Government and Regulatory Affairs

Introduction

Welcome to this webpage dedicated to the Government and Regulatory Affairs (GRA) portfolio of the ISACA London Chapter (ILC).   The London GRA informs its Members of regulatory and legal developments related to IT, governance, audit, information/cyber security, and privacy, among topics of ISACA certifications and certificates. The GRA Team provides a summary of such information as published in:

  • the GRA section of London Chapter Newsletters (1-2 issues per month),
  • submissions made by ISACA / ILC to public consultations.

Public consultations have a wealth of background policy and research papers – these are hidden gems of bodies of knowledge that the GRA Team also draws attention to in ILC Newsletters. This means Members can see policy and law-making in real-time while also having resources to draw upon as needed for work or study.

The GRA Team is interested in your comments and suggestions – please contact admin@isaca-london.org.

GRA features in ILC Newsletters

      1. The portfolio of AI assurance techniques was launched in mid-2023 by the Department for Science, Innovation and Technology (DSIT). An ISACA case study submission, led by ISACA London Chapter members, was accepted by the Centre for Data Ethics and Innovation (CDEI) on 12th December 2023 and published on the UK Government website. The case study is based on the beta version of the ISACA Digital Trust Ecosystem Framework (DTEF) however, ISACA is about to release the full DTEF in March 2024. DTEF has been developed as a holistic, dynamic approach for designing, implementing, and managing best practices to achieve and maintain the desired level of digital trust within an enterprise.

      2. EU AI Act which is due for enactment in early 2024 (before the June 2024 elections), focuses primarily on strengthening AI rules around data quality, transparency, human oversight, and accountability. On 8th December the EU Parliament and Council negotiators reached a provisional agreement. The agreed text will now have to be formally adopted by both Parliament and Council to become EU law. Parliament’s Internal Market and Civil Liberties committees will vote on the agreement in a forthcoming meeting.

      1. Following on from the US Presidential Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence that was issued on 30th October 2023 with its 8 principles and priorities to develop guidelines and best practices including augmenting around the already released NIST AI RMF, and the connected establishment of the USAISI, the US Secretary of Commerce on 7th February 2024 announced key positions at the US AI Safety Institute with Elizabeth Kelly to lead as Director and Elham Tabassi named CTO.

      1. The UK AI Safety Institute published a third progress report on 5th February 2024, which included that Geoffrey Irving is joining the UK AISI as Research Director.

      1. The NIST Cybersecurity Framework v2.0 is slated to be released at the end of February 2024 while being similar in breadth there are significant structural changes over v1.1 such as a new function area of governance and different categories and sub-categories.

      1. The Financial Reporting Council (FRC) issued the revised UK Corporate Governance Code on 22nd January 2024, with a limited number of changes, most of which take effect after 1st January 2025. Primarily, the update includes governance reporting, covering board decisions and their outcomes regarding the company’s strategy and objectives. Additionally, the Code assigns responsibility to the board not only for establishing but also for maintaining the effectiveness of the risk management and internal control framework, including financial, operational, reporting, and compliance controls. ISACA, with contributions from members of the ISACA London Chapter, responded to FRC’s consultation in September 2023. The response document can be accessed here.

      2. Digital Policy Alliance (DPA) Future of 5G session was held at the Westminster on 31st January 2024, to discuss a number of topics such as the significant investment required for Standalone 5G, Ofcom’s preparation for the millimetre wave (mmWave) spectrum auction, the proposed merger between Vodafone UK and Three UK, and the proposed ban on inflation-linked mid-contract price rises.

      Legislation for national chapter governance

      ISACA chapters are created on the basis of regulations in their respective countries, for example, based on whether they are an association, society, private limited company, or other basis under  Attorney General Office guidance.  In the case of the London Chapter, it was created as an association and then in November 2004, it was incorporated as a private company limited by guarantee (https://find-and-update.company-information.service.gov.uk/company/05291214/filing-history). This means it is a non-profit company, compared to a private limited company limited by shares which is for profit.   

      In the UK, private limited companies have a status different from associations and charities: the London Chapter is bound by obligations to UK Companies House (https://www.gov.uk/government/organisations/companies-house ), and its Chapter leaders being UK directors under Companies House comply with director responsibilities (https://companieshouse.blog.gov.uk/2019/02/21/7-duties-of-a-company-director)under the UK Companies Act 2006 (https://www.legislation.gov.uk/ukpga/2006/46/contents).  Additionally, for most all types of entities in the UK, there are data privacy regulations under the UK Data Protection Act 2018  and the UK General Data Protection Regulation (GDPR) derived from the European Union's GDPR – see the UK Information Commissioner's Office, the independent supervisory body regarding UK data protection legislation (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr).

      Public consultations: ISACA / ILC submissions

      London Chapter members contributed to submissions by ISACA to the following public consultations from UK and international governmental entities. These align with ISACA Global's advocacy and government relations

      2023 Corporate Governance Code Consultation by the Financial Reporting Council Consultation was responded to by ISACA in September 2023. 

      Policy paper on AI regulation by the Department for Science, Innovation and Technology Consultation from June 2023 (outcomes still awaited).

      The Department for Science, Innovation & Technology (DSIT) Portfolio of AI Assurance Techniques consultation case study response, led by ISACA London Chapter members, was submitted in November 2023 to the Centre for Data Ethics and Innovation (CDEI).

       

       

      2023 Call for views on software resilience and security for businesses and organisations by the Department for Digital, Culture, Media and Sport

      ISACA responded in May 2023 to a UK Government call for views on software resilience and security for businesses and organisations; considering risks across the entire software lifecycle and where government should direct its resources to have the most impact.

       

      2023 Review of the Computer Misuse Act 1990: consultation and response to call for information by the Home Office

      ISACA responded in April 2023 to the Home Office's invitation to consult on three proposals to amend the Computer Misuse Act 1990 and introduce new powers to help tackle cybercrime, covering domain name and IP address takedown and seizure, power to preserve data, data copying.

      2021 Restoring trust in audit and corporate governance: proposals on reforms by the UK Business, Energy and Industrial Strategy

      Government response (consultation outcome)