Cyber resilience strategy 2025-2030: business and regulatory impact assessment exemption

Business and Regulatory Impact Assessment – Strategic Framework for a Cyber Resilient Scotland – Rationale for Exemption

The Strategic Framework for a Cyber Resilient Scotland aims to enhance Scotland’s digital security and resilience. It focuses on raising awareness of cyber risks, improving cyber resilience across all sectors, securing digital public services and ensuring effective national cyber incident response for the public sector. The framework emphasises collaboration across public, private and third sectors, and will be supported by action plans – to be published after the strategy. The framework promotes embedding cyber resilience into business governance and adopting a secure-by-design approach for future digital services. The framework does not have any specific requirements placed on businesses and no regulatory aspects. The framework simply seeks to promote and amplify good practice and advice issued by the National Cyber Security Centre and through this improve cyber resilience across Scotland.