Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to support UK companies to improve cybersecurity.
Answered by Baroness Lloyd of Effra - Baroness in Waiting (HM Household) (Whip)
Improving the cyber security of UK companies is critical to the resilience of our wider economy and is a priority for the government.
The Cyber Security and Resilience Bill will improve UK cyber defences and help protect our essential services. Our product security legislation and cyber security codes of practice are helping to ensure the technology people and businesses use is secure by design. We are also developing and growing the cyber security industrial base and skills pipeline to ensure companies have access to the services and capabilities they need. Together these system-wide measures aim to drive a step change in supporting companies across the economy to improve their cyber resilience.
In addition, the government wrote to the Chairs and CEOs of leading UK companies and asked them to better identify and protect themselves from cyber threats by making cyber a board-level priority by using the Cyber Governance Code of Practice, signing up to the National Cyber Security Centre (NCSC) Early Warning service, and requiring Cyber Essentials in their supply chains.
These actions are relevant to all businesses. To support them further, the government has developed a wide range of free resources, including the Cyber Action Toolkit offering tailored advice for small businesses, and NCSC-certified Cyber Advisors who provide advice and guidance on commercial terms, with SMEs eligible for a free 30-minute consultation.
Asked by: Max Wilkinson (Liberal Democrat - Cheltenham)
Question to the Home Office:
To ask the Secretary of State for the Home Department, what steps her Department is taking to help ensure that data collected by live facial recognition technology cannot be accessed by foreign states.
Answered by Sarah Jones - Minister of State (Home Office)
Police use of live facial recognition (LFR) is governed by data protection legislation, which requires that any processing of biometric data is lawful, fair, proportionate and subject to appropriate safeguards.
The Home Office does not collect or store data generated through police use of LFR. Police forces act as data controllers for the operational use of the technology and are responsible for ensuring that data is stored and handled securely, in line with data protection law and established policing standards.
LFR systems used by the police must be procured and operated in accordance with UK law and national security requirements. Police procurement decisions are subject to procurement legislation and Cabinet Office guidance on supply‑chain and national security risk. This includes having regard to cyber security standards and advice from the National Cyber Security Centre, which supports public sector organisations in protecting systems and sensitive data from cyber threats, including risks associated with third‑party suppliers and foreign access.
Operational guidance on the use of LFR is set out in the College of Policing’s Authorised Professional Practice (APP). The APP is national guidance developed and maintained by the College, following engagement with policing practitioners and relevant stakeholders. It sets out best practice and legal standards for police forces, making clear that any use of LFR must be lawful, necessary and proportionate, and must comply with data protection, equality and human rights legislation.
The APP sits alongside the Surveillance Camera Code of Practice, issued by the Home Secretary, which provides statutory guidance on the responsible and transparent use of surveillance cameras including facial recognition.
Asked by: Max Wilkinson (Liberal Democrat - Cheltenham)
Question to the Home Office:
To ask the Secretary of State for the Home Department, if she will publish a list of stakeholders that ministers have met to develop a best practice guidance for the use of Live Facial Recognition technology by the police.
Answered by Sarah Jones - Minister of State (Home Office)
Police use of live facial recognition (LFR) is governed by data protection legislation, which requires that any processing of biometric data is lawful, fair, proportionate and subject to appropriate safeguards.
The Home Office does not collect or store data generated through police use of LFR. Police forces act as data controllers for the operational use of the technology and are responsible for ensuring that data is stored and handled securely, in line with data protection law and established policing standards.
LFR systems used by the police must be procured and operated in accordance with UK law and national security requirements. Police procurement decisions are subject to procurement legislation and Cabinet Office guidance on supply‑chain and national security risk. This includes having regard to cyber security standards and advice from the National Cyber Security Centre, which supports public sector organisations in protecting systems and sensitive data from cyber threats, including risks associated with third‑party suppliers and foreign access.
Operational guidance on the use of LFR is set out in the College of Policing’s Authorised Professional Practice (APP). The APP is national guidance developed and maintained by the College, following engagement with policing practitioners and relevant stakeholders. It sets out best practice and legal standards for police forces, making clear that any use of LFR must be lawful, necessary and proportionate, and must comply with data protection, equality and human rights legislation.
The APP sits alongside the Surveillance Camera Code of Practice, issued by the Home Secretary, which provides statutory guidance on the responsible and transparent use of surveillance cameras including facial recognition.
Asked by: Max Wilkinson (Liberal Democrat - Cheltenham)
Question to the Home Office:
To ask the Secretary of State for the Home Department, what steps her Department plans to take to ensure that data collected by live facial recognition will be stored safely.
Answered by Sarah Jones - Minister of State (Home Office)
Police use of live facial recognition (LFR) is governed by data protection legislation, which requires that any processing of biometric data is lawful, fair, proportionate and subject to appropriate safeguards.
The Home Office does not collect or store data generated through police use of LFR. Police forces act as data controllers for the operational use of the technology and are responsible for ensuring that data is stored and handled securely, in line with data protection law and established policing standards.
LFR systems used by the police must be procured and operated in accordance with UK law and national security requirements. Police procurement decisions are subject to procurement legislation and Cabinet Office guidance on supply‑chain and national security risk. This includes having regard to cyber security standards and advice from the National Cyber Security Centre, which supports public sector organisations in protecting systems and sensitive data from cyber threats, including risks associated with third‑party suppliers and foreign access.
Operational guidance on the use of LFR is set out in the College of Policing’s Authorised Professional Practice (APP). The APP is national guidance developed and maintained by the College, following engagement with policing practitioners and relevant stakeholders. It sets out best practice and legal standards for police forces, making clear that any use of LFR must be lawful, necessary and proportionate, and must comply with data protection, equality and human rights legislation.
The APP sits alongside the Surveillance Camera Code of Practice, issued by the Home Secretary, which provides statutory guidance on the responsible and transparent use of surveillance cameras including facial recognition.
Asked by: Victoria Collins (Liberal Democrat - Harpenden and Berkhamsted)
Question to the Department for Education:
To ask the Secretary of State for Education, what assessment her Department has made of the amount of technology required by state schools in England.
Answered by Olivia Bailey - Parliamentary Under-Secretary of State (Department for Education) (Equalities)
The department monitors the level of technology required by state schools in England through the Technology in Schools Survey 2025, which captures evidence on digital infrastructure, devices and connectivity.
To support schools, the department has published clear digital and technology standards, covering broadband, wireless networks, filtering and monitoring, cyber security, cloud storage, devices and digital leadership. These standards help schools make informed decisions about the technology required for safe and effective teaching.
We continue to invest in programmes such as Connect the Classroom and the Plan Technology for Your School service to ensure all schools can meet these expectations by 2030.
Asked by: Ben Obese-Jecty (Conservative - Huntingdon)
Question to the Ministry of Defence:
To ask the Secretary of State for Defence, pursuant to the answer of 2 February 2026 to question 108885 on Defence: Artificial Intelligence, what is the full scope of the AI Enabled Cyber Defence project.
Answered by Luke Pollard - Minister of State (Ministry of Defence)
The Ministry of Defence does not routinely provide detailed or ongoing commentary on the development, deployment, or performance of AI related projects. Releasing such information could reasonably be expected to prejudice UK national security and Defence capability by revealing sensitive details about current or emerging systems, their maturity, and operational relevance.
Asked by: Neil O'Brien (Conservative - Harborough, Oadby and Wigston)
Question to the Department for Transport:
To ask the Secretary of State for Transport, for what reason (a) the number of staff and (b) and staff costs have increased at the Civil Aviation Authority since April 2017.
Answered by Keir Mather - Parliamentary Under-Secretary (Department for Transport)
Since 2016, the CAA’s regulatory perimeter has expanded significantly. Following EU Exit, the CAA developed new rulemaking and regulatory oversight functions to replace those delivered by the European Aviation Safety Agency until 2020, including the creation of a UK state of design function. As a result of the Space Industry Act 2018, the CAA became the UK Space Regulator in 2021. At the same time, the CAA has grown to respond to the development of novel aviation technology (including drones, air taxis and future propulsion such as hydrogen), setting regulatory frameworks and standards to enable tomorrow’s aerospace to innovate and grow. The Future of Flight technologies have the potential to contribute up to £103 billion to the UK economy over the next 25 years.
Reflecting its strategic objectives and the government’s priorities, the CAA has created additional capacity in five areas; in economic regulation and consumer enforcement to manage increased ambition and expectations; to fulfil CAA’s expanded remit in relation to airspace modernisation; to deliver new cyber security oversight responsibilities for the aviation sector; and to deliver the CAA’s sustainability roles, including those it took on from the Independent Commission for Civil Aviation Noise; together with increases in back-office areas supporting these teams. All of this has been delivered with a focus on efficiency and efficacy, enabling increased investment in CAA services to its customers.
Asked by: Wendy Morton (Conservative - Aldridge-Brownhills)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, with reference to HCWS1249, what estimate he has made of the number of legacy digital systems in use across government; what timetable exists for decommissioning the highest-risk systems, what resources are available to support “secure by design” requirements; and what assessment has been made of the impact of the government vulnerability scanning service.
Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)
The most recent assessment of the scale of legacy systems across the public sector was conducted as part of the State of Digital Government Review, which found that 28% of public sector systems were identified as legacy IT. Individual departments remain responsible for addressing their highest risk systems. While DSIT provides oversight, it does not hold central information on all these plans.
The Secure by Design approach provides delivery and project teams with clear principles and activities to follow to increase the cyber resilience and security of new and emerging systems, services and technology infrastructure. A central DSIT team supports them through a community of champions, nominated by their respective organisation.
Over 700 public sector organisations have now signed up to the vulnerability scanning service, with the service finding and helping fix over 100 critical vulnerabilities a month.
Asked by: Andrew Rosindell (Reform UK - Romford)
Question to the Ministry of Defence:
To ask the Secretary of State for Defence, what steps he has taken to improve cybersecurity protections for critical national infrastructure.
Answered by Al Carns - Parliamentary Under-Secretary (Ministry of Defence) (Minister for Veterans)
The Ministry of Defence takes cyber security very seriously, particularly with regard to critical national infrastructure. We do not comment publicly on the detail of our protections for security reasons.
Asked by: Andy MacNae (Labour - Rossendale and Darwen)
Question to the Ministry of Defence:
To ask the Secretary of State for Defence, what progress he has made on establishing a National Cyber Force HQ in Lancashire.
Answered by Al Carns - Parliamentary Under-Secretary (Ministry of Defence) (Minister for Veterans)
Plans to establish the National Cyber Force (NCF) HQ in Samlesbury are progressing as scheduled. For security reasons, we do not disclose details regarding operational status, precise locations, or specific aspects of our sites.
The NCF continues to support the development of cyber security expertise in the region, including through its long‑standing involvement in initiatives such as the Lancashire Cyber Partnership, the North‑West Cyber Corridor, and through bursary and direct‑entry schemes.