The King has unveiled the newly-elected Labour government’s first drafted bills and legislation to the UK Parliament, including several pieces relating to technology.
Among them, the King stated his government will “seek to establish the appropriate legislation to place Requirements on those working to develop the most powerful artificial intelligence models.”
The government also seeks to introduce a Cybersecurity and Resilience Bill to strengthen the cyber resilience of public bodies such as the Ministry of Defence (MoD) and NHS.
A step towards regulation or stifling innovation?
Expert reaction to the announcement of both bills have been mixed, but one point has seen consistent support. Public services in the UK are relying on outdated and unsecure IT systems to function, putting them and the public at a greater risk of having their services disrupted and their data leaked.
In January 2024, a report was released that revealed the MoD to have 11 ‘red-rated’ IT systems that are exposed to cyber attacks and breaches, or are simply too inefficient or unsuitable to use. In May, the MoD was reportedly hit by a Chinese state-sponsored cyber attack that stole personal information of current and former personnel.
The same month, a report found the British public has very little faith in the NHS’ cybersecurity and data handling, with almost half (49%) believing the service could mishandle their data, and over four in five (82%) stating that they are concerned in some capacity about cyber attacks against NHS systems. In June, Synnovis, a pathology provider for the Guy’s and St Thomas’ NHS Foundation Trust was hit by a cyber attack that stole patient blood test data.
Later, publicly available information from board of directors’ meeting revealed that concerns had been raised on third-party service providers, with directors stating that an IT modernization programme was needed to increase the NHS’ cyber resilience.
Dominic Trott, Director of Strategy and Alliances at Orange Cyberdefense responded to the unveiling of the Cybersecurity and Resilience Bill, stating, “Any steps to further strengthen our defences and ensure that more essential digital services than ever before are protected must be welcomed. Over the past year we have seen a series of attacks on organisations providing critical services to the UK. In the healthcare sector, for example, the pressures that hospitals have faced have been heightened by the growing threat of cyber criminals who have brazenly targeted the critical systems of the most vulnerable.”
“According to our own data there were 69 cyber extortion attacks on healthcare businesses during Q1 of this year, up more than 100% from Q1 in 2023. To combat this, organisations must optimise access to skills, adoption of appropriate processes and the right use of technology to achieve cyber resilience. It is pleasing to see that the Bill will make updates to the legacy regulatory framework by expanding the remit of the regulation to protect supply chains, which are an increasingly significant threat vector for attackers,” Trott concluded.
AI growth
As for the AI Bill, experts are concerned that if enacted too quickly, the bill could implement heavy handed regulation on a technology that has already shown its ability to enhance productivity and efficiency, and that the legislation could unfairly stifle innovation.
David Shepherd, Senior Vice President of EMEA at Ivanti, said, “The announcement of intentions to establish AI legislation is a positive step, but the details are what will matter. For regulations to truly succeed, and foster innovation while ensuring safety, clear, transparent, and globally consistent guardrails are crucial. Especially when it comes to protecting workers – one of the new Labour government’s key focuses.”
“While regulation can’t be rushed, timely action is essential,” he added. “Delays could lead to a rise in AI bias and ethical issues like potential job losses, a concern the new government clearly wants to address.”
“As Labour’s plans unfold, concrete regulatory details will be essential. To ensure no group is disproportionately impacted, the development process must embrace diverse viewpoints to ensure AI is set up for businesses and employees to thrive harmoniously. This commitment will be critical for the AI Bill’s success, and, ultimately, the safety of employees and overall business success.”