Preparations are underway for ofcom to expand its regulatory remit to include datantres, as the government seeks to harden up the “soft points” in the uk's cyber defanes through the enactment of the Cyber Security and Resilience Bill (CSRB),
The revival emerged during an oral evidence session, overseen by the Science, Innovation and Technology Committee, on 20 May 2025Featuring contributions from ofcom CEO DAME Melanie Dawes and Natalie Black, The Organization's Networks and Communications Group Director.
The Session Saw The Pair Quizzed by the Committee Members on What Risk “Foreign Actor” Pose to the UK's Cyber Security, and – Based on the area of that ofcom is involved in helping to protect – Where AREAS Points in the UK's Cyber Security Defense?
In response to the latter point, black referenceed the importance of using two-factor authentication methods and ensuring staff are definitely trained to keepany data company. She also talked about the importance of ensuring infrastructure is designed with security built-in from the start, raather than as an afternout later on, adding: Third-Party Suppliers, which is Always Challenging. “
The pair was then asked if, in their opinion, the proposed CSRB would “Properly Address” these “soft points”, to which black replied that these points are alredy addresses Legislation.
“The cyber security and resilience bill is an opportunity to make sure that we do not rest on our Laurels and that we Evolve Both how we look at these threats and the power we have to death. “That is a long way of saying we can always be better in this space. That is the challenge cyber security.”
First announced during the king's speech in July 2024, The CSRB is intended to strengthen the uk's cyber defense in recognition of the fact that uk plc is being instacked by focal Cyber criminals and state actors.
DURING The Committee Session, Dawes said the Bill's remit is also expected to include datacentresBefore confirming that ofCom has told the government that it would be happy to “do more in some of the spaces” that it already regulations to protect uk plc from cyber atacks.
On this point, sheid chris bryant, the minister of the department for science, innovation and technology (dsit) (dsit), had already been in touch to ask if ofcom would be worry to Increage to Increage. Cover datacentres.
Computer weekly undersrstands that ofcom have been asked to prepare itself for taking on the regulation of the datacentre sector, in line with the contents of the network and information systems regulation of the csrb.
Computer weekly contacted dsit for more information on what form this regulation might take, but was told the department has no further comment to make at this time.
When asked the same question, an ofcom spokesperson Directed Computer Weekly to the Original CSRB policy statement
The document states that, in the wake of datacentres being designated as Critical National Infrastructure (CNI) in the July 2024 King's Speech“The government is committed to introducing proportionate regulatory oversight” of the sector.
As detailed in the document, datacentres that are 1mw or worth in capacity would be in-space of the regulation, but enterprise datacentres would only need to comply with regulations if they have a capacation of more than 10mw.
“Bringing Datacentres Into Scope of the Regulations would strengthen and level the consistency of protection across the sector, provide a platform for secret and engage, and give government, and give government Regulator the Levers to Steward the Sector in the face of an evolving threat landscape in line with other CNI Utilities, “According to the policy statement.