UK Risk Register Adds Democracy and Cyber Risks
If the past few months have felt like a reminder that crises do not arrive one at a time, the government’s latest National Risk Register explains why. After another heatwave and growing concern about AI-assisted cyber crime, ministers have updated the UK’s public list of serious national risks and used it to send a clear message: emergency planning is no longer something for officials alone. In his Annual Resilience Statement to Parliament, Chief Secretary to the Prime Minister Darren Jones said the speed of climate change and the pace of change in artificial intelligence both demand attention. The update is meant to help public bodies, businesses and communities think ahead, rather than wait for the next shock.
It is worth pausing on what the National Risk Register actually is. This is not a prediction sheet and it is not a list of disasters the government says will definitely happen next. It is the public-facing version of the National Security Risk Assessment, designed to help professionals and the wider public think seriously about disruption before it happens. **What this means:** when a risk appears on the register, the government is not saying panic now. It is saying plan now. That distinction matters, because good preparedness is usually quiet, practical and done well before the headlines arrive.
The most attention-grabbing new entry is the risk of interference in the UK’s democratic process. In plain English, that means the government is now treating attempts to distort or improperly influence democratic life as a national resilience issue, not only a political argument. The addition comes just days after ministers announced fresh measures to protect democracy, including tougher checks on company donations and a cap on overseas donations. Read together, those moves show a government trying to frame democratic trust as something that needs active protection, much like energy networks, public health or national infrastructure.
Seven new risks have been added in total. They include cyber attacks on data infrastructure, water infrastructure and police systems, as well as a broader category called digital resilience failure. That last phrase reflects lessons from the CrowdStrike IT outage in July 2024, when one technical failure spread disruption much more widely than many people expected. **Why that matters:** a modern emergency does not always look like a storm or a fire. Sometimes it looks like locked files, failed log-ins, delayed services or a broken chain of digital systems that people rely on every day. The updated register also removes the threat of disruption to Russian gas supplies, with the government saying the UK has reduced its reliance on Russian gas.
The public-facing change that may matter most in daily life is a national awareness campaign due later this year. According to the government, it will build on existing GOV.UK Prepare guidance and encourage households to take small steps before flooding, severe weather or cyber disruption hits. Most European countries already run public preparedness campaigns, so the UK is catching up rather than starting from scratch. For students, teachers and families, the school and college angle is especially important. Ministers say new resources will be created so people of different ages can learn how to stay safe in an emergency and where to find trusted advice. The National Emergencies Trust and the British Red Cross both welcomed that approach, arguing that clearer guidance can help communities respond better and protect people who are most at risk.
There is also a local power question running through this update. Regional mayors are set to be given a more formal role in responding to emergencies, alongside existing bodies such as Local Resilience Forums. The government is consulting on that change through a review of the Civil Contingencies Act 2004, the law that helps organise the UK’s emergency response system. This may sound procedural, but it affects who gets to decide what when time is short. A clearer role for mayors could mean faster coordination across transport, housing, health and emergency services in areas where one council boundary does not reflect how people actually live. It is also a sign that resilience is being treated as a local leadership issue, not just a Whitehall one.
The statement also reaches into defence planning. Under the Home Defence Programme, the UK is preparing for its largest home defence exercise in decades in 2027. The exercise, called Operation ALBISTON SHADOW, will involve ministers and hundreds of officials across government and the public sector in a multi-day test of readiness for hybrid attacks on the UK. Alongside that, classified crisis plans often known as the government’s ‘War Books’ are being updated for the first time since 2004. The exercise will sit alongside NATO’s own CMX27 drill. Armed Forces minister Louise Sandher-Jones argued that this work is needed because the government sees Russia as a direct threat to the UK homeland, not only to NATO’s eastern flank.
Biosecurity remains part of the picture too. Darren Jones said departments are on track to deliver the medium-term commitments in the UK’s 2023 Biological Security Strategy by 2028. That includes a new Pandemic Preparedness Strategy backed by around £1 billion in health protection measures, along with a new Network of National Biosecurity Centres backed by £1.83 billion. Step back, and the lesson from this register is bigger than any single threat. Preparedness now means thinking about elections, data systems, water supplies, heatwaves, public trust and local coordination at the same time. If the government follows through on the public campaign and school resources, this update could do something useful: help more of us see emergency planning not as distant state business, but as a shared civic skill.