Amid the ongoing focus on the resiliency of companies' IT systems and the increasing popularity of cloud based solutions, two UK bodies have published updates to their security guidance.

The UK’s National Cyber Security Centre ("NCSC") has updated its cloud security guidance to support organisations in migrating their services and sensitive data into the cloud, including the addition of a new section on selecting the appropriate cloud provider for a business's security needs.

Meanwhile, the Department for Digital, Culture, Media & Sport ("DCMS") has published a consultation seeking views on proposals to improve the privacy and security of app stores and apps, with proposals including a 'world-first' code of practice to ensure there are minimum privacy and security levels required for app store developers and operators.

The above initiatives present further examples of the Government trying to balance the need for innovation against the security and safety of the data and material being processed. Takeaway points from the NCSC guidance include that an organisation is responsible for selecting a cloud provider that aligns with its security requirements, and that an organisation's use of the service can undermine how secure content is in the cloud.

Feedback on the DCMS' proposals can be submitted until 29 June 2022. In particular, the Government has highlighted that it is also eager to gain views in relation to feedback and review processes developers have experienced whilst creating apps on various app stores. Following receipt of feedback, the Government has suggested the code might be published this year.

Meta has shared access to Open Pretrained Transformer (OPT-175B), a language model with 175 billion parameters trained on publicly available data sets. In releasing the model, Meta has acknowledged that the previous restrictions on access have limited researchers' ability to understand how and why these large language models work, which in turn has hindered progress on efforts to improve their robustness. The model has now been released under a non-commercial licence to focus on research use cases, with access granted to academic researchers; those affiliated with organisations in government, civil society, and academia; and industry research laboratories around the world, with the aim of mitigating known issues such as bias and toxicity.

The trending language model is a programme that generates text and mimics human conversation. However, it also contains flaws by generating misinformation, parroting, and toxic language. Making the fully trained model and code required to train and use the model available, displays Meta's desire to emphasise not only the importance of performance of the large language model but the responsibility to remove harmful behaviours. The availability of this AI is not without risk and concerns have been raised that the model may generate harmful content as researchers build on top of it. It is hoped that this concern can be mitigated with more exposure of the model to the tech community with an aim of researchers learning from it, flaws and all.

The Department for Digital, Culture, Media & Sport ("DCMS") has published a Policy Paper outlining the UK Government's expectations of what open-interface solutions, such as Open RAN, should possess in order to deliver on the UK’s 5G Supply Chain Diversification Strategy. The principles outlined in the Policy Paper are consistent with the Prague Proposals on Telecommunications Supplier Diversity which the UK and other governments supported in 2021.

The UK consumers are increasingly using more and more sophisticated tech products, from open banking applications on mobile phones, to connected vehicles and homes. All of these solutions rely on the instant and reliable transmission of significant volumes of data over mobile networks and this in turn has led to a need for the mobile networks to continue to develop and innovate resilient networks to be able to support such solutions. The DCMS has identified the mobile radio access networks ("RAN") as the area where the need for innovation is most acute, particularly because the most critical infrastructure of modern UK networks is being built out using only two vendors. The development of open-interface solutions, such as Open RAN, could support vendor diversification and the promotion of new entrants to the market by encouraging greater interoperability between the different elements of RAN and an open, transparent and inclusive approach to developing standards and protecting intellectual property. These principles will be seen as a welcome development for most developers of tech products that use the mobile networks and potential new entrants to the market, but their implementation will require a shift in thinking for the major vendors of RAN elements. In particular, these providers will need to consider their IP development, protection and procurement strategies to allow their products to interoperate with elements provided by other suppliers.

Cloud contracts are notoriously tricky to negotiate as suppliers often reject changes as a result of their 'one-to-many' model. As mentioned above, more companies are turning to the cloud to realise their digital transformation goals. As a result, we have created our 5 key considerations for cloud contracting guide to help you plan for and navigate the potential pitfalls in your cloud transformation projects.