UK government outlines new regulations to improve data centre security

SecurityPublished 20th December 2023

The UK government has outlined new proposals aimed at improving security and resilience in data storage facilities.

The Department for Science, Innovation and Technology (DSIT) said that the measures would help protect data centres against threats, including cyber-attacks, physical threats and extreme weather events that could become more prevalent due to climate change.

UK government outlines new regulations to improve data centre security

According to government figures, nearly a third (28%) of all businesses in the UK currently use services housed in data centres.

This rises to nearly two-thirds (62%) of larger businesses with at least 250 employees.

As data centres play a vital role in the UK economy, DSIT said that major security incidents could affect the whole country instead of being restricted to individual businesses.

DSIT pointed out that data centre operators generated about £4.6bn in revenue in 2021, while data contributed 6.9% to gross domestic product (GDP) last year.

More than three-quarters (76%) of all service exports from the UK relied on data, and the vast majority of all UK businesses routinely handled data.

With data centre outages already costing billions every year, it is hoped that the new proposals could help safeguard both the data centre industry and the wider economy.

The government is also considering designating some parts of the data centre sector as critical national infrastructure (CNI).

Proposals include minimum safety requirements and new regulatory body

The proposals include the introduction of new laws to make minimum security and resilience requirements mandatory for all data centre operators.

One measure under consideration is a legal requirement for data centre operators to report incidents and work with the sector as a whole to test risk mitigation against potential threats.

This would improve transparency and allow risks to be better identified and addressed, DSIT said, with a newly established regulatory body set up to administer the regulations.

The government has now launched a consultation on the proposals to improve and assure the security and resilience of UK data infrastructure.

It is looking for the views of all interested parties, particularly data centre operators and owners, cloud platforms and managed service providers, customers and suppliers of all these services, and independent experts on data storage and processing.

The government said that a new regulatory framework in these services could also encourage growth and investment in the UK as it improves data centre resilience.

Today’s news was brought to you by TD SYNNEX – the UK’s number one solutions distributor.