Overview
The National Security Act 2023 addresses hostile state threats using security professionals and outlining compliance requirements to prevent legal offences.
Recently, Johnathan Hall KC, the UK's independent reviewer of terrorism legislation and state threats, mentioned in a radio interview the dangers to the nation’s security from the unchecked and unaccountable activities of some "private investigator" agencies when accepting assignments from hostile foreign governments.
State Threats Defined
State threats refer to actions by foreign governments that harm or threaten the UK without resorting to armed conflict. These can include:
• Sabotage of assets and infrastructure
• Espionage to steal sensitive information
• Undermining democratic values and freedoms through intimidation or manipulation of public discourse
Security professionals may be targeted by foreign state actors to gather sensitive information on individuals or organisations, particularly those critical of their regime.
National Security Act 2023
Enacted on December 20, 2023, the Act empowers security services and law enforcement to address state threats. Key offences include:
• Collaborating with foreign intelligence services
• Accepting benefits from foreign powers
• Conducting foreign interference activities
• Unauthorised access to trade secrets or protected information
The Act's provisions apply regardless of where the conduct occurs, emphasising the need for vigilance among security professionals.
Foreign Influence Registration Scheme (FIRS)
The FIRS aims to increase transparency regarding foreign influence in UK politics. It mandates the registration of foreign-directed political influence activities, with an online portal for submissions. Registration does not imply illegitimacy but is necessary for compliance.
Guidance for Security Professionals
The guidance provided by the Home Office, here is intended to reduce risks and improve awareness of state threats within the security sector.
Professionals are advised to:
• Conduct due diligence on clients to determine potential foreign links
• Recognise signs of state actor involvement, such as inadequate client information or suspicious requests
• Report any suspicious activity to the Anti-Terrorism Hotline or relevant authorities.
The ABI recognises that hostile states are actively pursuing malicious objectives by involving investigative agencies that may unknowingly or carelessly accept assignments. The ABI suggests that professionals add “Purpose verification” to their due diligence.
The most common activities agencies might be asked to assist with include:
· Surveillance, both physical and technical
· Profiling
· Tracking and locating individuals
These assignments will almost certainly involve the handling of personal data. Consequently, by adhering to the best practice guidance outlined in the ICO-approved ABI UK GDPR Code of Conduct for Investigative & Litigation Support Services, the threat is greatly reduced, if not entirely eliminated. Participating in the Code Membership Scheme ensures that an agency's compliance is evaluated annually against the Code's standards by an independent monitoring body that is both UKAS accredited and approved by the ICO.
Resources and Further Information
The Home Office - Do you know who you’re working for?
The Home Office Consultation (3rd March 2025) - Invite
Additional resources are available on the MI5 website, GOV.UK, and the National Protective Security Authority's threat page, offering detailed guidance on state threats and compliance with the National Security Act 2023.
