Government and Regulatory Affairs

Introduction

Welcome to this webpage dedicated to the Government and Regulatory Affairs (GRA) portfolio of the ISACA London Chapter (ILC).   The London GRA informs its Members of regulatory and legal developments related to IT, governance, audit, information/cyber security, and privacy, among topics of ISACA certifications and certificates. The GRA Team provides a summary of such information as published in:

  • the GRA section of London Chapter Newsletters (1-2 issues per month),
  • submissions made by ISACA / ILC to public consultations.

Public consultations have a wealth of background policy and research papers – these are hidden gems of bodies of knowledge that the GRA Team also draws attention to in ILC Newsletters. This means Members can see policy and law-making in real-time while also having resources to draw upon as needed for work or study.

The GRA Team is interested in your comments and suggestions – please contact admin@isaca-london.org.

GRA features in ILC Newsletters

  1. The portfolio of AI assurance techniques was launched in mid-2023 by the Department for Science, Innovation and Technology (DSIT). An ISACA case study submission, led by ISACA London Chapter members, was accepted bythe Centre for Data Ethics and Innovation (CDEI) on 12th December 2023 and published on the UK Government website. The case study was based on the beta version of the ISACA Digital Trust Ecosystem Framework (DTEF) however, ISACA released the full DTEF on 5th March. DTEF has been developed as a holistic, dynamic approach for designing, implementing, and managing best practices to achieve and maintain the desired level of digital trust within an enterprise. 

  1. ISACA are in the process of responding to the Government’s Rt Hon Stephen McPartland MP led independent review to look at cyber security as an enabler to build trust, resilience and unleash growth across the UK economy that closes on 28th March. 

  1. The EU AI Act passed its final vote on 13th March, meaning that it will enter into force 20 days after publication in the official journal. The act focuses primarily on strengthening AI rules around data quality, transparency, human oversight, and accountability. 

  1. On the 29th February, it was announced that a landmark new partnership between the UK AI Safety Institute and France’s Inria (The National Institute for Research in Digital Science and Technology), to jointly support the safe and responsible development of AI technology. This comes ahead of France hosting the next in-person AI Safety Summit later this year. 

  1. The NIST Cybersecurity Framework v2.0 was released on 26th February 2024 while being similar in breadth there are significant structural changes over v1.1 such as a new function area of governance and different categories and sub-categories. 

  1. The Financial Reporting Council (FRC) issued an update to the revised UK Corporate Governance Code on 6th March. ISACA, with contributions from members of the ISACA London Chapter, responded to FRC’s consultation. The response document can be accessed here. 

  1. A Digital Policy Alliance (DPA) Cyber Security Skills session was held at Westminster on 20th February, that discussed a number of topics including cyber insurance guidance for schools, cyber apprenticeships, resettlement of ex-service personnel, cyber governors, micro-credentials, tech skills with a review of employer-led digital degrees and apprenticeships, UK-US skills co-operation. 

Legislation for national chapter governance

ISACA chapters are created on the basis of regulations in their respective countries, for example, based on whether they are an association, society, private limited company, or other basis under  Attorney General Office guidance.  In the case of the London Chapter, it was created as an association and then in November 2004, it was incorporated as a private company limited by guarantee (https://find-and-update.company-information.service.gov.uk/company/05291214/filing-history). This means it is a non-profit company, compared to a private limited company limited by shares which is for profit.   

In the UK, private limited companies have a status different from associations and charities: the London Chapter is bound by obligations to UK Companies House (https://www.gov.uk/government/organisations/companies-house ), and its Chapter leaders being UK directors under Companies House comply with director responsibilities (https://companieshouse.blog.gov.uk/2019/02/21/7-duties-of-a-company-director)under the UK Companies Act 2006 (https://www.legislation.gov.uk/ukpga/2006/46/contents).  Additionally, for most all types of entities in the UK, there are data privacy regulations under the UK Data Protection Act 2018  and the UK General Data Protection Regulation (GDPR) derived from the European Union's GDPR – see the UK Information Commissioner's Office, the independent supervisory body regarding UK data protection legislation (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr).

Public consultations: ISACA / ILC submissions

London Chapter members contributed to submissions by ISACA to the following public consultations from UK and international governmental entities. These align with ISACA Global's advocacy and government relations

2023 Corporate Governance Code Consultation by the Financial Reporting Council Consultation was responded to by ISACA in September 2023. 

Policy paper on AI regulation by the Department for Science, Innovation and Technology Consultation from June 2023 (outcomes still awaited).

The Department for Science, Innovation & Technology (DSIT) Portfolio of AI Assurance Techniques consultation case study response, led by ISACA London Chapter members, was submitted in November 2023 to the Centre for Data Ethics and Innovation (CDEI).

 

 

2023 Call for views on software resilience and security for businesses and organisations by the Department for Digital, Culture, Media and Sport

ISACA responded in May 2023 to a UK Government call for views on software resilience and security for businesses and organisations; considering risks across the entire software lifecycle and where government should direct its resources to have the most impact.

 

2023 Review of the Computer Misuse Act 1990: consultation and response to call for information by the Home Office

ISACA responded in April 2023 to the Home Office's invitation to consult on three proposals to amend the Computer Misuse Act 1990 and introduce new powers to help tackle cybercrime, covering domain name and IP address takedown and seizure, power to preserve data, data copying.

2021 Restoring trust in audit and corporate governance: proposals on reforms by the UK Business, Energy and Industrial Strategy

Government response (consultation outcome)