen in-house and consultancy public affairs programmes for a range of organisations – from FTSE100 and public sector institutions to start-ups anddisruptors across many sectors of the economy, including aviation, logistics, and utilities.
