No formal response published by this government.

No formal response published by this government.

The government agrees with the need to continually improve its approach to risk assessment as the basis for the entire system of preparedness and resilience.

The government’s principal framework for risk assessment is the National Security Risk Assessment (NSRA). The NSRA is a classified assessment of the most significant risks to the UK over the medium term (next two to five years). It is used as a tool for planning by government departments and Local Resilience Forums. The Inquiry recognised that significant changes have been made to the NSRA following the pandemic, including in response to an external review by the Royal Academy of Engineering in 2021. Most significantly, the NSRA has moved to a dynamic assessment process, with risks updated several times a year in response to changes to the risk landscape or new evidence. The government also published the most transparent public-facing version of the NSRA, the National Risk Register (NRR), in August 2023. The NRR provided more information from the NSRA than ever before, containing information for risk practitioners, academics, and private and voluntary sector organisations who might benefit from this information but who do not have access to the classified NSRA. This information provided by the government enables them to assess how the risks might affect their organisations and interests, and to carry out resilience planning.

The government agrees that risk assessment and planning should not be based in isolation on a single reasonable worst-case scenario. Cabinet Office guidance mandates departments to generate multiple and varied scenarios when assessing the impact of risks. Where different manifestations of risks may require significantly different planning or response requirements, these are presented separately in the NSRA. To go further, the government will reference variations and additional scenarios more prominently in future updates to the NSRA, considering where these could be tested through national exercises. The government believes that a plausible yet challenging reasonable worst-case scenario is the appropriate benchmark for developing generic response capabilities, which can be deployed for any type or number of risks, although departments consider many variations of scenarios at the planning stage.

The UK government continues to work closely with the devolved governments to collectively strengthen approaches to risk assessment across the UK. All NSRA data is shared across the four nations, and devolved governments are involved in methodology reviews.

The NSRA is supported by more detailed risk assessments produced by government departments and agencies, which cover the range of each kind of risk in more granular detail. For example, the UKHSA Health Security Risk Assessment (HSRA) is using an adapted version of the NSRA methodology to explore a greater variety of health hazards, with multiple different planning assumptions, including mitigated scenarios.

The government agrees that it is important to consider prevention and mitigation of an emergency as part of risk assessment. It will make changes to the NSRA over the course of 2025 to present the assumptions that underpin risk assessments more explicitly and consistently in future versions by strengthening departmental guidance and factoring this into the scenarios.

The government recognises that multiple risks can compound and/or cascade, amplifying their individual and collective impacts. In 2023, the Cabinet Office included an analysis of linked risks in the NSRA. These are risks that may cause or increase the likelihood of another, or risks that would have significantly greater impacts if they manifested concurrently. The government is developing a “digital NSRA” platform to visualise how risks interconnect. This is already in use by ministers and senior officials to support planning and preparation for civil contingencies, and will be rolled out more widely to departments over the course of 2025 and 2026.

The government agrees that assessing the impact of risks on vulnerable groups is critical to improving the resilience of the whole of society. The NSRA methodology includes a specific impact category on vulnerable people. The Cabinet Office issued new guidance to departments in October 2024 to improve consideration of the disproportionate impacts risks may have on different groups across a full spectrum of vulnerability. In 2025 the Cabinet Office will also work with the NSRA expert group on vulnerable people to consider further ways to improve the quality of assessment in this area.

The government has also strengthened its approach to the assessment of long-term risks. The government has established a new process for identifying and assessing more continuous and enduring challenges - chronic risks - that erode elements of our economy, society, way of life and/or national security, in recognition of their different planning, preparation and response requirements compared to acute risks in the NSRA. Examples include antimicrobial resistance, climate change and serious and organised crime. This complements the government’s assessments of acute risks identified and assessed through the NSRA and NRR. This work has been developed in consultation with government departments, Chief Scientific Advisors, external academics and experts. A number of key chronic risks have been identified and assessed and this work will support the government to enhance a shared view of the longer-term challenges facing the UK. This classified assessment has now been shared across government, helping departments to consider interactions between acute and chronic risks, to be updated as new evidence emerges. A public-facing version will be published soon.

The government agrees that risk assessment must be connected to strategy and planning. It will implement, by 2026, the further recommendation from the Royal Academy of Engineering’s 2021 NSRA methodology report to pilot an alternative approach to risk assessment that considers preparedness for risks, rather than on the likelihood of risks occurring.

[IN PROGRESS] National Risk Register updated January 2025 with dynamic assessment model. Risk Vulnerability Tool developed for analyzing societal vulnerabilities. NSRA methodology review beginning late 2025. Expert advisory panels established for constructive challenge.