Public Sector: Software

(asked on 25th June 2025) - View Source

Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what steps they are taking to ensure that software services provided to UK public sector bodies by companies based in the jurisdiction of hostile state actors cannot be accessed by those hostile state actors.


Answered by
Baroness Jones of Whitchurch Portrait
Baroness Jones of Whitchurch
Baroness in Waiting (HM Household) (Whip)
This question was answered on 8th July 2025

The government takes data security very seriously and has taken appropriate action to mitigate hostile state actors providing or accessing the software services being used by the public sector. The National Procurement Policy Statement (NPPS) requires public sector contracting authorities to mitigate any potential risk from hostile states by addressing national security risk in all procurements.

The Procurement Act 2023 introduces powers to exclude a supplier from a specific procurement, terminate a public contract with a supplier, or debar a supplier from all, or a range of, public contracts. Ministers may exercise this power should they deem there to be a threat to national security.

Contracting authorities should follow Government Security Group (GSG)’s guidance on Tackling Security Risk in Government Supply Chains, as well as supply chain guidance from the National Cyber Security Centre (NCSC) and National Protective Security Authority (NPSA).

Reticulating Splines