United Kingdom: UK government proposes new regulations for data center security

UK government launched a new consultation for data center security and resiliency regulation. The consultation dubbed “Protecting and enhancing the security and resilience of UK data infrastructure” is to source views on proposed regulations to improve the security and resilience of data infrastructure, including data centers.

John Whittingdale, minister for data and digital infrastructure, said, “We propose to introduce a new, proportionate statutory framework, focused on data centers, to ensure all relevant operators in the UK are appropriately mitigating risks where they are relevant to the national interest, and national security in particular. This framework would be applicable in the future where other risks emerge, especially as a result of new threats, technological developments, and commercial models.”

The consultation paper noted, “The criticality of data centers to our economy means that the national harm resulting from significant security or resilience shocks could be far greater than commercial harm to any one operator, and thus commercial drivers are not sufficient to drive the level of security/resilience standards required in the national interest. This regulatory function would, at a minimum, have statutory regulatory oversight over organizations that operate data centers, in particular, those that provide colocation and cohosting data center services as a third-party provider. It would seek to establish a baseline level of mitigation against security and resilience risks by all UK third-party data center operators.”