Written questions by Aldridge.

Innovation and Technology, if she will make an assessment of the potential merits of bringing forward legislative proposals to require the use of digital watermarking on AI images.

The government continues to explore the feasibility of technical solutions for the identification of AI-generated content, such as digital watermarking, to support transparency.AI is a general-purpose technology with a wide range of applications, which is why the government believes that most AI systems should be regulated at the point of use. In response to the AI Action Plan, the government committed to work with regulators to boost their capabilities. The government has been clear that we will legislate where needed but we will do so on the basis of evidence where any serious gaps are.

Innovation and Technology, what steps her Department is taking to promote the use of content authentication technologies to help identify AI-generated content online; and if she will consider regulatory intervention to ensure provenance signals are preserved and visible to users.

Exploring solutions for enabling users and institutions to determine what media is real and what is AI-generated is a key part of tackling a wide range of AI risks. The government is examining the robustness of a range of such solutions in this space through the recent Deepfake Detection Challenge.AI is a general-purpose technology with a wide range of applications, which is why the government believes that the vast majority of AI systems should be regulated at the point of use. In response to the AI Action Plan, the government committed to work with regulators to boost their capabilities. The government has been clear that we will legislate where needed but we will do so on the basis of evidence where any serious gaps are.

Innovation and Technology, whether his Department plans to mandate the use of AI labelling tools to differentiate between real and synthetic content.

The Government recognises that solutions to enable users and institutions to determine what media is real and what is AI-generated can help in tackling a range of AI risks, and are examining the robustness of a range of such solutions in this space.The Government is also making sure our statute book is ready for the age of AI and its huge opportunities. The Government will update Parliament in due course.

Innovation and Technology, what steps his Department is taking to ensure Ofcom requires all user-to-user services to remove child sexual abuse content from their platforms.

The Online Safety Act creates new duties on online services to tackle illegal content and activity. The strongest duties are to protect children from sexual abuse and exploitation (CSEA) and to stop child sexual abuse material (CSAM) from being shared. The illegal content duties have been in effect from 17 March. Ofcom is the regulator for the regime and has set out steps providers can take including strong automated content moderation and takedown measures. Ofcom will continue to develop their codes iteratively, including additional measures to detect, prevent and remove CSAM.

Innovation and Technology, what steps his Department is taking to prevent children from receiving (a) harmful content and (b) misinformation from chatbots.

AI generated content is regulated by the Online Safety Act where it is shared on an in-scope user-to-user or search service and constitutes illegal content or content which is harmful to children. This includes mis- and dis- information where it is assessed to present material harm to a significant number of children. Providers of pornographic content must also prevent children from accessing that content.Chatbots with functionalities that bring them into scope of the Online Safety Act will be required to comply with the relevant duties including preventing children from encountering harmful content – whether that is real or synthetic.

Innovation and Technology, what assessment he has made of the potential impact of the increased use of AI by (a) cyber-criminals and (b) nation state actors on cyber security risks to the UK.

Cyber security is a priority for the government. We are taking action to protect businesses, citizens and essential services against cyber threats. Last year the National Cyber Security Centre (NCSC) said AI will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, however the impact on the cyber threat would be uneven. The full report is at https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat .The Cyber Security and Resilience Bill will require regulated organisations to adopt cyber security measures which protect against a wide range of cyber threats, including AI-enabled threats. Further details on the Cyber Security and Resilience Bill will be published in due course.Cyber attacks cost the UK economy billions of pounds per year, resulting in serious disruption for businesses and individuals, and disruption to supply chains and public services. Cyber attacks harm confidence and investment in UK technology, while intellectual property can be stolen which has cost billions of pounds to develop. The Cyber Security Breaches Survey [https://www.gov.uk/government/collections/cyber-security-breaches-survey] sets out further details on the impact of cyber threats and we will publish further research on this in due course.

Innovation and Technology, what assessment he has made of the adequacy of the UK's contingency plans to tackle quantum cyber threats; and if he will conduct a comparative assessment on the effectiveness of these measures compared to those used by his international counterparts.

The government recognises the cyber threats posed by quantum computing. The NCSC recently issued new guidance to help organisations prepare for and protect against threats posed by future developments in quantum computing [https://www.ncsc.gov.uk/guidance/pqc-migration-timelines]. The guidance is focused on migrating to post-quantum cryptography to mitigate the potential future quantum threat to encryption services, and identifying and mitigating cyber risks during the migration.The Department for Science, Innovation and Technology and NCSC have also commissioned external research to understand industry barriers and incentives to migrate to post-quantum cryptography. This will be used to inform future policy interventions to drive the transition.The government continues to monitor developments in quantum computing and uptake of post-quantum cryptography, including working with other countries to keep UK citizens and organisations secure. The government continues to assess wider cyber risks from critical and emerging technologies on an ongoing basis.

Innovation and Technology, whether the Cyber Security and Resilience Bill will ensure that data centres are (a) secure and (b) resilient.

Our current cyber security laws – the NIS Regulations (2018) – are inherited from the EU and are the UK’s only cross-sector cyber security-specific legislation. The cyber threat has since evolved since 2018 due to AI and other technology and geopolitical trends. The laws therefore require an urgent update to ensure UK infrastructure and economy is not comparably more vulnerable. This is why we announced the Cyber Security and Resilience Bill, which will improve the UK’s cyber defences, strengthen our regulatory approach and protect more digital services and supply chains.The government announced in September 2024 that data centres have been designated as critical national infrastructure, meaning the sector will benefit from greater government support in preparing for and managing critical incidents. Further details on the content of the Cyber Security and Resilience Bill will be published in due course.

Innovation and Technology, what assessment he has made of the potential impact of (a) AI-enabled and (b) other cyber attacks on economic (i) security and (ii) competitiveness.

Cyber security is a priority for the government. We are taking action to protect businesses, citizens and essential services against cyber threats. Last year the National Cyber Security Centre (NCSC) said AI will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, however the impact on the cyber threat would be uneven. The full report is at https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat .The Cyber Security and Resilience Bill will require regulated organisations to adopt cyber security measures which protect against a wide range of cyber threats, including AI-enabled threats. Further details on the Cyber Security and Resilience Bill will be published in due course.Cyber attacks cost the UK economy billions of pounds per year, resulting in serious disruption for businesses and individuals, and disruption to supply chains and public services. Cyber attacks harm confidence and investment in UK technology, while intellectual property can be stolen which has cost billions of pounds to develop. The Cyber Security Breaches Survey [https://www.gov.uk/government/collections/cyber-security-breaches-survey] sets out further details on the impact of cyber threats and we will publish further research on this in due course.

Innovation and Technology, what steps he is taking to help tackle the threat posed by quantum computing to cybersecurity infrastructure.

The government recognises the cyber threats posed by quantum computing. The NCSC recently issued new guidance to help organisations prepare for and protect against threats posed by future developments in quantum computing [https://www.ncsc.gov.uk/guidance/pqc-migration-timelines]. The guidance is focused on migrating to post-quantum cryptography to mitigate the potential future quantum threat to encryption services, and identifying and mitigating cyber risks during the migration.The Department for Science, Innovation and Technology and NCSC have also commissioned external research to understand industry barriers and incentives to migrate to post-quantum cryptography. This will be used to inform future policy interventions to drive the transition.The government continues to monitor developments in quantum computing and uptake of post-quantum cryptography, including working with other countries to keep UK citizens and organisations secure. The government continues to assess wider cyber risks from critical and emerging technologies on an ongoing basis.

Innovation and Technology, whether he plans to include provisions within the Cyber Security and Resilience Bill on requiring regulated organisations to adopt cybersecurity to help tackle AI-enabled threats.

Cyber security is a priority for the government. We are taking action to protect businesses, citizens and essential services against cyber threats. Last year the National Cyber Security Centre (NCSC) said AI will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, however the impact on the cyber threat would be uneven. The full report is at https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat .The Cyber Security and Resilience Bill will require regulated organisations to adopt cyber security measures which protect against a wide range of cyber threats, including AI-enabled threats. Further details on the Cyber Security and Resilience Bill will be published in due course.Cyber attacks cost the UK economy billions of pounds per year, resulting in serious disruption for businesses and individuals, and disruption to supply chains and public services. Cyber attacks harm confidence and investment in UK technology, while intellectual property can be stolen which has cost billions of pounds to develop. The Cyber Security Breaches Survey [https://www.gov.uk/government/collections/cyber-security-breaches-survey] sets out further details on the impact of cyber threats and we will publish further research on this in due course.

Innovation and Technology, what assessment he has made of the effectiveness of (a) cyber security laws and (b) supporting regulatory guidance in preventing supply chain attacks on critical (i) services and (ii) infrastructure.

Our current cyber security laws – the NIS Regulations (2018) – are inherited from the EU and are the UK’s only cross-sector cyber security-specific legislation. The cyber threat has since evolved since 2018 due to AI and other technology and geopolitical trends. The laws therefore require an urgent update to ensure UK infrastructure and economy is not comparably more vulnerable. This is why we announced the Cyber Security and Resilience Bill, which will improve the UK’s cyber defences, strengthen our regulatory approach and protect more digital services and supply chains.The government announced in September 2024 that data centres have been designated as critical national infrastructure, meaning the sector will benefit from greater government support in preparing for and managing critical incidents. Further details on the content of the Cyber Security and Resilience Bill will be published in due course.

Innovation and Technology, what (a) guidance and (b) resources he is providing to (i) small and medium enterprises and (ii) other businesses to help (A) prepare for and (B) mitigate quantum cyber risks.

The government recognises the cyber threats posed by quantum computing. The NCSC recently issued new guidance to help organisations prepare for and protect against threats posed by future developments in quantum computing [https://www.ncsc.gov.uk/guidance/pqc-migration-timelines]. The guidance is focused on migrating to post-quantum cryptography to mitigate the potential future quantum threat to encryption services, and identifying and mitigating cyber risks during the migration.The Department for Science, Innovation and Technology and NCSC have also commissioned external research to understand industry barriers and incentives to migrate to post-quantum cryptography. This will be used to inform future policy interventions to drive the transition.The government continues to monitor developments in quantum computing and uptake of post-quantum cryptography, including working with other countries to keep UK citizens and organisations secure. The government continues to assess wider cyber risks from critical and emerging technologies on an ongoing basis.