top of page

New Security Rules For Data Centres

The UK Government are introducing new rules for data centres to try to regulate and enforce better cyber security practices.

The new consultation document 'Protecting and enhancing the security and resilience of UK data infrastructure' has been published online with the government currently collecting feedback on it.   

These proposals suggest that data centre providers will now have a “duty to take appropriate and proportionate technical and organisational measures” to improve the security of there sites and reduce risks against the data centre.

Data centre providers would be required to sign up with new regulators and provide information related to operations and incidents as well as maintain a baseline around measures.

Intervention from the government has come off the back of criticism against existing data centre regulators with claims that current regulation provides insuffient security and that securing these centres is vital given their national importance.

“The criticality of data centres to our economy means that the national harm resulting from significant security or resilience shocks could be far greater than commercial harm to any one operator, and thus commercial drivers are not sufficient to drive the level of security/resilience standards required in the national interest,” a Government spokesperson claimed.

The Consultation closes next month, with the government looking for feedback specifically from data centre operators, data centre land and facility owners, cloud platform providers, managed service providers, customers and suppliers of data centres and independent/academic experts within the sector.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page