On Oct. 27, 2025, UK GVT issued instrument Data Protection Act 2018 (Qualifying Competent Authorities) Regulations 2025 (StIn 2025/1128) and memorandum.
These regulations will become effective on Nov. 17, 2025.
On Jul. 7, UK GVT issued rules on qualifying competent authorities.
UK GVT published the draft statutory instrument Data protection act 2018 (qualifying competent authorities) regulations 2025, with explanatory memorandum.
Purpose
Enables closer operational working to safeguard national security this instrument specifies which competent authorities can be regarded as qualifying competent authorities under section 82(2A) of the Data protection act 2018 (DPA 2018).
Qualifying competent authorities will be able to apply, with at least one intelligence service, for a designation notice from secretary of state, to jointly process personal data under Pt 4 of DPA 2018, where it is required for safeguarding national security.
Effectiveness
Regulations come into force on the 21st day after the day on which they are made.
In force on Nov. 17, 2025.
Oct. 2025 Finalized Statutory Instrument
On Oct. 27, 2025, UK GVT issued instrument Data Protection Act 2018 (Qualifying Competent Authorities) Regulations 2025 (StIn 2025/1128) and memorandum.
These regulations will become effective on Nov. 17, 2025.
