Skip to content
Menu
menu

Illustration by iStock; Security Management

Vendor Beware: UK Outlines Risks and Consequences of Taking on State Actors as Security Clients

“The services you offer as a security professional may be attractive to state actors looking to undertake malign activity in the UK and you may be at risk of committing an offence under new legislation,” said a guide released this week from the UK Home Office.

The Home Office noted that UK security professionals are at risk of being approached by nation-states to conduct activities due to their access to valuable information sources and professionals’ ability to collect information or investigate individuals.

 

State actors might ask security professionals to gather information on political dissidents.

“Activity could include gathering information on their pattern of life, associates and vulnerabilities, which could assist in the undertaking of intimidation or even serious physical threats, up to and including assassinations,” the guide said.

State actors could also hire UK security professionals to collect information about the design, configuration, or operation of critical infrastructure.

As an example, the guide offered several scenarios, including: “Business A was offered a contract to undertake security consultancy on the construction, in the UK, of a building by a foreign government. During that contract, Business A was asked to disclose measures used to protect UK government buildings. Business A provides this UK government information to the foreign government, committing an offence under the National Security Act 2023.”

Generally, the guide emphasized the need for due diligence in evaluating potential security clients before taking on new jobs. This echoes prior guidance from U.S. officials about transnational repression schemes and similar nation-state actions involving private security.

The National Security Act 2023 received Royal Assent in July 2023. It introduced new measures to strengthen UK national security against espionage, political interference, sabotage, and assassination.

Where espionage is concerned, the act outlines three core offenses: obtaining or disclosing protected information, obtaining or disclosing trade secrets, and assisting a foreign intelligence service. The new offense of foreign interference includes activities carried out for, on behalf of, or to benefit a foreign power.

The act also created two offenses for obtaining material benefits from a foreign intelligence service—either for actually accepting and receiving a benefit or just agreeing to accept but not receiving the benefit. Maximum sentences range from 10 to 14 years.

Sabotage on behalf of a foreign power—including damage to tangible or intangible UK assets such as data—is also included in the act, carrying a sentence of life imprisonment.

While UK security services previously confirmed that state threats predominantly come from China, Iran, and Russia, “the legislation is actor agnostic and you may be liable if you are working for any foreign power where the activity is damaging to the safety or interests of the UK,” the guide said.

To evaluate potential clients, the guide suggested that security professionals ask themselves three main questions:

  1. Is the client based overseas and are they likely to be working for a state?

  2. Has your client failed to provide you with sufficient information as to their identity or organization when requested?

  3. Could the activity they are asking you to carry out fall under any of the behaviors outlined in the National Security Act 2023, such as gathering sensitive information on an individual or national infrastructure?


“If you answer ‘yes’ to one or more of these questions, you should strongly consider whether you take on the contract for that client,” the guide said.

If approached by a suspicious client, security professionals can report it by calling the Anti-Terrorism Hotline or reporting online at gov.uk/ACT.

 

arrow_upward