Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, pursuant to the Answer of 2 September 2024 to Question 2301 on Cyber-Security: EU law, what assessment the Cyber Security Centre has made of the potential cyber risks to the (a) public and (b) private sector posed by the requirement for kernel level software access in the context of the CrowdStrike incident; and whether the Government plans to (i) take steps to transfer responsibilities connected with competition concerns to the Competition Markets Authority and (ii) amend the position in relation to kernel level software access.

The government is conducting a lessons learned review of the July 2024 global IT outage and will share its findings in due course.