Blog
Court of Appeal clarifies data protection claims for non-material damage: A win for claimants - But what are the implications for controllers and processors?
Caroline Sheldon
In the wake of recent high-profile cyber-attacks on major retailers like Marks & Spencer and Co-op, the UK government has launched a new voluntary Code of Practice for software vendors at its flagship cyber security event, CyberUK 2025. This initiative sets a dynamic baseline for software security and resilience, aiming to help prevent such breaches in the future.
What’s new?
The Code, featuring 14 practical principles, focuses on creating robust cybersecurity measures. While it’s not mandatory, it’s a powerful tool for vendors to enhance their security posture and build trust with customers.
Integration with broader guidance
The Code is part of a comprehensive cybersecurity strategy led by the Department for Science, Innovation and Technology. It complements other voluntary codes, including those for cyber governance, AI cybersecurity, and app store operations, aiming to ensure a holistic approach to digital security.
Assurance and compliance
Vendors can self-assess or opt for independent audits to demonstrate compliance. The National Cyber Security Centre has introduced an assurance process through Cyber Resilience Test Facilities, aligned with the Cyber Resilience Testing Assurance Principles and Claims standard.
Looking Forward
A certification scheme is on the horizon, promising to further bolster trust in software security. However, for now, whilst the Code has strong potential to improve software security, we’ll have to wait and see whether its voluntary nature limits its effectiveness.
Tech companies navigating this evolving landscape may benefit from early legal guidance, particularly where assurance and certification intersect with contractual obligations or regulatory risk.
Further information
If you have any questions regarding this blog, please contact Christopher Perrin in our Corporate, Commercial & Finance team.
About the author
Christopher Perrin is a highly experienced solicitor who leads the Corporate, Commercial and Finance team’s general Commercial & Technology Contracts, Outsourcing & Data legal advisory services.
We welcome views and opinions about the issues raised in this blog. Should you require specific advice in relation to personal circumstances, please use the form on the contact page.
You may also be interested in:
Blog
5 Reasons Why Fundraising can Go Wrong
James Fulforth
Blog
Three Cautionary Tales for UK Tech Companies
Christopher Perrin
Share insightLinkedIn X Facebook Email to a friend Print