The King announced in his speech earlier this week some detail about the European Partnerships Bill – mooted as perhaps the most important Bill in the speech – what does it actually mean?
“The European Partnerships Bill has the potential to be one of the most consequential changes announced in the King's Speech. As part of the government's desire to move closer to the EU in order to recapture some of the economic growth lost to Brexit, the Bill establishes a regulatory "framework" designed to allow the UK to swiftly implement and adapt to new co-operation agreements reached with the EU.
In simple terms, this means that the government will have the power to fast-track evolving Single Market regulations into UK law without triggering a full, traditional parliamentary vote on every update, though the government has maintained that Parliament will still "have a say" on the overarching agreements.
Initially, the priority areas for alignment are food and drink; energy and emissions trading; and youth mobility. However, other areas of alignment can be expected to emerge in due course. In this context, it will be interesting to see whether data and digital regulation - including cyber security - comes into focus. In the ten years since the Brexit vote, the EU has has moved quickly to regulate in this space, opening up increasing divergence with the UK. As part of its ambitious 'Digital Decade' initiative, designed to make the EU's tech rules fit for the 21st century, the Commission has brought forward new legislation in areas including data sharing (Data Act); artificial intelligence (AI Act); and cyber security (NIS 2 Directive and Cyber Resilience Act).
Whilst it could be argued that the EU's introduction of additional red tape has created a competitive advantage for the more lightly regulated UK, in reality many businesses operate across both markets, meaning that the shadow of EU regulation still has a material impact on the UK economy. But without full alignment, UK established businesses can find it harder to sell products or services into the EU and may be required to have more costly parallel compliance strategies for the British and European sides of their operations. In an area such as technology, it is a simple truth that most businesses that operate internationally prefer as much commonality as possible in terms of standards.
However, if this is the direction of travel then important questions emerge. For example, how will alignment with the EU on cyber security rules be squared with the government's own distinct work in this space, most notably the Cyber Security and Resilience Bill that is currently working its way through Parliament? The Bill takes a different (albeit not necessarily incompatible) approach to the cyber security of critical infrastructure versus the EU's NIS 2 Directive. Meanwhile, there is currently no direct equivalent to the EU's Cyber Resilience Act, which is a product safety style law requiring hardware and software products to have secure-by-design standards, mandatory updates, and vulnerability management throughout their lifecycle. The closest comparison is the UK's Product Security and Telecommunications Infrastructure Regulations 2003, although these have a narrower scope and are limited to certain consumer products.”