President Trump’s Cyber Strategy: Cross-Sector Implications For U.S. And UK Businesses

The Trump Administration’s new Cyber Strategy for America outlines the Administration’s cybersecurity posture through six pillars that build on prior federal approaches. The strategy emphasises strengthening protection of critical infrastructure across sectors including energy, finance, water, health care, and telecommunications. It builds on existing federal agency actions, which assuredly will expand in the months ahead. It also prioritises maintaining U.S. leadership in emerging technologies like AI, quantum computing, and blockchain, while using diplomacy to coordinate cybersecurity measures globally, particularly with allies such as the U.K.

On the horizon: increased federal agency activity and scrutiny

The Administration has been extremely active on the cybersecurity front, and the Cyber Strategy appears to be the Administration’s attempt to provide a cohesive and comprehensive outline of its cybersecurity approach. More broadly, the Cyber Strategy clearly signals that the federal government is prepared to use every tool to address the risks that cyber-attacks pose to the country’s national and economic security. It also, in a first, calls for greater public-private collaboration and information-sharing, as well as a more aggressive approach to bad actors in the digital realm.

Looking ahead, expect federal agencies to engage in more cyber-related rulemaking and enforcement activity, such as the U.S. Department of Energy’s (DOE) more granular Cybersecurity, Energy Security, and Emergency Response (CESER) Strategic Plan or the U.S Department of Justice’s (DOJ) Civil-Cyber Fraud Initiative. In addition, companies operating in one of the sixteen critical infrastructure sectors should monitor for updates regarding the rulemaking initiated pursuant to CISA’s Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). After lengthy delays, CISA appears poised to advance this rulemaking.

Cross‑sector implications for business

Communications, telecommunications, and connectivity‑dependent industries

For companies in the telecom and connectivity-dependent sectors, expect a continued federal focus on network security and supply chain risk, even as agencies roll back some of the prior requirements.

Specifically, the Federal Communications Commission (FCC) is expanding efforts to block equipment and services, viewed as national security threats. Recent actions include blocking devices from entering the U.S. market, initiating a proceeding on expanding the list of covered categories to include connected car technologies, investigating entities already on the covered list, and prohibiting Bad Labs, owned or controlled by foreign entities, from testing and certifying devices as safe to enter the U.S. market. These actions signify a move towards adoption of robust oversight mechanisms to identify and counteract potential security vulnerabilities within the communications supply chain.

In addition, the FCC recently expanded its Covered List to include new, foreign-produced consumer routers. That means that such items can no longer be imported, marketed, or sold in the U.S. This strategy likely will be used to target other technologies that federal officials believe may undermine cybersecurity, while also aligning with the Trump Administration’s efforts to bring manufacturing onshore.

Any changes in FCC enforcement are likely to involve the agency’s Council on National Security, which was established in early 2025. This group’s stated purpose is to use the FCC’s regulatory and enforcement powers to protect American interests and counter foreign adversaries, with China mentioned by name.

However, the U.S. Supreme Court currently is reviewing whether the FCC may impose civil forfeitures through administrative proceedings or must seek them in federal court with a jury trial. If the Court affirms a Fifth Circuit decision, the FCC could lose its ability to impose civil forfeitures directly, forcing greater reliance on DOJ litigation and reshaping enforcement across the Communications Act.

Data centres, power grid-connected assets, and digital infrastructure

The Cyber Strategy for America plan identifies data centres as a focal point for federal cybersecurity efforts, given their importance in the growth of AI and the sensitive information they house. Data centres present a physical infrastructure security challenge, as well as a cybersecurity one. Their security depends upon grid reliability and energy policy as well as cyber defence.

Under the strategic plan, the federal government aims to identify, prioritise, and strengthen the security of the nation’s critical infrastructure and supply chains, including defence-related systems and associated private-sector partners. This effort spans key sectors such as energy, finance, telecommunications, data centres, water utilities, and hospitals, with a focus on securing both information and operational technology supply chains.

The Trump Administration is seeking to reduce reliance on adversary-linked vendors by promoting U.S.-based technologies and solutions. The Administration sees state, local, tribal, and territorial governments in a complementary role, rather than replacing national cybersecurity initiatives.

But while the Administration has staked out a pro-data centre position, a number of states have introduced legislation to slow the growth of data centres. These concerns principally centre around such issues as increased electricity and water prices, CO2 and methane emissions, and a lack of noise abatement.

Earlier this month, Florida signed into law stricter new requirements for data centre development. The new law requires data centre projects to fully cover the costs of their energy consumption, without passing on higher prices to consumers. The law also protects the rights of local governments to reject data centre projects and allows water management districts to deny permits if a data centre development would threaten the local water supply.

On 14 to 15 May, the FCC’s Public Safety and Homeland Security Bureau will host cybersecurity workshops for broadcasters and telecommunications carriers, which will provide additional guidance.

The Federal Energy Regulatory Commission (FERC) also will likely play a key implementation role. The agency is responsible for overseeing the reliability of the nation’s interstate bulk power system and it approves and enforces federal standards, including those related to cybersecurity. The North American Electric Reliability Corporation (NERC), an industry organisation that FERC has designated to develop those standards, will be at the forefront of efforts to explore new cybersecurity requirements.

Work is already underway at NERC to assess whether new or modified regulations are needed to mitigate reliability risks related to data centres and other large load interconnections. Whether this initial work translates into new cybersecurity rules – rather than remaining centred on operational and planning risks – is an open question.

Nuclear and emerging technologies

In March and April 2026, the Nuclear Regulatory Commission (NRC) finalised a new regulatory framework (Part 53) for advanced reactors – its first major update in over 30 years. The new regulations include specific cyber requirements demanding protection proportional to the facility's risk level. The new Part 53 regulations require applicants to define, detect, and mitigate cyberattacks on safety-related digital systems.

The NRC also has drafted new rules specifically directed at microreactors, and it has announced new procedures designed to dramatically reduce permitting timelines. With 2024’s ADVANCE Act paving the way for small modular reactors, new technology could be employed to support data centres and energy resilience. However, it will undoubtedly require additional federal regulatory oversight, the details of which are yet to be determined.

Government systems, national security, and information sharing

Administration officials hope to accelerate the deployment of emerging technology on federal networks, including artificial intelligence, post-quantum cryptography (designed to be effective against future, high-powered quantum computers that are not yet in service), and AI-enabled cybersecurity tools. As part of its accelerated deployment goals, the Administration is also looking for ways to improve and expedite the procurement process.

In addition, the Trump Administration’s Cyber Strategy advocates for the nation to take an offensive approach to cybersecurity, with federal response teams actively seeking out and eliminating potential cyber threats. This is a shift from the country’s traditional defensive position, and likely would receive push-back from the UK and other allies.

Expect Information Sharing and Analysis Centres (ISACs) to take on an increasingly vital role as a practical compliance and risk‑mitigation tool. By sharing timely indicators, tactics, and mitigation strategies, ISACs help members identify and address risks that align with NIST‑based risk management expectations under FISMA and agency guidance.

UK and EU perspective: transatlantic cyber alignment

Cybersecurity is truly a global pursuit. Bad actors do not respect international borders, and threats often originate from outside the U.S. The Trump Administration’s Cyber Strategy opens the door for compelling strategic alliances in cybersecurity. Data centre development and critical infrastructure protection are areas where U.S., UK, and EU officials have similar mutually beneficial goals.

However, even amongst friendly nations, cyber compliance (and coordination) is becoming more complex. Multinational organisations will increasingly need to navigate different cyber security regulations between nations as well as different priorities for each local regulator. In addition, the UK, like many other countries, is insisting on digital sovereignty and data localisation. The combined effect is that multinationals may need to run country-by-country cyber security and compliance regimes, rather than applying a single global approach.

Looking ahead

The Trump Administration’s Cyber Strategy for America is a directional signal, not the final word. However, it indicates the Administration’s more aggressive framing of cybersecurity as a core national security and economic priority.

The details will be forthcoming, but companies can expect expanded agency-level activity, closer scrutiny of critical infrastructure and supply chains, and growing expectations for private-sector compliance.

For businesses operating across regulated and technology‑dependent sectors, the message is clear: cybersecurity obligations will continue to evolve, intersect with national defence priorities, and demand sustained attention to compliance, risk management, and cross‑border coordination.

Key takeaways

• Monitor agency specific cyber actions, not just White House policy statements.
• Reassess cyber risk through a cross-sector lens (energy, data, communications interdependencies).
• Prepare for shorter permitting timelines and accelerated infrastructure development bringing new cyber obligations.
• Evaluate participation in information sharing frameworks (e.g., ISACs) as part of governance and resilience strategy.
• For multinationals, align U.S. and UK cyber compliance efforts where feasible.
• Emphasise initiative-taking planning rather than reactive compliance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.