The Investigatory Powers (Amendment) Bill would make changes to the Investigatory Powers Act 2016. The 2016 act provides a framework for the use of investigatory powers by the security and intelligence agencies, law enforcement and other public authorities. This includes the power to obtain and retain communications. It also created the post of investigatory powers commissioner and includes a number of safeguards for the use of such investigatory powers, including a two-stage procedure for obtaining authorisations.

Following reviews of the 2016 act, the government stated that the legislation needed updating in light of international issues and rapid technological change. It said that these issues were affecting the ability of agencies to protect the public against serious crime and terrorism. The bill proposes changes including:

  • creating a new condition for the use of internet connection records to aid ‘target detection’
  • introducing an alternative, less stringent regulatory regime for the retention and examination of bulk personal datasets where individuals have little or no expectation of privacy (such as publicly available online telephone directories)
  • a new notification requirement which can be issued to selected telecommunications operators requiring them to inform the government of proposed changes to their products or services that could negatively impact the current ability of agencies to lawfully access data

Concerns have been raised by campaigners and tech companies about the possible impact of the changes proposed. In particular, some major tech companies (such as Meta and Apple) have warned that the new notification requirement may force them to withdraw services from the UK if it unduly impacts their ability to innovate and introduce new security features. Civil liberties groups have also raised general concerns about the breadth of the investigatory powers regime and the impact on privacy.


Related posts

  • Cyber Security and Resilience (Network and Information Systems) Bill: HL Bill 32 of 2026–27

    The Cyber Security and Resilience (Network and Information Systems) Bill is a government bill intended to strengthen the cyber security of organisations in the UK that provide essential services, such as healthcare, drinking water and energy. It would amend the Network and Information Systems (NIS) Regulations 2018 to include additional sectors and update incident reporting duties. It would also confer powers on the secretary of state to amend the legislation and issue directions to organisations when necessary for national security. The bill is scheduled for its second reading in the House of Lords on 14 July 2026.

    Cyber Security and Resilience (Network and Information Systems) Bill: HL Bill 32 of 2026–27
  • National Security (State Threats) Bill: HL Bill 35 of 2026–27

    The National Security (State Threats) Bill would create new powers for the home secretary to designate bodies engaged in state threat activity, equivalent to the proscription of terrorist organisations under the Terrorism Act 2000. The bill would create three new offences associated with designation of supporting, assisting, or receiving material benefit from a designated body. These offences would carry sentences of up to 14 years’ imprisonment.

    National Security (State Threats) Bill: HL Bill 35 of 2026–27
  • Threats to UK democracy: Disinformation, foreign interference and declining public trust

    Social media and other technologies have made it easier, quicker and cheaper for foreign powers to spread false information online aimed at undermining UK democracy. Such disinformation campaigns are one type of interference operation. In parallel, researchers have noted a link between declining public trust and societal polarisation, which can be exacerbated by online discourse. This briefing provides introductory reading to these issues, including recent reports and government announcements.

    Threats to UK democracy: Disinformation, foreign interference and declining public trust