Andrew Cormack

Chief regulatory adviser

My blog posts

Europe Wants Patches

The Proposal for a Regulation on Cybersecurity Requirements, recently published by the European Commission, significantly raises the profile of... >>

Future of Cyber Risk podcast

A few weeks ago I was invited to contribute to Team Cymru’s Future of Cyber Risk podcast. As I hope is apparent from the resulting recording, it was... >>

Regulatory developments blog


My role is to keep Jisc, its members and customers informed about the legal, policy and security issues around networks, networked services and data.

Over the past twenty years there have been many new laws relevant to Jisc’s services, from the Regulation of Investigatory Powers Act to the General Data Protection Regulation (GDPR). As Jisc innovates in its use of technology and data, we also need to lead understanding of how laws can guide the development of those activities.

Our experience of how technology works in large-scale practice also lets us contribute to the development of new laws - for example on defamation, criminal content and data protection - to make them more effective in protecting people, data and systems.


Previously I ran the JANET-CERT and EuroCERT incident response teams.

Media coverage

A year to get your act together: how universities and colleges should be preparing for new data regulations
FE News, August 2017

Preparing for the GDPR
University Business, December 2016