Summary
We're seeking views on a proposed regulation to improve the
security and resilience of data infrastructure, including data
centres.
This consultation closes at
11:55pm on 22 February 2024
Consultation description
This consultation will gather further views and evidence to
inform development of proposals to improve and assure the
security and resilience of UK data infrastructure.
The proposals focus on third-party data centre services, which
face:
- security threats such as cyber-attacks, physical attacks and
insider threats
- resilience risks resulting from hazards such as equipment
malfunction and extreme weather
- poor information-sharing and cooperation across industry, and
with HMG, which
hamper our ability to appropriately identify and address risks
The proposals focus on a new proposed statutory framework
applying to UK-based data centre services provided to third
parties, but potentially applicable in future where other risks
are evidenced.
The government invites feedback from any interested party, but in
particular:
- data centre operators
- data centre land and facility owners
- cloud platform providers
- managed service providers
- customers and suppliers of the providers above,
- independent or academic experts on data storage and
processing
Following this consultation, we will carefully consider views and
evidence, which will inform our response and any further
proposals.
This consultation will be complemented by continued engagement
with industry, experts, across UK government departments and
agencies, and with international partners to further inform
policy development and implementation to address risks related to
UK data infrastructure.
Documents
Protecting and enhancing
the security and resilience of UK data
infrastructure
