Question to the HM Treasury:

To ask His Majesty's Government what steps they are taking to strengthen data privacy and cybersecurity standards for artificial intelligence tools used in financial services.

The UK’s data protection legislation applies to companies providing services to people in the UK, if they are processing personal data. The legislation is independently regulated by the Information Commissioner's Office (ICO).

As noted in the Bank of England and FCA’s 2024 strategic approach to AI updates, UK data requirements also apply to financial services firms, including in their use of AI.

Cyber security is a top priority for the Government, and HM Treasury works with the financial authorities, the national technical authorities, industry and international partners to strengthen the financial sector’s resilience to threats and hazards of all origins, including cyber risks.

The financial authorities deploy a range of tools to ensure firms are resilient to the wide range of risks that they could face. This includes the regulators’ operational resilience policy, threat-led penetration testing, and sector-wide cyber stress testing. Technical advice is also provided by the National Cyber Security Centre and the National Protective Security Authority.

HM Treasury collaborates closely with financial regulators and international partners to address AI and cybersecurity challenges. For instance, we worked alongside G7 counterparts through the Cyber Expert Group to publish a joint statement highlighting both the risks and opportunities on AI and cybersecurity.