Changes coming on Smart Data-Identity Cards -Cyber Security and AI

On 17th July 2024, the King’s Speech gave notice of over 30 pieces of legislation that will be introduced by the new UK Government elected on June 4th, 2024. Two of these relate to Data Protection and Cyber Security. They are the:-

·???????? Digital Information and Smart Data Bill

·???????? Cyber Security and Resilience Bill

Background on each appears below.

Parliamentary managers will be announcing in due course the timetabling of each piece of legislation. There is also a mention below about Artificial Intelligence (AI) in the light of recent European Union (EU) legislation and its implications for the UK.

At the end of this note, there is a full listing of all the other new laws that will be coming.

Details can be obtained from QED on request.

1.????? Digital Information and Smart Data Bill

The Government says it wants to ensure we harness the power of data for economic growth, to support a modern digital government, and to improve people’s lives.

They say this will enable new innovative uses of data to be safely developed and deployed and will improve people’s lives by making public services work better by reforming data sharing and standards; help scientists and researchers make more life enhancing discoveries by improving our data laws; and giving the ?Information Commissioner(the ICO) new, stronger powers and a more modern structure.

What does the Bill do? The Government say it will include:-

·???????? Digital identity verification aimed at enabling people to use digital identities to ease processes such as moving house, buying age-restricted products and pre-employment checks.

·???????? ?‘Smart data’ measures?designed to facilitate the ability to share personal data across platforms and with third parties. This is likely to expand Open Banking which allows customers to easily share their account information with third parties to facilitate payments.

·???????? ?ICO reform?to introduce a national Information Commission and move away from having all powers and functions resting with one Commissioner. This will mean a Board and Chief Executive Officer.

·???????? Consent provisions for scientific research?to enable scientists to ask for broad consent for legitimate scientific research.

?2.????? Cyber Security and Resilience Bill

?The Government say our digital economy is increasingly being attacked by cyber criminals and state actors, affecting essential public services and infrastructure. In the last 18 months, our hospitals, universities, local authorities, democratic institutions and government departments have been targeted in cyber-attacks. Essential services are more vulnerable to hostile actors and recent cyber-attacks affecting the NHS and Ministry of Defence show the impacts can be severe. Ministers want to take swift action to address vulnerabilities and protect our digital economy to deliver growth. They aim to strengthen the UK’s cyber defences, ensuring that critical infrastructure and the digital services that companies rely on are secure?

?What does the Bill do? The Government say it will include:-?

• Expanding the remit of the existing regulation, putting regulators on a stronger footing, and increasing reporting requirements to build a better picture in government of cyber threats. Ministers say it is essential for increased incident reporting to give government better data on cyber-attacks, including where a company has been held to ransom – this will improve understanding of the threats and alert the UK to 94 potential attacks by expanding the type and nature of incidents that regulated entities must report.
• Updating existing UK regulations which reflect law inherited from the EU and are the UK’s only cross-sector cyber security legislation. They have now been superseded in the EU and require urgent update in the UK to ensure that our infrastructure and economy is not comparably more vulnerable. See also the note below about Artificial Intelligence(AI)
• Updates to the legacy regulatory framework by expanding the remit of the regulation to protect more digital services and supply chains. ??
• Filling an immediate gap in our defences and prevent similar attacks experienced by critical public services in the UK, such as the recent ransomware attack impacting London hospitals. putting regulators on a strong footing to ensure essential cyber safety measures are being implemented. This would include potential cost recovery mechanisms to provide resources to regulators and providing powers to proactively investigate potential vulnerabilities.

?What about Artificial Intelligence? (AI)

Information is thin here. ?Ministers confirmed that the Government will?“seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models. However, given the point earlier about the planned update to UK Data Protection Laws in line with European protections, it is worth noting that the European Union AI Act comes into force on 1 August 2024, with provisions coming into operation gradually over the following 6 to 36 months.

It covers all types of AI across a broad range of sectors, with exceptions for AI systems used solely for military, national security, research and non-professional purposes.?It does not confer rights on individuals, but regulates the providers of AI systems and entities using AI in a professional context. Importantly, the Act classifies non-exempt AI applications by their risk of causing harm. There are four levels – unacceptable, high, limited, minimal – plus an additional category for general-purpose AI.

·???????? Applications with unacceptable risks are banned.

·???????? High-risk applications must comply with security,?transparency?and quality obligations, and undergo?conformity assessments.

·???????? Limited-risk applications only have transparency obligations.

·???????? Minimal-risk applications are not regulated.

Given the new government’s stated intention to develop new working relationships with the European Union, we can expect further announcements on AI within this context.

?Other New Laws in the Pipeline

Other Laws that will be coming include those listed below. Get in touch for more information about any of these listed. Our training courses and policy consultations with breaking news will continue to update participants and clients!

There will in summary be new laws and/or agencies on:-

·???????? Employment Rights

·???????? Equal Pay

·???????? Equalities for LGBTB communities

·???????? Immigration and Asylum

·???????? Mental Health

·???????? Sexual Harassment

·???????? Skills and Training

·???????? Welfare Benefits

And more initiatives dealing with a closer working relationship at all levels with the European Union post Brexit

www.qedworks.co.uk

?

?