Government publishes Budget Information Security Review
Government has today published a review with recommendations to protect information security at future fiscal events.
-
Government has carried out a Review of Budget information security in light of the events that occurred in the run up to the 2025 Budget Statement
-
This includes the outcomes and recommendations of the National Cyber Security Centre’s investigation into the publication of the Office for Budget Responsibility’s Economic and fiscal outlook (EFO) and the Cabinet Office’s leak inquiry relating to the 13 November article on income tax in the Financial Times.
-
All recommendations will be implemented in full.
The government has today Monday 9 February published the Budget Information Security Review. The Review has been carried out in light of events that occurred in the run up to the 2025 Budget Statement and includes steps being taken to tighten information security.
The Review includes outcomes and outcomes and recommendations from the National Cyber Security Centre’s investigation into the publication of the Office for Budget Responsibility’s Economic and fiscal outlook (EFO) and the Cabinet Office’s Financial Times leak inquiry.
The principal changes, which will be introduced ahead of Budget 2026, are:
-
A set of mandatory embedded protection actions within the IT systems to restrict the extent to which Budget material can be shared, including across departmental boundaries. Measures will include preventing the sending of attachments; limiting access to named lists and restricting the functionality for those accessing information to print or download; and with the ability to monitor and record access.
-
Linking these protections to the introduction of a new ‘BUDGET - MARKET SENSITIVE’ sensitivity label for the most sensitive categories of Budget and forecast information where HMT and OBR use named lists.
-
Cutting back the numbers of officials who can routinely access the most sensitive information, including on named lists.
-
The March 2026 EFO will be published on the OBR’s behalf by HMT using GOV.UK, which is the platform HMT uses for all its publications, pending a permanent move by the OBR to using the GOV.UK platform for market sensitive publications.
-
HMT and the OBR will work in partnership with The Bank of England to establish a protocol for any future breach in security.
The ‘Macpherson Principles’, which determine which information can and cannot be pre-briefed in public and/or with the media, will continue to apply. The Principles acknowledge that while most Budget information is not market sensitive, the economic and fiscal projections, the fiscal judgement and individual tax rates, reliefs and allowances must not be pre-briefed.
The full Review has been published on gov.uk.