techUK summary: DCMS proposes new laws to embed standards and pathways across the cyber profession

DCMS have published documents which outline how the UK will embed standards and pathways across the cyber profession by 2025.

DCMS have revealed that The UK Cyber Security Council requires new powers to raise the bar and create a set of agreed qualifications and certifications so those working in cyber security can prove they are properly equipped to protect businesses online. techUK will work with DCMS to understand how the proposed professionalisation of cyber will impact members.

The cyber security profession is still in development and draws upon multiple specialisms. It has now reached a level of maturity where it needs its own identity, shape and form. To help develop the profession, the government funded the creation of the UK Cyber Security Council which launched in March 2021. The government sees this body as the authority of the cyber profession, bringing together the existing work of professional and certifications organisations in this space, to meaningfully communicate and assure consistency across standards and pathways.

techUK has summarised the consultation below. 

Embedding standards and pathways across the cyber profession by 2025.

The government is committed to ensuring the UK has enough people with the necessary skills to support the tech sector and to ensure that the UK can manage and respond to cyber threats. While the tech sector continues to draw more people into cyber careers, it is not yet clear what specific skills are needed for businesses. A better organised cyber profession will also make it easier to attract and retain people and help them drive their career forward, as current efforts still have a long way to go to address the lack of diversity in the cyber workforce.

This consultation asks for views on how to best ensure the UK Cyber Security Council is suitably empowered to be the voice of the profession, and to tackle the scale and diversity of the skill shortage which the government and industry wants to address. The proposals will recognise cyber as a profession similar to the more established fields such as accounting, law and engineering and are set out to provide clarity on and more easily accessible pathways into the profession.

techUK members are able to submit their views on the proposals to DCMS here. The closing date for responses is 11:45pm on Sunday 20  March 2022. 

To input into the techUK response please get in touch with the Cyber team.


The proposals covered by this consultation and their proposed measures:

Continuation of support to ensure that the UK Cyber Security Council stands up and establishes itself as a sustainable and credible organisation over the next strategic period. The government currently supports the Council through:

  • Grant funding for the first four years of the Council’s operation to allow it to develop a business model and membership base to make it self-funding
  • Support the Council’s recent application of Royal Charter Status
  • Continue to align the government cyber profession with the standards and frameworks developed by the Council
  • Transferring responsibility for relevant cyber security standards, when the Council reaches the necessary level of development, from government, to the Council.

Further legislative government intervention considerations:

  • Formal recognition of the Council as the designated authority on the cyber profession
  • Introduction of statutory regulation under a specific legislative scheme meaning cyber professionals regarded as under-qualified would be prohibited from carrying out activities related to essential cyber security functions and would need to be assessed by the Council before being permitted to practice
  • Introduction of statutory regulation which would require individuals having to meet competency standards set by the Council before they can utilize a specific professional job title across the range of specialisms in cyber security.
  • Consideration of the value of a Register of Practitioners – similar to what exists in the medical and legal professions.

Further non-legislative government intervention considerations:

  • Consideration of the levers the government should explore to increase the use of professional standards and pathways
  • Consideration of government procurement requirements
  • Government departments and public sector bodies should align recruitment and professional development standards to those developed through the Council.

techUK's summary of the first consultation can be found here