UK government responds to call for views on enterprise connected device security
The government has responded to its call for views on enterprise connected device security which ran from 12 May to 4 August 2025. The response includes an overview of the feedback received and key themes that emerged, as well as the next steps that the government will take to improve the cyber security of connected devices used in a business setting across the UK. It is asking manufacturers to use the device security principles for manufacturers currently available on the National Cyber Security Centre webpage to make their products secure by design. It will review whether it should expand the scope of this work beyond enterprise connected devices as part of its ongoing analysis of securing the broader technology landscape. It will look at finalising the security principles, including making this modular within the broader set of secure by design codes of practice for technology and explore the feasibility of a certification scheme for manufacturers. Finally, it intends to assess options for potential regulatory measures given respondent feedback that the government needs to go further than voluntary adoption and include some form of assurance or enforcement mechanism.
UK government calls for evidence on possession of radiofrequency jammers and the relevant legal framework
The government is seeking views on radiofrequency jammers and the UK legal framework that applies to them. It would like views on the harms caused by illegal use and possession of radiofrequency jammers, how effective current laws and enforcement are in terms of deterrence and enforcement and whether changes, including around possession, may be needed. The government would also like to understand the legitimate uses of radiofrequency jammers. The Wireless Telegraphy Act 2006 bans the use and possession of non-compliant equipment, but proving a person used a jammer to cause interference can be difficult to evidence. The Crime and Policing Bill will make it illegal to possess or share electronic devices used to steal cars and could lead up to an up to five years’ jail sentence. The government says that feedback from the call for evidence will inform any future legislation so that any new measures are based on evidence and proportionate, while effectively protecting critical national infrastructure from illegal threats.
NCA launches CSEA reporting portal under Online Safety Act regulations
The National Crime Agency has launched the Child Sexual Exploitation and Abuse Industry Reporting Portal. This follows the introduction of the Online Safety (CSEA Content Reporting by Regulated User-to-User Service Providers) Regulations 2026 SI 2026/268. The Portal facilitates mandatory reporting duties under the Online Safety Act 2023, requiring UK-based regulated services to report all detected and unreported CSEA content. Non-UK providers must only report content linked to the UK.
EDPB issues annual report 2025
The European Data Protection Board has issued its annual report for 2025. It highlights a year focused on simplifying GDPR compliance, strengthening cross‑regulatory cooperation, and deepening engagement with stakeholders. Key milestones included the adoption of the Helsinki Statement to enhance legal certainty and transparency, consultations on templates and major guidelines, and joint work with the European Commission on the interplay between GDPR and new digital laws such as the DMA, DSA and the AI Act. The Board also contributed to EU‑level regulatory simplification efforts, issued multiple joint opinions (including on the Digital Omnibus proposals), adopted new guidelines on pseudonymisation, blockchain, and third‑country data transfers including the UK, and published several adequacy‑related opinions. International cooperation remained strong through participation in global privacy forums, while enforcement activity continued at scale, with over 400 new cross‑border cases and more than €1.15 billion in fines issued by national regulators.
