Terms and Conditions

Terms and Conditions

This page (taken with the documents and pages it refers to) tells you the terms of use (the “Terms and Conditions”) which you agree to when you use the www.ncsc.gov.uk website, certain websites operated by or on behalf of NCSC under which we provide online services (including those described below as the Online Services) and the content made available on those websites (together the “Websites").

General terms of use

By using the Websites, you indicate that you accept these Terms and Conditions and that you agree to abide by them. If you do not agree to these Terms and Conditions, please refrain from using the Websites.

You agree to use the Websites only for lawful purposes and in a manner that does not infringe the rights of, or restrict or inhibit the use and enjoyment of, the Websites by any third party. Additionally, you must not misuse the Websites by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to the Websites, the server(s) on which they are stored, or any server, computer or database connected to the Websites. You must not attack the Websites via a denial-of-service attack or a distributed denial-of-service attack. Any breach of this provision may be reported to the relevant law enforcement authorities and where necessary we will co-operate with those authorities by disclosing your identity to them.

Use of content

Intended use of advice and guidance

The National Cyber Security Centre (the “NCSC”) provides advice and assistance on cyber security in support of the Government of the United Kingdom, the armed forces of the Crown, and other persons and organisations, in each case in accordance with its functions under the Intelligence Services Act 1994. Unless otherwise indicated, the advice and guidance material hosted on the Websites is provided and intended for use by this audience, and is published on the Websites in order that the intended recipients can have easy access to the material.

Crown copyright

The material on the Websites is, unless stated otherwise, subject to Crown copyright. Unless we indicate that certain Crown copyright content may be available for use under a different arrangement, you may use or reuse the content published on the Websites without prior permission but must adhere to and accept the terms of the Open Government Licence for public sector information. You must acknowledge the source of the content and include a link to the Open Government Licence wherever possible. Authorisation to reproduce a third party’s copyright material must be obtained from the copyright holders concerned.


You are not permitted to use logos displayed on the Websites under the terms of the Open Government Licence, and so requests for permission to use logos should be directed to the Enquiries team using the Contact Us form. Please tell us how and why you wish to use the logo, and include your name, address, telephone and fax numbers and your email address with your request.


The NCSC encourages users to establish hypertext links to the Websites, however we don’t give you permission to suggest that your website is associated with, or endorsed by, the NCSC.

Where the Websites contain links to other websites then these links are provided for your information only. Unless explicitly stated, linking should not be taken as endorsement of any kind. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them. Where third parties reproduce our information on websites or applications, those websites or applications may use versions of our information that has been edited or cached. The most up-to-date version of our information will always be that available on the Websites. We don’t provide any guarantees, conditions or warranties as to the accuracy of any such third-party products and do not accept liability for loss or damage incurred by users of such third-party products under any circumstances.

Virus Protection

Whilst we check and test material at all stages of production, you must take your own precautions to ensure that the processes which you employ for accessing the Websites do not expose you to the risk of viruses, malicious computer code or other forms of interference which may damage your own computer system. It is always wise for you to run an antivirus program on all material downloaded from the Internet. We cannot accept any responsibility for any loss, disruption or damage to your data or your computer system which may occur whilst using material derived from the Websites.

The NCSC blog

The NCSC is the UK’s authority on cyber security. We will use this blog to share insights with our customers on our work and our thoughts on key issues in the world of cyber security. Our blog participation and moderation guidelines set out how you can participate with this blog and how it will be moderated by the NCSC Communications team.

Participation and moderation guidelines

When posting comments, please observe our participation guidelines:

  • Be respectful of others who use the Websites.
  • Stay on topic.
  • Do not use language that is offensive, inflammatory or provocative (this includes, but is not limited to, swearing and obscene or vulgar comments).
  • Do not break the law (this includes libel, condoning illegal activity and contempt of court).
  • Do not use the Websites for party-political purposes (as these are paid for with public money so it’s inappropriate to engage in party-political activity).
  • Please do not post personal information in comments such as addresses, phone numbers, e-mail addresses or other online contact details, which may relate to you or other individuals.
  • Do not impersonate or falsely claim to represent a person or an organisation.
  • Do not attempt to log on using another user’s account.
  • Do not commercially endorse or promote any product, service or publication not relevant to the discussion.
  • If you are aged 16 or under, please get the permission of your parent or guardian before participating.

Blog comments are pre-moderated to check they comply with the NCSC blog participation guidelines above. If comments don’t comply they will not be published.

How we evaluate comments:

  • Is this comment on topic, does it add value to the discussion and can the NCSC answer publicly? If so, we’ll post a timely response within 48 hours.
  • Is this person asking for information or detail relating to another NCSC service e.g. is it a general customer query? If so, we’ll provide the user with the correct contact details so that they can re-submit the query through the correct front door.
  • Does this comment raise an issue with NCSC content? If so we'll contact the NCSC team responsible for fixing the content or issue and tell the user this has been done.
  • Is this comment a rant at the NCSC venting frustration or anger? If so, we will not publish the post but we will monitor and discuss with the digital team first, referring to the participation guidelines.

Privacy statement

We collect and process information about you in accordance with our Privacy Policy and our Cookie Policy. By using the Websites, you agree to us collecting such information and confirm that any data provided by you is accurate.

The privacy statement only covers the Websites and does not cover links within the Websites to other websites not operated by or on behalf of NCSC.


The NCSC does not provide any guarantees, conditions or warranties as to the accuracy of the information on the Websites. We do not warrant that the functions contained in the material on the Websites will be uninterrupted or error free, that defects will be corrected, or that the Websites or the server(s) that make them available are free of viruses or represent the full functionality, accuracy and reliability of the material.

In addition, the advice and guidance material made available on the Websites is not mandatory, is provided on an “as is” basis without warranty as to its accuracy or suitability, is not intended to cover all scenarios and is not tailored to a particular set of facts or circumstances, or a specific organisation or individual. You should seek to ensure that you obtain specific advice that is tailored to their particular facts or circumstances. As such, the NCSC shall not be liable for loss or damage that may come from use of the Websites including:

  • any direct, indirect or consequential losses; and/or
  • any loss or damage caused by civil wrongs (‘tort’, including negligence), breach of contract or otherwise.

This applies if the loss or damage was foreseeable, arose in the normal course of things or you advised the NCSC that it might happen.

This includes (but is not limited to) loss of:

  • income or revenue;
  • salary, benefits or other payments;
  • business;
  • profit or contracts;
  • opportunity;
  • anticipated savings;
  • data;
  • goodwill;
  • tangible property; and/or
  • intangible property, including loss corruption or damage to any computer system.

It also includes wasted management or office time and loss or damage incurred in connection with the use, inability to use, or results of the use of the Websites, any websites linked to them and any materials posted on them.

This does not affect our liability for death or personal injury arising from our negligence, nor our liability for fraudulent misrepresentation, nor any other liability which cannot be excluded or limited under applicable law. 


NCSC may elect to have any claims or disputes with you resolved by way of confidential arbitration in front of a single arbitrator who shall be a Queen’s Counsel agreed by the parties or, failing agreement, appointed by the chairman of the Commercial Bar Association.

Governing Law

These Terms and Conditions shall be governed by and construed in accordance with the laws of England and Wales. Subject to the above paragraph ‘Disputes’, any dispute arising under these Terms and Conditions or your use of the Websites (whether it be contractual or non-contractual), will be subject to the exclusive jurisdiction of the courts of England and Wales.

Freedom of Information

The Freedom of Information Act 2000 (“FOIA”) allows members of the public to request access to information held by certain public authorities. In legal terms, the NCSC (being a part of GCHQ) is not subject to FOIA, and therefore will not process FOIA requests. For further information on FOIA please refer to the Information Commissioner's Office.


There may be legal notices elsewhere on the Websites that relate to how you use the site.

We’re not liable if we fail to comply with these terms and conditions because of circumstances beyond our reasonable control.

We might decide not to exercise or enforce any right available to us under these terms and conditions. We can always decide to exercise or enforce that right at a later date.

Doing this once will not mean we automatically waive the right on any other occasion.

If any of these terms and conditions are held to be invalid, unenforceable or illegal for any reason, the remaining terms and conditions will still apply.

Revisions to these terms

We may at any time revise these Terms and Conditions without notice. Please check these Terms and Conditions regularly, as continued use of the Websites after a change has been made is your acceptance of the change. You’ll agree to any changes if you continue to use the Websites after the Terms and Conditions have been updated.

This page was last updated on 1st November 2018.

Additional terms applicable to certain online services 

Where you sign up to use any of the online services listed below (the “Online Services”), the provision and use of the Online Services will be governed by the following supplementary terms in addition to the rest of these Terms and Conditions.

Web Check – Additional Terms:

  • In providing Web Check, NCSC intends to perform precise testing and minimise the volume of traffic it will send to websites. Web Check will indicate what, if anything, is known to NCSC about vulnerabilities and/or suboptimal configurations that affect the websites in question. NCSC will use information from a range of sources in order to provide Web Check, and as those sources are liable to change on a frequent basis, the result of each query that is provided by NCSC must only be considered valid at the time it is provided.
  • You are responsible for analysing the results of queries to inform a risk-based decision on your usage of websites, and you accept that use of Web Check does not guarantee the absence of security-related issues or the secure operation of the websites. Additionally, NCSC can only provide results based on such information as it holds at the relevant time, and it makes no warranty or representation as to the accuracy, completeness or fitness for purpose of such information, or that Web Check will be uninterrupted or error free. Accordingly, results to queries are provided on an “as is” basis.
  • You warrant and represent that you are authorised to run security tests on the websites that you initiate Web Check on, and that the provision of Web Check will not infringe any third-party rights. 

Exercise in a Box (‘EiaB’) – Additional Terms:

General Terms

  1. EiaB provides users with a variety of “simulation” and “table top” cyber security exercises that are designed to test the user’s mitigation and response abilities, and provide an indicator of overall maturity.
  2. Under the “simulation” exercise, users may download an HTML file which is intended to imitate the ability of hosted malicious software to communicate across the internet. The exercise is designed to test the user’s ability to locate the file on their internet-facing ICT systems. NCSC has taken reasonable efforts to ensure that running the HTML file should have no adverse effect on user’s ICT systems and will make the HTML file’s source code available to all users. Further information about what this HTML file does can be found on the website alongside the simulator itself. We encourage you to review the simulator’s HTML file/ source code before deciding to run it on your system as you retain sole responsibility for deciding whether to deploy the file on your ICT systems.
  3. Under the “table top” exercises, NCSC will provide users with realistic but hypothetical and non-exhaustive scenarios (such as cyber-attacks), which are designed to test users’ decision-making processes and prompt discussion.
  4. Upon completion of the exercises, users will be prompted to complete a questionnaire, which will be made available to the user and retained by NCSC for trends analysis purposes.
  5. The materials provided to you by us as a result of your access to and use of EiaB (the “EiaB Materials”) may be updated by us periodically. We recommend that you periodically check to see whether the EiaB Materials that you are using are the latest versions.
  6. We both agree that, at each of our own expense, we will separately ensure that we comply with and assist the other party to comply with the requirements of all legislation and regulatory requirements in force from time to time relating to the use of personal data and the privacy of electronic communications, including (i) the Data Protection Act 2018 and any successor UK legislation, as well as (ii) the General Data Protection Regulation ((EU) 2016/679) (as applicable) and any other directly applicable European Union regulation relating to data protection and privacy (for so long as and to the extent that the law of the European Union has legal effect in the UK).

    Intellectual Property Rights
  7. The EiaB Materials are copyright of the Crown. The EiaB Materials are licenced to you on the following basis:
    a. You may use EiaB Materials internally within your organisation as far as is reasonably necessary for you to successfully deliver the EiaB exercises within your organisation and to assess and improve your cyber security practices (the ‘Purpose’).
    b. Where you reasonably deem necessary, you may share the EiaB Materials with your third-party suppliers and advisors who require access to the EiaB Materials for you to fulfil the Purpose. You must make such third-parties aware of the terms of this licence, make sure that they do not onwardly disclose the EiaB Materials, and ensure that following conclusion of their involvement in the Purpose, they do not retain copies of or access to any of the EiaB Materials.
    c. You may print out the EiaB Materials.
    d. You must not modify the paper or digital copies of any EiaB Materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text.
    e. Our status (and that of any identified contributors) as the authors of the EiaB Materials must always be acknowledged.
    f. You must not use any part of the EiaB Materials for commercial purpose.
  8. Where you submit written responses to us as part of the EiaB exercises (the ‘Submissions’), you grant us a non-exclusive, worldwide, royalty-free, transferable, perpetual, and irrevocable licence to use, re-use, copy, adapt, and modify the Submissions for any purpose.