UK Law and Practice Contributed by: Ben Morgan, Ali Sallaway, Matthew Bruce and Emily Knight, Freshfields
1. Market Overview 1.1 Market Comparison
require private companies to comply with nec- essary risk-mitigation steps to address a crisis. The pandemic resulted in both the private and public sectors assessing existing crisis man- agement frameworks. As a result, the govern- ment overhauled its resilience and emergency response structures to establish a new unit, the Resilience Directorate, to work closely alongside the Cabinet Office Briefing Rooms Unit (COBR), to improve the response of the public sector to a crisis. In light of this, the previous government published a series of strategies, including the Net Zero Strategy, the National Cyber Strategy and the British Energy Security Strategy, fol- lowed by the Resilience Framework in 2022. Looking ahead to future developments, the legal structure governing crisis management is expected to continue to progress in light of les- sons from high-profile cybersecurity and data breach incidents, as well as the COVID-19 pan- demic. There have been several reports and pro- posals published recently, which have advised the government on how it should shape future crisis management regulatory and legal require- ments; these include the reports by the National Infrastructure Commission and the COVID-19 Public Inquiry. The government has indicated that it will respond to proposals by publishing its Resilience Strategy in late 2025. Regulators are also updating and publishing requirements and guidance on resilience frame- works targeted at the private sector. By way of example, in September 2024, Ofcom (the com- munications regulator) published guidance for communications providers on resilience-related security duties under the Communications Act 2003. The guidance provides suggested exam- ples of best practice on the architecture, design and operational models that underpin resilient
The recent commercial uncertainty in the UK due to shifts in the government and fast-mov- ing geopolitical developments has resulted in a dynamic crisis management environment. The private sector has had to respond under pres- sure, originally in light of COVID-19, then in response to major state conflicts and currently the frequent changes to international trade, reg- ulation and enforcement approaches. The fact that uncertainty has become “business as usual” has resulted in businesses coupling crisis man- agement with crisis preparedness, dealing with immediate issues as they arise but also looking in the longer term at securing operational resil- ience in uncertain times. The focus of organisa- tions is increasingly on prevention, as much as remediation following a crisis. Given the significant impact that crises can have on the performance of businesses and on their stakeholders, senior management has been under pressure to lead the way in ensuring they can manage risks to business continuity effec- tively. This is partly evident from the UK Corpo- rate Governance Code placing greater emphasis on the importance of boards managing material business risk, including by extending the disclo- sure requirements in respect of these issues in annual reports. The existing public laws governing the response of public agencies to a crisis are primarily con- tained in the Civil Contingencies Act, which pro- vides a single framework for civil protection in the UK, setting out how the public sector should respond to a crisis. The legislation includes pro- visions giving the government broad discre- tion to introduce temporary special legislation under emergency powers. This could be used to
130 CHAMBERS.COM
Powered by FlippingBook