Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, what assessment he has made of the adequacy of the Civil Contingencies Act 2004 for responding to cyber attacks.

The Civil Contingencies Act (CCA) 2004 and the associated Regulations deliver a single framework for civil protection in the UK. The Cabinet Office has a legal obligation to review the CCA every five years. The most recent review was published in March 2022 and concluded that the Act continues to achieve its stated objectives. The next review will be by 2027.

The legislation is deliberately broad ranging and sets out the requirements to consider all emergencies that threaten serious damage to human welfare in the UK; the environment of a place in the UK; or war, or terrorism, which threatens serious damage to the security of the UK.

We have been clear that cyber security is an absolute necessity to protect the British people, our public services and businesses. The UK has arrangements in place for a range of potential emergencies, including cyber attacks.