ICO and NCSC Sign Joint Memorandum of Understanding for Information Sharing
Time 2 Minute Read
Categories: Cybersecurity, Information Security, International

On September 12, 2023, the UK Information Commissioner, John Edwards, and the Chief Executive of the National Cyber Security Centre (NCSC) of the UK, Lindy Cameron, signed a joint Memorandum of Understanding (MoU) that sets forth a framework for cooperation and information sharing between the ICO and the NCSC. The MoU states the general aims “are to codify and enhance working” between the ICO and NCSC so as to “assist them in discharging their functions.”

The MoU details how the ICO and NCSC will work together in the following areas:

  1. The development of cybersecurity standards and guidance by each party. For example, should the ICO wish to use the NCSC Cyber Assessment Framework (CAF), which is available to cyber security regulators to use, NCSC will provide advice on how CAF is intended to be used and technical support about its application.
  2. Assessing and influencing improvements in cybersecurity practices of regulated organizations. For example, where appropriate, The NCSC may provide to the ICO cybersecurity advice and assistance, which is technical in nature and focuses on cybersecurity risk management.
  3. Information sharing. For example, in relation to relevant cyber threat information. The MoU clearly states that the NCSC will not share with the ICO information from an organization with which it is engaged regarding a cyber incident, unless it has the organization’s approval to do so.
  4. The NCSC supporting the ICO’s own cybersecurity. For example, the NCSC may provide consultancy advice to the ICO.
  5. Harmonization between the NCSC and the ICO in relation to incident management. For example, when an organization reports a cyber incident to the ICO that the ICO deems may be a nationally significant cyber incident, the ICO will recommend and encourage notification to the NCSC.
  6. Public communications and press releases. For example, to the extent practicable, public communications on matters involving both the ICO and NCSC will be agreed upon in advance to support consistency.
Tags: Information Commissioners Office, United Kingdom
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
UK Regulators Issue Joint Statement on Age Assurance for Online Services

On March 25, 2026, the UK Information Commissioner’s Office and the UK Office of Communications released a joint statement addressing the intersection of online safety and data protection in relation to age assurance.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Publishes Guidance on Recognized Legitimate Interest Basis

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
UK ICO Launches Consultation on New Guidance on Research, Archiving and Statistics Provisions

On February 27, 2026, the UK ICO announced a public consultation on proposed updates to its guidance concerning research, archiving and statistics to reflect the changes introduced by the Data (Use and Access) Act 2025.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Privacy

On February 24, 2026, the UK ICO announced that it had fined Reddit, Inc. £14.47 million following an investigation into the company’s handling of children’s personal information.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page