Decision

Aboca Advice: Jeremy Fleming, Strategic Advisor, Nihon Cyber Defence Co. Ltd

Updated 3 July 2024

1. Business Appointment Application: Sir Jeremy Fleming KCMG CB, former Director of the Government Communications Headquarters (GCHQ). Paid appointment with Nihon Cyber Defence Co. Ltd.

Sir Jeremy, former Director of GCHQ, sought advice from the Advisory Committee on Business Appointments (the Committee) under the government’s Business Appointments Rules for Former Crown Servants (the Rules) on an appointment he wishes to take up with Nihon Cyber Defence Co. Ltd (Nihon) as an Strategic Advisor. 

The purpose of the Rules is to protect the integrity of the government. The Committee has considered the risks associated with the actions and decisions made during Sir Jeremy’s time in office, alongside the information and influence he may offer Nihon. The material information taken into consideration by the Committee is set out in the annex.

The Committee’s advice is not an endorsement of the appointment - it imposes a number of conditions to mitigate the potential risks to the government associated with the appointment under the Rules. 

The Rules set out that Crown servants must abide by the Committee’s advice.^{[footnote 1]} It is an applicant’s personal responsibility to manage the propriety of any appointment. Former Crown servants are expected to uphold the highest standards of propriety and act in accordance with the 7 Principles of Public Life.

2. The Committee’s consideration of the risks presented 

Nihon is certified under the National Cyber Security Centre cyber incident response scheme to provide response services to cyber events to companies and organisations. GCHQ confirmed it has no commercial relationship with the company, Sir Jeremy made no policy or commercial decisions specific to Nihon, nor did he meet with the organisation. As such, the Committee^{[footnote 2]} considered the risk that this role could reasonably be perceived as a reward for decisions made or actions taken in office, is low.

As the former Director of GCHQ, Sir Jeremy would have had access to a range of sensitive information, including that which relates to geopolitics and cyber security. As a result there are real and perceived risks he could offer Nihon an unfair advantage due to insight gained in office. GCHQ and the Cabinet Office confirmed that it was not concerned Sir Jeremy had access to any specific information he had access to, that would offer an unfair advantage. It is significant that Sir Jeremy has been out of office for over 10 months, which puts a gap between his access to information in office and his taking up the role. 

As the former Director at GCHQ, there is a risk he could be seen to offer Nihon unfair access to government. Given Sir Jeremy’s role is client-facing and he will have a representational role with Nihon, there is a risk that Sir Jeremy could use these contacts gained in other governments and organisations to unfairly advantage Nihon.

The unknown nature of Nihon’s clients means that it is difficult to determine the precise work that Sir Jeremy will undertake. Therefore, there is a risk he may be asked to advise on matters that overlap with his responsibilities in office, or with companies he had a relationship with as the Director of GCHQ.

3. The Committee’s advice

Due to the nature of the unknown clients Sir Jeremy will be advising, the Committee has imposed a condition which makes clear that in working with Nihon and its clients, Sir Jeremy should not advise on any areas that relate to matters he had material role in developing or determining during his time as Director GCHQ.

The Committee determined that the remaining risks identified in this application can be appropriately mitigated by the conditions below. These make it clear Sir Jeremy cannot make use of privileged information, contacts or influence gained from his time in Crown service to the unfair advantage of Nihon or its clients. 

The Committee’s advice, under the government’s Business Appointment Rules, that this role with Nihon Cyber Defence Co. Ltd should be subject to the following conditions:

• he should not draw on (disclose or use for the benefit of himself or the persons or organisations to which this advice refers) any privileged information available to him from his time in Crown service;

• for two years from his last day in Crown service, he should not become personally involved in lobbying the UK government or its arm’s length bodies on behalf of Nihon Cyber Defence Co. Ltd (including parent companies, subsidiaries, partners and clients); nor should he make use, directly or indirectly, of his contacts in the government and/or Crown service contacts to influence policy, secure business or otherwise unfairly advantage Nihon Cyber Defence Co. Ltd (including parent companies, subsidiaries, partners and clients);

• for two years from his last day in Crown service, he should not provide advice to Nihon Cyber Defence Co. Ltd (including parent companies, subsidiaries, partners and clients) on the terms of, or with regard to the subject matter of, a bid with, or contract relating directly to the work of the UK government or its arm’s length bodies; 

• for two years from his last day in Crown service, he should not become personally involved in lobbying contacts he has developed during his time in office and in foreign governments and organisations for the purpose of securing business for Nihon Cyber Defence Co. Ltd (including parent companies, subsidiaries and partners); and

• for two years from his last day in Crown service, he should not advise Nihon Cyber Defence Co. Ltd (including parent companies, subsidiaries, partners and clients) on work with regard to  policy or operational matters he had specific involvement or responsibility for, or where he had a relationship with the company or organisation during his time as Director of GCHQ.

The advice and the conditions under the government’s Business Appointment Rules relate to your previous role in government only; they are separate from rules administered by other bodies such as the Office of the Registrar of Consultant Lobbyists, the Parliamentary Commissioner for Standards and the Registrar of Lords’ Interests.^{[footnote 3]} It is an applicant’s personal responsibility to understand any other rules and regulations they may be subject to in parallel with this Committee’s advice.

By ‘privileged information’ we mean official information to which a Minister or Crown servant has had access as a consequence of his or her office or employment and which has not been made publicly available. Applicants are also reminded that they may be subject to other duties of confidentiality, whether under the Official Secrets Act, the Civil Service Code or otherwise.

The Business Appointment Rules explain that the restriction on lobbying means that the former Crown servant/Minister ‘should not engage in communication with Government (Ministers, civil servants, including special advisers, and other relevant officials/public office holders) – wherever it takes place - with a view to influencing a Government decision, policy or contract award/grant in relation to their own interests or the interests of the organisation by which they are employed, or to whom they are contracted or with which they hold office’.

Sir Jeremy must inform us when he takes up employment with this organisation, or if it is announced that he will do so. Sir Jeremy must also inform us if he proposes to extend or otherwise change the nature of his role as, depending on the circumstances, it may be necessary for him to make a fresh application.

Once the appointment has been publicly announced or taken up, we will publish this letter on the Committee’s website, and where appropriate, refer to it in the relevant annual report.

4. Annex - Material information 

4.1 The role

Sir Jeremy said Nihon is a cyber security and incident response company. It is based in Japan with offices in Malaysia, USA, India, Ireland and the UK. According to its website- Nihon is a global cyber security company whose purpose is to protect and support critical national infrastructure, governments, large organisations and small, medium enterprises from the increasing impact of debilitating cyber-attacks. It offers its clients a range of services which are as follows: cyber security consultancy services, protective services, security operations, incident management, and security information and event management. 

Nihon has a certification under the National Cyber Security Centre (NCSC) Cyber Incident Response scheme. The NCSC said that the scheme gives clients confidence in companies which meet the rigorous standards for high quality cyber incident response. It therefore illustrates Nihon can help companies/organisations to recover from cyber incidents and deliver an investigation of the incident along with recommendations on how to prevent it happening again.^{[footnote 4]}

Sir Jeremy said that he will be an advisor to the Chief Executive and senior management team on the trends of cyber security and geopolitics. Further, he will have a representational role accompanying Nihon teams when working with customers in Japan and globally. Sir Jeremy said that his role will primarily focus on the far east where the company conducts the majority of its business, especially in Japan. Sir Jeremy said his role will not involve contact or dealings with the UK government 

4.2 Dealings in office

Sir Jeremy advised the Committee he did not: - meet with Nihon; - have any  involvement in any commercial or contractual decisions relating to Nihon; - have any involvement in any relevant policy development or decisions that would have affected Nihon; - have access to sensitive information specific to Nihon or its competitors.

4.3 Department Assessment

GCHQ and the Cabinet Office confirmed the details provided by Sir Jeremy and added:

• GCHQ has no commercial relationship with Nihon.

• Sir Jeremy was responsible for the National Cyber Security Centre as part of GCHQ. However, the NCSC’s daily operation was led by the Chief Executive and as such, Sir Jeremy was not involved in detailed cyber security issues. Sir Jeremy may have made decisions that affected the entire cyber security sector, but not specific to Nihon.

• Sir Jeremy would have held strategic relationships and met with potential competitors of Nihon, but was not aware of any meetings or access to information that would raise specific concerns in this regard. 

• Sir Jeremy would have access to sensitive information that could be relevant to Nihon, but is not aware of any specific information that could provide Nihon with an unfair advantage. 

GCHQ and the Cabinet Office confirmed they had no concerns with this appointment subject to certain conditions. It recommended standard conditions, inducing a three month waiting period (now passed). Further it said an additional condition should apply to prevent Sir Jeremy from advising the employer or its clients on work with regard to any policy he had specific involvement or responsibility for during his time in office, or where he had a relationship with relevant clients.

1. Which apply by virtue of the Civil Service Management Code, The Code of Conduct for Special Advisers, The King’s Regulations and the Diplomatic Service Code. ↩

2. This application for advice was considered by Isabel Doverty; The Baroness Jones of Whitchurch; Dawid Konotey-Ahulu CBE DL; The Rt Hon Lord Eric Pickles; Mike Weir, and Sarah de Gay. Andrew Cumpsty, Hedley Finn OBE, and Michael Prescott were unavailable. ↩

3. All Peers and Members of Parliament are prevented from paid lobbying under the House of Commons Code of Conduct and the Code of Conduct for Members of the House of Lords. ↩

4. https://www.ncsc.gov.uk/schemes/cyber-incident-response ↩