How will the "Genny lec" impact the world of cyber and tech?

On 22 May 2024, Prime Minister Rishi Sunak stood in the pouring rain to announce a General Election, thus commencing a summer of political and meteorological uncertainty for those in the UK.

With the election set for 4 July 2024, here is RPC's take on what the conservative and labour manifestos say, or don't say, about cyber and tech.

The Labour party

1. Cyber resilience and defence

At a national level, in their manifesto, Labour recognise the need for investment in cyber defence and refer to concerns of a "growing emergence of hybrid warfare, including cyber-attacks."

The party aims to conduct a "Strategic Defence Review" in the first year of being elected to "understand the state of our Armed Forces, the nature of threats we face and the capabilities needed". On this, there is an intention to spend 2.5% of GDP on defence overall.

Whilst there is recognition of the cyber threats the country faces at a national level, not much is said as to what is happening on the ground. For example, whilst there is an intention to ban the creation of sexually explicit deepfakes, no mention is made of deepfakes being used to dupe victims into payments of money. There seems to be silence as to the support that is needed by businesses in this regard.

2. Innovation and AI

Emphasis is placed on a "pro-innovation regulatory framework". The manifesto states that Labour will ensure they support the development of the AI sector and keep the UK at the forefront of global innovation.

However, there is an intention to introduce some regulatory control. The party's plan is to "ensure the safe development and use of AI models by introducing binding regulation on the handful of companies developing the most powerful AI models". This creates a divergence from the current landscape and the Conservative's position on AI regulation, discussed below. 

3. Regulators and legislation

The manifesto also states: "regulators are currently ill-equipped to deal with the dramatic development of new technologies" and confirms that Labour will create a new Regulatory Innovation Office to help regulators update regulation and speed up approval timelines.

There is some overlap here with innovation and AI. However, the reference to speeding up approval times is perhaps a nod to the seemingly abandoned Data Protection and Digital Information Bill (DPDI), or the updated Network and Information Security Regulations (NIS). DPDI was announced in 2022 and was intended to replace the UK's current data protection regime, the GDPR. NIS 2 was similarly announced in late 2022 as a replacement to the current NIS regulations. Neither DPDI nor NIS 2 are near the final stages of the legislative process. Labour makes no mention of what the party intends to do with DPDI and NIS 2 should they come into power, and so the fate of these regulations remains to be seen.

The Conservative party

1. Cyber resilience and defence

 The Conservative party have seen us through the implementation of the GDPR, some of the country's biggest cyber security incidents to date, and the establishment of the National Cyber Security Centre. Their leadership over the last 14 years has undoubtedly experienced a raft of cyber related developments and enhancements.

The party's manifesto recognises this at a national level, noting "the acceleration of disruptive technologies is changing the character of warfare" and that the Conservatives have already "toughened our cyber defences". There is again a commitment to provide 2.5% GBP to defence and an intention to ban sexually explicit deepfakes, with limited comment as to what is happening at a micro level.

One particular part of the manifesto that has sparked debate is the intention to make National Service compulsory for every 18-year-old. This includes an option for a year-long placement in cyber defence, something that would introduce a level of skill to the cyber security sector long term. 

2. Innovation and AI

The Conservative party has consistently described its approach as pro-innovation and business friendly. This is supported by its reaction to the fast development of AI, where the party adopted a principle-based approach and has issued voluntary codes of practice, rather than issuing binding regulation.

The manifesto continues to adopt this line of thinking. There is clear emphasis on "securing the UK's position as a world leader in innovation", with significant investment being promised in R&D across various sectors. The manifesto also states that the party believes in "reducing the burden of regulation, freeing up businesses to thrive". As above, the position taken by the Conservatives is starkly different to Labour in this regard.

3. Regulators and legislation

The party is clear that it will make sure "regulators deliver the best outcomes for business, consumers and the environment". There is no mention of the proposed DPDI bill or NIS 2, but the manifesto does state that the party would want to continue the work of reviewing "more than 6,000 laws…inherited from the EU". This seems to us to be a clear reference to DPDI and NIS 2, both of which are intended to replace regulations inherited from Europe pre-Brexit. To the extent that the Conservative party succeed in the election, it would seem fair to expect a continued lifeline when it comes to DPDI and NIS 2.

Conclusion

Come rain or sunshine, the development of technology and the corresponding cyber risks that come with it must be addressed by the leaders of our country. Cyber is a clear factor in both the Labour and Conservative party manifestos. Clearly plans are in place, but it is yet to be seen how either party is going to combat the growing cyber risks businesses face on the ground day to day, outside of the overall national risk.

The key area of divergence between the parties would seem to be around the regulation of AI. A new Labour government could escalate the introduction of binding regulation of AI at a faster rate than anticipated by its predecessors.

As for DPDI and NIS 2, we wait with bated breath.