Landmark legislation targeting hostile state activity on UK soil has received Royal Assent, handing the Home Secretary counter-terrorism style powers to designate foreign state proxies and closing a gap that has left agencies struggling to act against deniable, state-linked threats.
The National Security (State Threats) Bill became law on 8 July, delivering on a government commitment to introduce proscription-like powers following a recent wave of antisemitic attacks. Home Secretary Shabana Mahmood can now designate foreign state organisations and state-linked groups carrying out hostile activity in the UK, from attacks on particular communities and the targeting of dissidents to cyber attacks on critical national infrastructure. Where she judges designation necessary, she is required to act without delay.
The new powers build directly on the National Security Act 2023, which is already being used extensively by police and intelligence agencies. Under the new legislation, it becomes a criminal offence to express support for a designated organisation, and separately an offence to assist or receive payment from one, closing off the routes foreign states have used to hide behind proxies such as organised crime gangs and front companies. Those convicted face up to 14 years in prison. Legitimate diplomatic, humanitarian, journalistic and charitable engagement with designated groups remains protected where a reasonable excuse applies.
Mahmood said the legislation gives police and intelligence agencies “the tools they need to pursue foreign powers and their proxies,” while Sir Ken McCallum, Director General of MI5, pointed to the growing use of “thuggish tactics like arson, sabotage and physical violence” by state actors operating through deniable proxy networks. Assistant Commissioner Laurence Taylor, Head of Counter Terrorism Policing, said the law gives officers and partners “more options” to act against those seeking to harm UK communities and society.
The government points to convictions already secured under the 2023 Act, including Russian proxies Dylan Earl and Jake Reeves for an arson attack on an east London warehouse, and Peter Wai and Chung Biu Yuen for targeting Hong Kongers in the UK, as evidence of the direction this legislation is reinforcing.
For organisations across the defence and critical infrastructure supply chain, the explicit inclusion of cyber attacks on critical national infrastructure within the scope of designated hostile activity is a reminder that state-backed and proxy threats extend well beyond traditional espionage, and that resilience, personnel security and supply chain vetting remain live operational concerns rather than background risk.
This story touches on areas including:
Join our new expanding community at DPRTE.co.uk – our new Defence Community Platform, creating a single, year-round digital hub for the UK’s defence procurement and supply chain sector.