Government and Regulatory Affairs

Introduction

Welcome to this webpage dedicated to the Government and Regulatory Affairs (GRA) portfolio of the ISACA London Chapter (ILC).   The London GRA informs its Members of regulatory and legal developments related to IT, governance, audit, information/cyber security, and privacy, among topics of ISACA certifications and certificates. The GRA Team provides a summary of such information as published in:

  • the GRA section of London Chapter Newsletters (1-2 issues per month),
  • submissions made by ISACA / ILC to public consultations.

Public consultations have a wealth of background policy and research papers – these are hidden gems of bodies of knowledge that the GRA Team also draws attention to in ILC Newsletters. This means Members can see policy and law-making in real-time while also having resources to draw upon as needed for work or study.

The GRA Team is interested in your comments and suggestions – please contact admin@isaca-london.org.

GRA features in ILC Newsletters

1.     ISACA responded to the Government’s, Rt Hon Stephen McPartland MP led, independent review to look at cyber security as an enabler to build trust, resilience and unleash growth across the UK economy that closed on 28th March.

2.     The EU AI Act passed its final vote on 13th March, meaning that it will be adopted 20 days after publication in the official journal, expected in the near future. It will come into full force 24 months after this date. The act focuses primarily on strengthening AI rules around data quality, transparency, human oversight, and accountability.

3.    On 1st April, UK and US signed a Memorandum of Understanding (MOU) which will see them work together to develop tests for the most advanced Artificial Intelligence (AI) models. The UK AI Safety Institute and US AI Safety Institute have laid out plans to build a common approach to AI safety testing and to share their capabilities to ensure these risks can be tackled effectively.

4.    During April, ISACA has opened discussions with both the UK DSIT (Department for Science, Innovation and Technology) on the Resilience of the UK Data Infrastructure and the Cabinet Office CNI (Critical National Infrastructure) Cyber Resilience team for future cooperation.

Legislation for national chapter governance

ISACA chapters are created on the basis of regulations in their respective countries, for example, based on whether they are an association, society, private limited company, or other basis under  Attorney General Office guidance.  In the case of the London Chapter, it was created as an association and then in November 2004, it was incorporated as a private company limited by guarantee (https://find-and-update.company-information.service.gov.uk/company/05291214/filing-history). This means it is a non-profit company, compared to a private limited company limited by shares which is for profit.   

In the UK, private limited companies have a status different from associations and charities: the London Chapter is bound by obligations to UK Companies House (https://www.gov.uk/government/organisations/companies-house ), and its Chapter leaders being UK directors under Companies House comply with director responsibilities (https://companieshouse.blog.gov.uk/2019/02/21/7-duties-of-a-company-director)under the UK Companies Act 2006 (https://www.legislation.gov.uk/ukpga/2006/46/contents).  Additionally, for most all types of entities in the UK, there are data privacy regulations under the UK Data Protection Act 2018  and the UK General Data Protection Regulation (GDPR) derived from the European Union's GDPR – see the UK Information Commissioner's Office, the independent supervisory body regarding UK data protection legislation (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr).

Public consultations: ISACA / ILC submissions

London Chapter members contributed to submissions by ISACA to the following public consultations from UK and international governmental entities. These align with ISACA Global's advocacy and government relations

2023 Corporate Governance Code Consultation by the Financial Reporting Council Consultation was responded to by ISACA and from which an update to the revised UK Corporate Governance Code was published in March 2024

2023 Department for Science, Innovation & Technology (DSIT) Portfolio of AI Assurance Techniques consultation case study response, led by ISACA London Chapter members, was accepted by the Centre for Data Ethics and Innovation (CDEI) in December 2023 and published on the UK Government website

2023 Policy paper on AI regulation by the Department for Science, Innovation and Technology 

ISACA responded to the Consultation but the outcomes are still awaited.

 

2023 Call for views on software resilience and security for businesses and organisations by the Department for Digital, Culture, Media, and Sport

ISACA responded in May 2023 to a UK Government call for views on software resilience and security for businesses and organisations; considering risks across the entire software lifecycle and where government should direct its resources to have the most impact.

 

2023 Review of the Computer Misuse Act 1990: consultation and response to call for information by the Home Office

ISACA responded in April 2023 to the Home Office's invitation to consult on three proposals to amend the Computer Misuse Act 1990 and introduce new powers to help tackle cybercrime, covering domain name and IP address takedown and seizure, power to preserve data, data copying.