Protecting and enhancing the security and resilience of UK data infrastructure
Consultation description
This consultation will gather further views and evidence to inform development of proposals to improve and assure the security and resilience of UK data infrastructure.
The proposals focus on third-party data centre services, which face:
- security threats such as cyber-attacks, physical attacks and insider threats
- resilience risks resulting from hazards such as human error and extreme weather
- limited information-sharing and cooperation across industry, and with HMG, which hamper our ability to appropriately identify and address risks
The proposals focus on a new proposed statutory framework applying to UK-based data centre services provided to third parties, but potentially applicable in future where other risks are evidenced.
The government invites feedback from any interested party, but in particular:
- data centre operators
- data centre land and facility owners
- cloud platform providers
- managed service providers
- customers and suppliers of the providers above
- independent or academic experts on data storage and processing
Following this consultation, we will carefully consider views and evidence, which will inform our response and any further proposals.
This consultation will be complemented by continued engagement with industry, experts, across UK government departments and agencies, and with international partners to further inform policy development and implementation to address risks related to UK data infrastructure.