The UK's primary cyber crime statute, criminalizing unauthorized access to computer systems, unauthorized modification of computer material, and the creation or distribution of hacking tools. It was one of the first laws of its kind when enacted in 1990. Applies to offenses committed within or targeting systems in the United Kingdom.
The UK's primary data protection legislation, working alongside the UK GDPR after Brexit. It covers law enforcement processing, intelligence services processing, and supplements the UK GDPR with UK-specific derogations. Applies to all organizations processing personal data of individuals in the United Kingdom.
UK law imposing duty-of-care obligations on online platforms to protect users — especially children — from illegal and harmful content. Ofcom enforces with fines up to 10% of global turnover.
The retained EU GDPR as incorporated into UK law after Brexit, substantively similar to the EU version but enforced by the UK Information Commissioner's Office (ICO). Companies serving both EU and UK markets must comply with both versions independently. Applies to all organizations processing personal data of individuals in the United Kingdom.
