02 Apr 2019

techUK publishes guidance on Examining Cyber Security Export Risks

Helping UK cyber companies export technologies responsibly.

techUK today published refreshed guidance on 'Examining Cyber Security Export Risks'. Originally published in 2015, the updated guidance provides cyber companies of all sizes with actionable advice designed to help them identify and manage risks of exporting a wide range of products and services in the cyber domain.   

Exports of cyber technologies and solutions are a significant opportunity for the UK economy. This has been recognised by Government who, through the Department for International Trade (DIT), released its Cyber Security Export Strategy in 2018. The Strategy acknowledges that the UK operates one of the “most robust” export control regimes in the world and risks around human rights abuses are a key part of the assessment process that UK companies operate. There is a wide array of cyber capabilities, ranging from cutting-edge defence capabilities to basic cyber hygiene for citizens. Some of these cyber capabilities can be abused and used inappropriately by the end user and, therefore, pose a risk to human rights, national security, and to the reputation and legal standing of the exporter.  

This guidance explores how companies should adapt their own due diligence processes to consider human rights risks and argues that companies should always look to engage with the Export Control Organisation whilst exporting. It also encourages UK companies to collaborate and share lessons learned to the benefit of the UK cyber sector, through organisations like techUK. 

The guidance has been developed by techUK’s Cyber Security Programme in partnership with the DIT Defence & Security Organisation and the Foreign and Commonwealth Office as part of the Cyber Growth Partnership.  

Mark Goldsack CBE, Director, Defence & Security Organisation, Department of International Trade, said:  

The UK operates a robust export control regime that ensures that human rights and proliferation concerns are a key part of the decision-making process. Export control is only one part of this, and the Government welcomes techUK’s updated human rights risk assessment guidance. It aims to help companies assess the legal and reputational risks associated with the export of cyber security capabilities and should be used alongside their existing due diligence processes.”  

Julian David, Chief Executive Officer, techUK said: 

“Cyber security tools are a vital part of the UK’s efforts to become a world-leading digital economy. But in the wrong hands, they can be used to undermine national security and human rights. Companies have a responsibility to navigate a complex landscape of export controls and regulation to ensure that their technologies do not fall into the hands of malicious actors. This guidance, developed with the Cyber Growth Partnership, aims to help companies achieve compliance with international export regulations, giving them confidence in the deals they make abroad and reducing legal and reputational risks.”