Ransomware payments to be banned in the UK
22/07/2025 | UK Government
The Home Office and National Cyber Security Centre (NCSC) have announced new measures to protect hospitals, businesses, and critical services from ransomware attacks. Following a public consultation, the proposals aim to disrupt the business models adopted by cybercriminals, which cost the UK economy millions of pounds annually and pose severe risks.
Under the new plan, public sector bodies and critical national infrastructure operators, including the NHS, local councils, and schools, would be banned from paying ransom demands. The ban, supported by nearly three-quarters of consultation respondents, seeks to make these vital services less attractive targets. Businesses not covered by the ban would be required to notify the government of any intent to pay a ransom, enabling advice and support, including warnings about potential sanctions violations. Additionally, a new mandatory reporting regime is being developed to provide law enforcement with crucial intelligence to track and disrupt perpetrators and better support victims.
Additional legal analysis by Pinsent Masons.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 6,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.