Department for Science, Innovation & Technology

I refer the hon. Member to the answer I gave on 15 January 2026 to Question UIN 104313.

No one should have to go through the ordeal of seeing intimate deepfakes of themselves online. We will not allow the proliferation of these demeaning and degrading images, which are disproportionately aimed at women and girls.

The Government will legislate in the Crime and Policing Bill – which is currently in Parliament – to ban nudification tools. This new criminal offence will make it illegal for companies to supply tools and services designed to create non-consensual intimate images, targeting the problem at its source.

The National Physical Laboratory (NPL) is a Public Corporation owned by the Department for Science, Innovation and Technology. NPL manages its staffing levels in response to demand for its services from UK Government, industry and academia, and in line with forecasted revenue.

Staffing numbers and costs at NPL have increased since 2017 because of increased demand from Government and industry to build national capability in measurement and standards, aligned with industry needs and emerging tech.

Staffing costs have also increased through annual pay awards, which is managed by NPL and takes account of Managing Public Money and public sector pay policy.

The Information Commissioner’s Office (ICO) is independent of government and sets its own staffing levels to meet its statutory duties. The ICO is funded primarily through the data protection fee and manages its resources in accordance with its regulatory obligations.

The volume and complexity of data protection work have increased significantly in recent years, including implementation of the UK GDPR and an expanded regulatory remit. To fulfil these responsibilities and respond to rising public and business demand, the ICO has required additional specialist capacity. Staffing costs have therefore increased in line with workforce growth and market rates for technical expertise, following the civil service pay guidance.

You can find more information about ICO’s staff number and costs in their annual reports, which can be viewed at: https://ico.org.uk/about-the-ico/our-information/annual-reports/.

The Government works with National Energy System Operator (NESO) to assess and prepare for space weather risks to the power grid and telecoms, supported by the Space Weather Impact for Future Electricity System Resilience (SWIFTER) projects will provide an assessment of the probability of impacts. A severe geomagnetic storm could generate uneven geoelectric fields across the UK, with effects possible nationwide depending on geology and grid configuration. Resulting geomagnetically induced currents may disrupt power systems and cause local outages, which could in turn affect telecoms and GNSS based timing.

While no plans exist specifically for a Carrington scale event, any large-scale outage would follow established national arrangements, including public preparedness guidance, Pre-Agreed Written Science (PAWS) scientific advice, and Cabinet Office planning to support access to essential services.

The government's Cyber Security Breaches Survey shows that 43% of UK businesses reported experiencing a cyber breach or attack within the past year. Within the utilities sector this figure is 48%. The survey does not specifically detail cyber attacks on energy infrastructure.

The National Cyber Security Centre (NCSC) has warned there is a significant and enduring cyber threat faced by the UK’s critical national infrastructure. As part of its routine operations the NCSC works closely with all areas of the UK’s critical national infrastructure to highlight the cyber threat landscape and associated mitigation activities. As noted in its Annual Review (2025) the NCSC has undertaken a wide range of activities to enhance protections for the UK’s energy infrastructure, including delivering technical advice and guidance on cyber security challenges, working directly with key suppliers on cyber security initiatives, and providing additional support to operators of renewable energy assets. The annual review also notes how NCSC has deepened its understanding of cyber maturity in critical national infrastructure, enabling more targeted interventions and strengthening the UK’s ability to identify and eliminate sophisticated threat actors.

The Cyber Security and Resilience (Network and Information Systems) Bill updates the Network and Information Systems Regulations 2018, which includes essential services in the energy sector. The Bill will improve the cyber security of the energy sector and its infrastructure through better resourced regulators to respond to cyber threats, and a stronger mechanism for government to set priority outcomes for regulators to work to.

The incident reporting framework will also be updated through the Bill, including for the energy sector. Under the existing reporting regime, too many significant incidents do not need to be reported, and this creates a gap in the government’s knowledge and ability to protect the UK from harm. A wider range of significant incidents, such as successful ransomware and pre-positioning will need to be reported under the Bill. A light touch, initial notification will also be required within 24 hours of an incident being discovered will enable quicker and more effective support to be provided to organisations.

The Bill will keep pace with an increasingly digitalised and interconnected energy sector by bringing load controllers into scope of the NIS Regulations as a new essential service, where they meet the threshold, ensuring regulation is focused where the risk is greatest.

The government's Cyber Security Breaches Survey shows that 43% of UK businesses reported experiencing a cyber breach or attack within the past year. Within the utilities sector this figure is 48%. The survey does not specifically detail cyber attacks on energy infrastructure.

The National Cyber Security Centre (NCSC) has warned there is a significant and enduring cyber threat faced by the UK’s critical national infrastructure. As part of its routine operations the NCSC works closely with all areas of the UK’s critical national infrastructure to highlight the cyber threat landscape and associated mitigation activities. As noted in its Annual Review (2025) the NCSC has undertaken a wide range of activities to enhance protections for the UK’s energy infrastructure, including delivering technical advice and guidance on cyber security challenges, working directly with key suppliers on cyber security initiatives, and providing additional support to operators of renewable energy assets. The annual review also notes how NCSC has deepened its understanding of cyber maturity in critical national infrastructure, enabling more targeted interventions and strengthening the UK’s ability to identify and eliminate sophisticated threat actors.

The Cyber Security and Resilience (Network and Information Systems) Bill updates the Network and Information Systems Regulations 2018, which includes essential services in the energy sector. The Bill will improve the cyber security of the energy sector and its infrastructure through better resourced regulators to respond to cyber threats, and a stronger mechanism for government to set priority outcomes for regulators to work to.

The incident reporting framework will also be updated through the Bill, including for the energy sector. Under the existing reporting regime, too many significant incidents do not need to be reported, and this creates a gap in the government’s knowledge and ability to protect the UK from harm. A wider range of significant incidents, such as successful ransomware and pre-positioning will need to be reported under the Bill. A light touch, initial notification will also be required within 24 hours of an incident being discovered will enable quicker and more effective support to be provided to organisations.

The Bill will keep pace with an increasingly digitalised and interconnected energy sector by bringing load controllers into scope of the NIS Regulations as a new essential service, where they meet the threshold, ensuring regulation is focused where the risk is greatest.

The government's Cyber Security Breaches Survey shows that 43% of UK businesses reported experiencing a cyber breach or attack within the past year. Within the utilities sector this figure is 48%. The survey does not specifically detail cyber attacks on energy infrastructure.

The National Cyber Security Centre (NCSC) has warned there is a significant and enduring cyber threat faced by the UK’s critical national infrastructure. As part of its routine operations the NCSC works closely with all areas of the UK’s critical national infrastructure to highlight the cyber threat landscape and associated mitigation activities. As noted in its Annual Review (2025) the NCSC has undertaken a wide range of activities to enhance protections for the UK’s energy infrastructure, including delivering technical advice and guidance on cyber security challenges, working directly with key suppliers on cyber security initiatives, and providing additional support to operators of renewable energy assets. The annual review also notes how NCSC has deepened its understanding of cyber maturity in critical national infrastructure, enabling more targeted interventions and strengthening the UK’s ability to identify and eliminate sophisticated threat actors.

The Cyber Security and Resilience (Network and Information Systems) Bill updates the Network and Information Systems Regulations 2018, which includes essential services in the energy sector. The Bill will improve the cyber security of the energy sector and its infrastructure through better resourced regulators to respond to cyber threats, and a stronger mechanism for government to set priority outcomes for regulators to work to.

The incident reporting framework will also be updated through the Bill, including for the energy sector. Under the existing reporting regime, too many significant incidents do not need to be reported, and this creates a gap in the government’s knowledge and ability to protect the UK from harm. A wider range of significant incidents, such as successful ransomware and pre-positioning will need to be reported under the Bill. A light touch, initial notification will also be required within 24 hours of an incident being discovered will enable quicker and more effective support to be provided to organisations.

The Bill will keep pace with an increasingly digitalised and interconnected energy sector by bringing load controllers into scope of the NIS Regulations as a new essential service, where they meet the threshold, ensuring regulation is focused where the risk is greatest.

The government's Cyber Security Breaches Survey shows that 43% of UK businesses reported experiencing a cyber breach or attack within the past year. Within the utilities sector this figure is 48%. The survey does not specifically detail cyber attacks on energy infrastructure.

The National Cyber Security Centre (NCSC) has warned there is a significant and enduring cyber threat faced by the UK’s critical national infrastructure. As part of its routine operations the NCSC works closely with all areas of the UK’s critical national infrastructure to highlight the cyber threat landscape and associated mitigation activities. As noted in its Annual Review (2025) the NCSC has undertaken a wide range of activities to enhance protections for the UK’s energy infrastructure, including delivering technical advice and guidance on cyber security challenges, working directly with key suppliers on cyber security initiatives, and providing additional support to operators of renewable energy assets. The annual review also notes how NCSC has deepened its understanding of cyber maturity in critical national infrastructure, enabling more targeted interventions and strengthening the UK’s ability to identify and eliminate sophisticated threat actors.

The Cyber Security and Resilience (Network and Information Systems) Bill updates the Network and Information Systems Regulations 2018, which includes essential services in the energy sector. The Bill will improve the cyber security of the energy sector and its infrastructure through better resourced regulators to respond to cyber threats, and a stronger mechanism for government to set priority outcomes for regulators to work to.

The incident reporting framework will also be updated through the Bill, including for the energy sector. Under the existing reporting regime, too many significant incidents do not need to be reported, and this creates a gap in the government’s knowledge and ability to protect the UK from harm. A wider range of significant incidents, such as successful ransomware and pre-positioning will need to be reported under the Bill. A light touch, initial notification will also be required within 24 hours of an incident being discovered will enable quicker and more effective support to be provided to organisations.

The Bill will keep pace with an increasingly digitalised and interconnected energy sector by bringing load controllers into scope of the NIS Regulations as a new essential service, where they meet the threshold, ensuring regulation is focused where the risk is greatest.

Research by the online safety regulator Ofcom found that children aged 8-14 average 3 hours a day online. Sport England report that more than 4 in 5 children participated in sporting activities each week.

On 20 January, the government announced a short, swift consultation on further measures to keep children safe online, accompanied by a national conversation. It will seek views on a range of measures, including whether there should be curfews overnight or breaks to stops excessive use or doom scrolling.

Research by the online safety regulator Ofcom found that children aged 8-14 average 3 hours a day online. Sport England report that more than 4 in 5 children participated in sporting activities each week.

On 20 January, the government announced a short, swift consultation on further measures to keep children safe online, accompanied by a national conversation. It will seek views on a range of measures, including whether there should be curfews overnight or breaks to stops excessive use or doom scrolling.

The Government is committed to supporting a competitive and innovative digital economy. This is why we prioritised the commencement of the Competition and Markets Authority’s (the CMA) new powers in digital markets.

These new powers are designed to boost competition and innovation in digital markets and promote fairer outcomes for both businesses and consumers. The CMA is independent of Government, and any decisions on which markets it next investigates is for its Board.

The UK’s data protection legislation applies to any processing of personal data regardless of the technology being used. Technology companies that screen or analyse personal emails must identify an appropriate legal ground for doing so, such as obtaining user consent. Personal data must also be processed fairly and transparently so that people can make informed decisions about whether to use a service.

The data protection legislation is monitored and enforced independently of government by the Information Commissioner’s Office (ICO). The ICO has published guidance for organisations on automated decision making, profiling and artificial intelligence at: Automated decision-making and profiling | ICO and Artificial intelligence | ICO. It will also consider complaints about organisations that fail to comply with the legislation.

The Technology Secretary announced on 12 January that the offence criminalising the creation of non-consensual intimate images would be commenced as a matter of urgency. This offence will apply in England and Wales. Scotland and Northern Ireland have their own, separate offences for dealing with image-based abuse.

It was also announced that the offence would be made a priority offence under the Online Safety Act (OSA), meaning that services will need to take steps to prevent this content appearing online and swiftly remove it if it does. The OSA applies to any relevant service that is ‘linked to the UK’.

As the independent regulator for telecommunications, Ofcom is responsible for making regulatory decisions in the fixed telecoms sector, including on Voice over Internet Protocol (VoIP).

However, while we are engaging with Ofcom and stakeholders on this issue, including with regard to the Public Switched Telephone Network (PSTN) migration to VoIP, the Department has not made any formal assessment of the effectiveness of the regulatory framework governing VoIP services.

VoIP uses fibre cables which are far more resilient than copper and offers consumers better quality calls, improved flexibility, and better protections against nuisance and scam calls. The Government is committed to ensuring that any risks from the industry-led migration from the PSTN to VoIP are mitigated for everyone. The Government secured additional safeguards to protect the vulnerable and landline dependent in November 2024. These include measures to identify the vulnerable and telecare users, timely and repeated communications, free engineer visits, and providing a battery back-up where appropriate.

There is no centralised equality impact assessment on the rollout of AI tools in government as a whole. AI tools can be deployed for a wide-ranging set of purposes and it is down to individual departments to conduct EIAs where appropriate, irrespective of whether an AI tool is involved in the planning or execution of their policy ambitions.

The DSIT owned Data and AI Ethics Framework (DAIEF) provides a set of principles and activities to guide the responsible development, procurement and use of data and artificial intelligence (AI) in the public sector. It helps public servants understand ethical considerations and how to address these in their work. The DAIEF explains the need to comply with the Public Sector Equality Duty and Equality Act 2010 and signposts the EHRC guidance on the Public Sector Equality Duty to provide further information.

The Online Safety Act requires in-scope services to tackle illegal content and protect children from harmful content, including where it is AI generated. Ofcom has robust enforcement powers for non-compliance.

In the coming weeks, the offence of creating intimate images without consent, including using AI, will come into effect. The Secretary of State announced it will be made a priority offence under the Act, giving users the strongest protections from such content. In addition, the Government has announced that it will criminalise nudification apps – which will make it illegal for companies to supply tools designed to create non-consensual intimate images.

On 20 January, the government announced a short, swift consultation on further measures to keep children safe online, building on the Online Safety Act. While there is consensus that more action is needed, there is not yet consensus on what form that action should take.

The consultation will be accompanied by a national conversation, putting children and parents at the heart of this issue. It will seek views on a range of measures, including what the right minimum age for children to access social media is, as well as explore a ban for children under a certain age. We will also look closely at Australia and their ban on social media for under 16s.

The government is clear that it will act quickly and robustly to deal with concerns that are being raised.

Pursuant to the answer of 18 November 2025 we are not be publishing the business case for rainbow pins. To confirm the business case was reviewed in line with Government Guidance, declined, and no public money was spent.

Pursuant to the answer of 19 November 2025 the Civil Servant who attended the Humanist Convention did so in working time.

Through the UK Government’s AI Opportunities Action Plan and the GDS Roadmap for a Modern Digital Government, we are taking a whole‑of‑government approach to expanding access to digital skills and embedding the responsible use of AI across public services.

Together they include the significant £7.5 million upskilling initiative designed to expand access to AI skills for everyone across the economy, including those in the public sector, and the plan for government to lead by example and ensure public sector staff are equipped to use and embed digital and AI‑enabled tools.

Technology should be open to all. That is why DSIT Secretary of State set up a Women in Tech Taskforce. The first meeting was held on Monday 15th December 2025. The Taskforce will examine the systemic barriers that prevent women and other underrepresented groups from entering, progressing, and leading in the tech sector.

Civil Servants in 22 Whitehall book an unspecified space on a specific floor.

The numeric figures for July to September 2025 are:

The figures include the adjoining building 26 Whitehall, which was gradually opened and occupied in phases across July, August and September. From October onwards, capacity figures include 26 Whitehall. Monthly totals also include colleagues using meeting rooms and other shared building facilities, which are not included in capacity figures.

All Direct Ministerial appointees must complete a declaration of interest form before their appointment can be finalised. If appointees declare any political activity, the detail is reviewed, assessed for risk and appropriate mitigations implemented where necessary.

No expenditure has been made by Department for Science, Innovation and Technology on X premium.

The Government does not hold an estimate of any monetary or regulatory cost because it does not set equality, diversity and inclusion (EDI) targets in publicly funded research. EDI considerations form part of existing research funding assurance and governance processes, and no additional reporting burdens or dedicated compliance mechanisms have been introduced beyond those already in place. Rather than mandating specific EDI targets, the Government expects research organisations to foster fair and inclusive environments that support excellence, in line with established funding terms and conditions.

Ofcom is responsible for the reporting of mobile coverage across the UK but does not publish mobile coverage data at a county level.

The Government recognises that there are discrepancies in some cases between peoples’ lived experience and the level of coverage that Ofcom reports should be available. The launch of Ofcom’s updated mobile coverage checker ‘Map Your Mobile’ in June 2025 was a positive step forward in helping address this.

Government, however, recognises that there is further work to be done and we continue to encourage Ofcom to improve the accuracy of mobile coverage reporting across the UK, allowing consumers to make more informed choices about which operator provides the best level of service in their area.

Our ambition is for all populated areas, including communities in Worcestershire, to have higher quality standalone 5G by 2030.

The Government continues to work closely with the mobile network operators to ensure their continued investment into the expansion and improvement of mobile networks, and that investment translates into benefits for communities right across the UK, including those in Worcestershire.

We are also working to identify and address barriers to deployment of mobile infrastructure. This includes recently launching a call for evidence to help determine where planning rules could be relaxed to support the deployment of digital infrastructure.

The Service Manual sets out guidance for public servants on designing and delivering digital services, including making sure services work well with mobile technology, technology use more broadly, and understanding users before designing around their needs. The guidance makes clear that native mobile apps should only be considered when there are clear and evidenced needs that a responsive website cannot meet. It also states that if any users can not access the required features then a web based alternative should also be available.

The 40% office attendance policy for departmental staff referred to in the answer I gave the Hon. Member on 28 November 2025 to Question 90732, is for staff being in their assigned office for 40% of the working week.

The Department’s office attendance (Hybrid Working) policy states that as the norm, employees are expected to spend, when calculated over a 4-week period, 40-60% of their working hours in the office. Time spent training at a different location, on visits to off-site or other work locations, where there is an official reason to attend that location, will count in the same way as time spent in a staff member’s normal office. The remaining time can either be spent working in the office, working from home in the UK, or a combination of the two.

Network coverage data published by Ofcom does not include specific datasets for ports, docks or coastal industrial zones.

The Government recognises that high quality digital connectivity is essential for businesses in the UK, including those operating in ports, docks and coastal industrial zones. This is why our ambition is for all populated areas to have higher quality standalone 5G by 2030, and we have a target to deliver nationwide (99%) gigabit broadband coverage by 2032.

Through Project Gigabit, we are delivering fast, reliable broadband to UK premises not included in suppliers' commercial plans.

We are also investing in projects across the UK through the 5G Innovation Regions Programme, which aims to increase investment in 5G networks and encourage the adoption of advanced connectivity services in key sectors, including ports and industrial zones.

The merger of UKSA into DSIT will deliver efficiencies for how the combined directorate will deliver on government priorities. Designing a more efficient organisation will reduce running costs and remove duplication ensuring even more of the funding allocated to civil space can reach the sector while also protecting staff in both organisations where possible. There are currently no planned redundancies.

The United States is our close ally and tech partner, and we are committed to ensuring that bond delivers real benefits for hardworking people on both sides of the Atlantic.

We look forward to resuming work on this partnership as quickly as we can to achieve that and working together to help shape the emerging technologies of the future.

The Global Strategy Network provides mis‑ and disinformation monitoring analysis narratives from publicly available online information concerning public safety or national security risks to the UK. Faculty Science provides software development for the Counter‑Disinformation Data Platform (CDDP).

No expenditure has been made by DSIT with X since July 2024.

The interim Director General for Digital Centre Design, now interim Director General for Digital Transformation, has had no involvement in the design and specification of Project 7114 or in any procurement decisions related to the Cabinet Office Test Learn and Grow Programme.

In DSIT we have no colleagues in roles which are primarily focused on transgender policy. We have one colleague who is our Head of Equality, Diversity and Inclusion they are a Grade 7.

The government is committed to tackling the creation of this atrocious material. Creating, possessing, or distributing child sexual abuse material (CSAM), including AI Generated CSAM, is illegal. The Online Safety Act requires services to proactively identify and remove this content.

We are taking further action in the Crime and Policing Bill to criminalise CSAM image generators, and to ensure AI developers can directly test for and address vulnerabilities in their models which enable the production of CSAM.

The Government is clear: no option is off the table when it comes to protecting the online safety of users in the UK, and we will not hesitate to act where evidence suggests that further action is necessary.

The government is committed to tackling the creation of this atrocious material. Creating, possessing, or distributing child sexual abuse material (CSAM), including AI Generated CSAM, is illegal. The Online Safety Act requires services to proactively identify and remove this content.

We are taking further action in the Crime and Policing Bill to criminalise CSAM image generators, and to ensure AI developers can directly test for and address vulnerabilities in their models which enable the production of CSAM.

The Government is clear: no option is off the table when it comes to protecting the online safety of users in the UK, and we will not hesitate to act where evidence suggests that further action is necessary.

The government is committed to tackling the creation of this atrocious material. Creating, possessing, or distributing child sexual abuse material (CSAM), including AI Generated CSAM, is illegal. The Online Safety Act requires services to proactively identify and remove this content.

We are taking further action in the Crime and Policing Bill to criminalise CSAM image generators, and to ensure AI developers can directly test for and address vulnerabilities in their models which enable the production of CSAM.

The Government is clear: no option is off the table when it comes to protecting the online safety of users in the UK, and we will not hesitate to act where evidence suggests that further action is necessary.

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) impose obligations on tech companies to process customers’ personal data lawfully, fairly, transparently and securely, unless certain limited exemptions apply. Organisations must only process personal data where there are legitimate grounds to do so, and be clear with people about how and why their data is being used, such as through privacy notices.

The data protection legislation is monitored and enforced independently of Government by the Information Commissioner’s Office (ICO). The ICO has published guidance on transparency requirements here: https://ico.org.uk/for-organisations/advice-and-services/audits/data-protection-audit-framework/toolkits/accountability/transparency/.

The Online Safety Act requires in-scope services, including social media, to protect children from illegal, harmful content and age-inappropriate content. Services likely to be accessed by children are required to use highly effective age assurance to prevent children encountering the most harmful content such as pornography.

The government has announced a short, swift consultation on further measures to keep children safe online, accompanied by a national conversation. It will seek views on a range of measures, including what the right minimum age for children to access social media is, as well as explore a ban for children under a certain age. We will also look closely at Australia and their ban on social media for under 16s.

UK Research and Innovation (UKRI), including Innovate UK, has a portfolio of over £1 billion in AI research and innovation, with a further £1.6 billion allocated across 2026/27 to 2029/30. UKRI’s AI investments build broad, foundational technologies that could extend to BSL applications even when not explicitly stated.

Details of UKRI investments in AI technologies that could be used to create accessible content with regards to British Sign Language (BSL) can be found on GTR, which provides information on all UKRI-funded research and innovation projects. These include an £8.45m investment in SignGPT, which aims to build the first generative predictive transformer for sign language and has direct involvement from Deaf organisations and community partners.

There are currently no projects approved by British Technology Investments and the Government Office for Science.

Under the Online Safety Act, in-scope services must consider different age groups when assessing for risk of content harmful to children. They must implement age-appropriate measures to protect children from harmful content such as violence or bullying. They must also use age assurance to prevent all children encountering the most harmful content such as pornography. Ofcom provides guidance on the risks of harmful content to different age groups.

On 20 January, the government announced a short, swift consultation on further measures to keep children safe online, accompanied by a national conversation. It will seek views on a range of measures, including exploring ways to improve the accuracy of age assurance for children to support the enforcement of minimum age limits.

Under the Online Safety Act, in-scope services must consider different age groups when assessing for risk of content harmful to children. They must implement age-appropriate measures to protect children from harmful content such as violence or bullying. They must also use age assurance to prevent all children encountering the most harmful content such as pornography. Ofcom provides guidance on the risks of harmful content to different age groups.

On 20 January, the government announced a short, swift consultation on further measures to keep children safe online, accompanied by a national conversation. It will seek views on a range of measures, including exploring ways to improve the accuracy of age assurance for children to support the enforcement of minimum age limits.