Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what steps they are taking to ensure that software services provided to UK public sector bodies by companies based in the jurisdiction of hostile state actors cannot be accessed by those hostile state actors.

The government takes data security very seriously and has taken appropriate action to mitigate hostile state actors providing or accessing the software services being used by the public sector. The National Procurement Policy Statement (NPPS) requires public sector contracting authorities to mitigate any potential risk from hostile states by addressing national security risk in all procurements.

The Procurement Act 2023 introduces powers to exclude a supplier from a specific procurement, terminate a public contract with a supplier, or debar a supplier from all, or a range of, public contracts. Ministers may exercise this power should they deem there to be a threat to national security.

Contracting authorities should follow Government Security Group (GSG)’s guidance on Tackling Security Risk in Government Supply Chains, as well as supply chain guidance from the National Cyber Security Centre (NCSC) and National Protective Security Authority (NPSA).