Regulatory Outlook

Cyber Security | UK Regulatory Outlook March 2024

Published on 27th Mar 2024

NCSC advisory on tactics used by APT29 | NIST releases Cybersecurity Framework 2.0 | Government response to ransomware inquiry

H_2011101743FWI_Regulatory Outlook 2021_JAN 21_ICONS_Data Protection and Cyber Security_landscape

NCSC advisory on tactics used by APT29

The National Cyber Security Centre published an advisory detailing the recent tactics, techniques and procedures used by APT29 (a cyber espionage group believed to be part of the Russian intelligence services) in gaining initial access into cloud infrastructure.

Organisations, particularly those in the aviation and education sectors, as well as public bodies, should take note of the guidance to help detect and mitigate potential malicious activity.

NIST releases Cybersecurity Framework 2.0

The US National Institute of Standards and Technology (NIST) has published version 2.0 of its Cybersecurity Framework, which is widely adopted by organisations around the world.

The updated framework expands the scope to help a wider range of organisations manage and reduce cyber risks. Version 2.0 place greater emphasis on the importance of cyber security governance and supply chain risk management and should be used by organisations as a tool to design an effective cyber security strategy.

Government response to ransomware inquiry

On 11 March 2024, the Joint Committee on the National Security Strategy published the government's response to its inquiry into ransomware and UK national security.

The committee expressed concerns that the government's current approach will leave the UK exposed and unprepared for ransomware attacks. The committee stated that it will continue to monitor and follow up on issues raised in the report, including the extension of the NIS Regulations 2018 and further guidance on ransom payments.

See the press release.

EU Parliament and Council reach agreement on Cyber Solidarity Act

On 6 March 2024, the European Commission and Parliament reached a political agreement on the Cyber Solidarity Act, which aims to strengthen the EU's ability to detect, prepare and respond to cyber threats.

Among other things, the Act establishes mechanisms to support coordination of preparedness testing for critical national infrastructure and provision of financial support to Member States assisting another state affected by a significant cyber security incident. It will need to be approved by the EU Parliament before it can be formally adopted. It will enter into force on the twentieth day following its publication in the Official Journal.

To find out about more, register to attend our "Dipping into Data" webinar where Osborne Clarke's experts will discuss the developing regulatory landscape around cyber security.

EU Parliament adopts Cyber Resilience Act 

Please see Products.


View the full Regulatory Outlook

Interested in hearing more? Expand to read the other articles in our Regulatory Outlook series

View the full Regulatory Outlook

Regulatory law affects all businesses.

Osborne Clarke’s updated Regulatory Outlook provides you with high level summaries of important forthcoming regulatory developments to help in-house lawyers, compliance professionals and directors navigate the fast-moving business compliance landscape in the UK.

Receive Regulatory Outlook each month

A round-up of forthcoming regulatory developments – straight to your inbox

* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Interested in hearing more from Osborne Clarke?