United Kingdom ICT Market and Regulations Overview
The UK ICT market highlights:
- $170 billion digital tech annual turnover
- Over 100,000 software companies in the market
- Second largest ICT market in the ranking of ICT spending per head (U.S. #1)
- London is the second most connected place for tech, right after Silicon Valley
- No. 1 top scaling tech nation in Europe
- No. 1 destination for U.S. ICT businesses in Europe (often serving as EMEA HQ)
- Key subsectors offering significant opportunities to U.S. tech providers include AI, Cloud Computing, and Cyber Security.
- Opportunities exist to supply organizations of all sizes, from SMEs to large corporations, with the most substantial opportunities in organizations for which IT security is mission-critical.
UK Digital Policy & Regulations
The UK Digital Strategy (2022) set out a “light-touch, pro-growth regulatory regime” (diverging from the EU) that would give the UK a competitive advantage in areas such as artificial intelligence, data, and digital competition while protecting citizens.
The UK approach to regulations is set up in the Digital Regulation policy paper (2021). The pro-innovation approach aims at reducing unnecessary burdens and offering clarity and confidence to businesses and consumers. The UK government is committed to proportionate regulation and, where appropriate, deregulation.
The UK GDPR approach is laid out in the Data Protection and Digital Information Bill (2022), which aims at creating a “clearer regulatory environment for personal data use” post-Brexit with “a more pro-growth and pro-innovation data regime whilst maintaining the UK’s world-leading data protection standards.” As well as reforming the UK’s data protection framework, the Bill creates new frameworks for Digital ID products and the rollout of Smart Data schemes. The Bill is currently on hold following changes in the UK government leadership.
The UK Government also set out plans for a draft Digital Markets, Competition, and Consumer Bill to reform the UK’s competition regime. This would include introducing powers to “address the far-reaching market power of a small number of very powerful tech firms”. The Bill also includes a merger control regime for designated firms. It plans to place the UK Competition and Markets Authority’s Digital Markets Unit (DMU) on a statutory footing, with a core objective to “promote competition in digital markets within and outside the UK for the benefit of consumers”. The DMU will be equipped with a range of enforcement powers, such as the ability to impose financial penalties for regulatory breaches. The Bill is planned to go through Parliament for Royal Assent (the final step required for a parliamentary bill to become an Act of Parliament, i.e., law) in 2023. However, it is still unclear if the bill will actually pass this year.
The government is also legislating in the Online Safety Bill to give the regulator Ofcom new regulatory responsibilities for online safety. The Bill will include new regulations on “high risk and high reach” internet platforms to prevent illegal content from persisting on their platforms. Companies that violate the bill and do not comply with requests for information or whose information shows noncompliance will be pursued by Ofcom (including expanded criminal liabilities for responsible managers). The Bill is currently going through Parliament. Passage of the bill will most likely mean an increase in opportunities for firms offering “safety tech” as some of the larger companies seek out technology solutions to ensure compliance.
A policy statement setting out proposals for AI regulation in the UK (2022) places a strong emphasis on establishing a framework that encourages AI innovation.
The Telecommunications (Security) Act (2021) and the Product Security and Telecommunications Infrastructure Act (2022) make provisions for the security of public electronic communications networks, services and products, and electronic communications infrastructure. The purpose of the Acts is to improve cyber resilience and digital connectivity for individuals and businesses, ensure that smart consumer products are more secure against cyber-attacks, and accelerate and improve the rollout of mobile and broadband networks.
The Network and Information Systems (NIS) Regulations (2018) aimed at improving the cybersecurity of firms providing critical services, energy companies, and the NHS. The UK government confirmed in November 2022 that it would be strengthening NIS Regulations to protect “essential and digital services against increasingly sophisticated and frequent cyberattacks” and include managed service providers (MSPs) as critical service providers. The changes mean MSPs will now face significant fines if they fail to put in place effective cybersecurity measures.
For more information, contact Claudia Colombo