NCSC invite cyber industry to share views on what makes a responsible cyber actor

Help shape new industry guidelines for responsible cyber intrusion practices - join the Pall Mall Process consultation

The Pall Mall Process is inviting vulnerability researchers, exploit developers, and other stakeholders within the offensive cyber sector to contribute their views as it moves into its next phase focusing on industry guidelines. This private consultation aims to advance transparency, precision, and oversight in the development and deployment of these technologies. Your input will play a critical role in shaping good-practice measures to monitor the commercial cyber intrusion industry and reduce the risk of technology misuse.

What is the Pall Mall Process?

The Pall Mall Process, initiated by the UK and France in 2024, seeks to develop solutions, through an international, multistakeholder approach, which aim to curb the proliferation and irresponsible use of commercial cyber intrusion capabilities. It brings together governments, technology companies, civil society, academia, investors, and offensive cyber firms to define the problem and develop practical solutions.

Commercial cyber intrusion capabilities (CCICs) include:

• vulnerability research
• exploit development
• malware creation
• command and control
• hacking-as-a-service
• access-as-a-service

These services are delivered through complex supply chains or directly to end users, typically law enforcement or intelligence agencies. While these capabilities are essential for national security, their misuse can be destabilising. The Pall Mall Process aims to maximize positive applications while eliminating harmful practices.

In April 2025, stakeholders introduced aCode of Practice for States, signed by 27 countries, setting out principles for responsible engagement. The next phase focuses on creating industry guidelines to complement these state-level commitments.

The UK’s National Cyber Security Centre (NCSC) plays a unique role by providing technical expertise, advising policymakers, and promoting responsible vulnerability handling. Its position within GCHQ enables a balanced perspective on both offensive and defensive operations. The overarching goal is to ensure the market operates with transparency and accountability, protecting digital trust and security.

Opportunity to contribute

Industry guidelines will be critical to bringing greater openness to a sector that has traditionally operated in secrecy. These guidelines aim to define responsible practices and enable collective action against misuse. Stakeholders are encouraged to contribute insights to help shape a market where responsible actors thrive and irresponsible ones are constrained.

Two key objectives for contributions are to – engage with the people building and selling offensive cyber capabilities to better understand market forces and drivers and help shape a market where responsible participants can thrive, whilst stunting actors acting irresponsibly

If you work in this field and would like to contribute, please get in touch with the FCDO. Your insights will be invaluable in shaping a framework that promotes transparency, accountability, and trust.

You can read more about the Pall Mall Industry consultation below: