03 June 2025

The UK government is planning to extend Ofcom’s regulatory authority to include data centres, as part of efforts to enhance national cyber security under the upcoming Cyber Security and Resilience Bill (CSRB).

During a session with the Science, Innovation and Technology Committee on 20 May, Ofcom CEO Dame Melanie Dawes and Network and Communications Group Director Natalie Black discussed the evolving threat landscape and Ofcom’s role in safeguarding critical infrastructure.

Black emphasized the importance of secure infrastructure design from the outset, staff training, and managing risks associated with third-party suppliers. She noted that while existing legislation already addresses some security concerns, the CSRB offers an opportunity to further strengthen protections and adapt to emerging threats.

Dame Melanie Dawes confirmed that the bill’s scope will include regulation of data centres, which are now designated as critical national infrastructure (CNI). Ofcom has expressed willingness to regulate the sector more actively, with Minister Chris Bryant having approached the agency about expanding its oversight.

Under the proposed regulations, data centres with a capacity of 1MW or more would be in scope, while enterprise data centres exceeding 10MW would also be covered. The aim is to promote secure growth, investment, and resilience within the sector amidst an increasingly hostile cyber environment.

The government views this move as vital for levelling protections across utilities and ensuring that the UK’s digital infrastructure remains resilient against cyber threats. Further details are expected to emerge as the legislation develops.