Cyber Security | UK Regulatory Outlook June 2024

UK general election 2024: cyber security aspects

To ensure the UK is fully prepared to deal with hybrid warfare including cyber attacks and misinformation campaigns, the Labour Party has committed to undertaking a Strategic Defence Review within its first year in government and aims to spending 2.5% of GDP on defence.

Meanwhile, the Conservative Party has pledged to deliver a National Defence and Resilience Plan to improve the country's preparedness for risks on the National Risk Register, which outlines the most serious risks facing the country. As previously reported, cyber is one of the nine risk themes within the report, with cyber attacks on critical national infrastructure (including electricity, gas and telecommunications systems) cited as key risks in the register.

ESAs enter into multilateral memorandum of understanding with ENISA

On 5 June 2024, the European Supervisory Authorities (European Banking Authority, European Insurance and Occupational Pensions Authority and European Securities and Markets Authority – the ESAs) announced that they have signed a multilateral memorandum of understanding (MoU) to reinforce collaboration with the European Union Agency for Cybersecurity (ENISA) on safeguarding the financial sector from cybersecurity threats.

The MoU formalises ongoing discussions between the ESAs and ENISA as a result of the implementation and harmonisation of the NIS 2 Directive and the Digital Operational Resilience Act (DORA) and sets out a framework for cooperation and information exchange on, amongst other things, the reporting of major IT-incidents, the development of draft technical standards, and oversight of critical IT third-party providers. See the memorandum.

Read our Insight for more on NIS 2 or connect with one our experts on achieving compliance with the new requirements under DORA.

Council of the EU approves conclusions for more cyber secure and resilient Union

During the Telecommunications Council on 21 May 2024, EU ministers adopted conclusions on the future of cybersecurity with the aim of improving the cyber resilience of the EU. The following were identified as focus areas for policy making:

• Strengthening existing cybersecurity cooperation structures and entities, including between the NIS Cooperation Group, ENISA, to ensure consistency of cybersecurity in sectorial legislation.
• Encouraging Member States and EU entities to engage with third party countries and actors to increase international cooperation against cybercrime, including the work of the Counter Ransomware Initiative (CRI) and the EU's commitment to the CRI's Joint Statement on Ransomware Payments.
• The Council invites the EU Commission to present a revised cybersecurity strategy to guide EU action on emerging technologies such as artificial intelligence.

Extended consultation deadline for two new codes of practice for cybersecurity and AI

Following the general election announcement, the deadline for the consultations on the two codes of practice announced in May 2024 on improving AI cybersecurity and the resilience and security of software, have been extended from 10 July to 9 August 2024.

Although departments may continue to receive and analyse consultation responses during the election period, as the codes form part of the government's National Cyber Strategy, final implementation of the codes may be affected by the general election as the proposals will need to be put to the incoming government.