Security Intelligence

Security for Government Affairs and Lobbying Professionals | UK and EU

Q: "What personal security risks do government affairs professionals face that are distinct from general corporate security?"

"Government affairs and lobbying professionals face three specific risks that most corporate professionals do not. First, their identities, employer names, and areas of policy interest are typically public record on one or more mandatory registers (the UK Register of Consultant Lobbyists, the EU Transparency Register, FARA in the US), which creates an easily searchable map of who is influencing whom on which subjects. Foreign intelligence services use this public data as a planning tool for targeting operations. Second, their work brings them into regular contact with elected politicians and senior civil servants, which makes them targets for surveillance by parties who want to understand the relationship between specific commercial interests and policy outcomes. Third, if they work on behalf of foreign government-linked organisations, they may face criminal liability under the UK Foreign Influence Registration Scheme or equivalent legislation -- a direct personal legal risk that is new as of 2023."

Q: "What does the UK Foreign Influence Registration Scheme require of government affairs professionals?"

"The Foreign Influence Registration Scheme (FIRS) was introduced under Part 4 of the National Security Act 2023 and creates two registration obligations. The Political Influence Tier requires registration by any person or organisation carrying out political influence activities -- broadly, communications with UK politicians, political parties, or government officials intended to influence a political decision or political opinion -- if directed by a specified foreign government or its close affiliates. The Enhanced Tier requires registration for a wider range of activities (not limited to political influence) if directed by a specified foreign power. Failure to register when required is a criminal offence carrying up to five years imprisonment. For government affairs professionals who work on behalf of foreign state-linked clients -- sovereign wealth funds, state-owned enterprises, foreign government advisory bodies -- an assessment of whether registration is required is a legal obligation, not a compliance option."

Q: "How do foreign intelligence services target government affairs professionals?"

"MI5's annual threat reporting and the NCSC's guidance on hostile state activity both document the targeting of individuals who work at the interface of commercial interests and government policy. The specific interest is intelligence collection: mapping which commercial organisations have relationships with which politicians and officials, identifying who can be approached for information or influence, and assessing the relationship between business interests and policy positions. The methodology includes cultivation at industry events (parliamentary lobbying receptions, policy conferences, party conferences) where casual social contact with lobbyists is a standard format, elicitation of policy information through apparently innocent professional conversation, and in some cases direct approach to a lobbyist with a proposal to provide information in exchange for access or introductions. The risk is not limited to lobbyists working explicitly on defence or security-adjacent policy; commercial policy (trade, technology regulation, financial services) is of substantial interest to foreign intelligence services operating economic collection programmes."

Q: "What are the security considerations for meetings in parliamentary settings?"

"The Palace of Westminster and Portcullis House operate a tiered access control system: Members' Pass holders (MPs and Peers) have unrestricted access; research and support staff with passes have defined access; visitors require a sponsor and are subject to screening and escorted access. Lobbying receptions held on the parliamentary estate -- a common format for government affairs work -- take place in a setting where access has been validated by a Member sponsor, but the guest list for the event itself may not be vetted at the same standard as the estate's general access controls. The physical security of the parliamentary estate is managed by the Parliamentary Security Department (PSD) with Metropolitan Police support. For meetings of a sensitive or commercially confidential nature, the parliamentary estate is not a secure environment for the discussion in the way that a properly swept and access-controlled private meeting room would be. Sensitive commercial discussions with elected officials or civil servants are better held in a controlled private venue."

Q: "What digital security requirements apply to government affairs briefing documents?"

"Government affairs professionals routinely handle documents that are extremely sensitive in commercial and political terms: draft policy briefings for submission to ministers, responses to consultation documents before they are public, pre-budget analysis shared with officials, and internal strategic documents that map a client's policy priorities and relationships. These documents are valuable intelligence targets for commercial competitors, hostile foreign states, and investigative journalists. The baseline digital security requirements are: full-disk encryption on all devices, end-to-end encrypted communications for sensitive document sharing, role-based access controls on internal systems, and a clear policy on what documents should not be transmitted electronically at all. The NCSC Cyber Essentials scheme provides the foundation controls. For professionals working on behalf of clients in sensitive sectors (defence, critical national infrastructure, financial services, healthcare), the NCSC's additional guidance for sectors of high intelligence interest applies directly."

Government affairs professionals are named on public registers, targeted by foreign intelligence services, and operate in physically controlled parliamentary environments. James Whitfield on lobbying security.

7 min 7 May 2026

Written by James Whitfield — Senior Security Consultant

Speak to the Team

The government affairs and lobbying sector operates at the intersection of commercial interests and political decision-making. This makes the professionals who work in it both valuable as intelligence targets and visible – by design and by legal requirement – in a way that most corporate professionals are not.

James Whitfield, Senior Security Consultant, has worked with government affairs agencies, in-house public affairs teams, and political consultancies on security programmes that address the specific risks of their operating environment. The consistent observation is that lobbying and government affairs firms – focused on political intelligence and client relationships – apply considerably less attention to their own operational security than to the political intelligence they gather and sell.

The public register problem

The UK Register of Consultant Lobbyists, established under the Transparency of Lobbying, Non-Party Campaigning and Trade Union Administration Act 2014, requires consultant lobbyists (those who lobby on behalf of third-party clients, not in-house lobbyists) to register with the Registrar of Consultant Lobbyists. The register is public and names individual lobbyists, their clients, and the general subject areas of their lobbying activities.

The EU Transparency Register, operated jointly by the European Parliament, the Commission, and the Council of the EU since 2022, is similarly public and covers approximately 13,000 registered organisations. Individual lobbyist names are included.

FARA (the Foreign Agents Registration Act, 22 U.S.C. § 611-621) in the United States requires agents of foreign principals to register with the Department of Justice. Registration documents – including contracts, financial details, and descriptions of activities – are public record. The DOJ’s enforcement of FARA has accelerated significantly since 2017, and prosecutions under FARA (Paul Manafort, 2018; Imaad Zuberi, 2020; others) have raised the profile of the criminal liability dimension.

The combined effect of these registers is that a foreign intelligence service, an investigative journalist, or a commercial competitor can generate a detailed map of which lobbying firms are working for which clients on which policy areas by reading public records alone. This is an intelligence asset made available by law. Government affairs professionals should understand what is in the public record about their firm and clients and should conduct their work in the knowledge that this record is being read.

Foreign Influence Registration Scheme

The UK National Security Act 2023, Part 4, introduced the Foreign Influence Registration Scheme (FIRS). The scheme creates two registration tiers with different thresholds.

The Political Influence Tier requires registration of activities that communicate with, or are intended to influence, a UK Member of Parliament, a member of the House of Lords, political parties, or government officials – where those activities are directed by a foreign government or a foreign government-linked entity specified by the Secretary of State.

The Enhanced Tier requires registration of a broader range of activities (including non-political activities such as procurement, procurement strategy, and business operations) if directed by a specified foreign power.

Failure to register when required is a criminal offence carrying up to five years imprisonment for Political Influence Tier violations and up to 10 years for Enhanced Tier. The scheme is enforced by the Security Service (MI5) and prosecuted through the Crown Prosecution Service.

For government affairs professionals and public affairs agencies with foreign government-linked clients – sovereign wealth funds, state-owned enterprises, foreign government ministries, or organisations controlled by foreign states – an assessment of whether FIRS registration is required is a legal obligation that must be conducted before work begins, not a retrospective compliance exercise. The Ministry of Justice and the Home Office have published guidance, but the determination for any specific client relationship requires legal advice.

Foreign intelligence targeting

MI5’s Annual Report for 2024 continued the pattern of recent years in identifying specific professional sectors as targets for foreign intelligence service collection operations. Government affairs professionals – particularly those working on policy areas of strategic interest to foreign states (energy, financial services, technology regulation, defence procurement, trade policy) – are identified as a target group.

The methodology documented by MI5 and in NCSC guidance for high-profile individuals is primarily social engineering rather than technical intrusion: cultivation at professional events, elicitation through apparently innocent professional conversations, and direct approach with offers that blend legitimate professional interest with intelligence collection intent.

Party conferences – the annual Conservative, Labour, Liberal Democrat, and SNP conferences in the UK – are environments where this methodology is particularly prevalent. They are open to a large number of registered attendees, feature extensive informal social programming, and concentrate senior politicians, civil servants, special advisers, and government affairs professionals in the same venue for several days. NCSC and MI5 have both issued specific guidance for conference-going professionals in sectors of intelligence interest.

The appropriate response is information discipline in social settings: not disclosing unpublished client strategy, not confirming or denying client relationships beyond what the public register requires, and being alert to the pattern of elicitation – a conversation that consistently circles back to questions about access, relationships, or unpublished positions.

Parliamentary estate security

Meetings on the parliamentary estate – in constituency offices, in Portcullis House, or at events in the Palace of Westminster – take place in a physically controlled environment with extensive CCTV, police presence, and access control. This should not be confused with a secure environment for sensitive commercial discussions.

The estate is a high-footfall, politically visible environment. Meetings in Members’ offices are attended by parliamentary staff who were not party to the meeting’s purpose. Lobbying receptions in the dining rooms or banqueting rooms of the Palace are observed by staff across multiple employer relationships. The Westminster estate is appropriate for relationship maintenance and general policy discussions. It is not appropriate for conversations involving unpublished client strategy, commercially sensitive financial information, or the kind of detailed briefing material that constitutes the core product of a government affairs firm.

Sensitive commercial discussions with politicians or officials are better held in a controlled private office environment where the guest list, the physical access, and the technical environment can be managed.

For the election campaign and political candidate security framework that covers the physical personal security dimension of working in the political environment, see our security for elections and political campaigns guide. For the security framework applicable to political fundraising events – where government affairs professionals and major donors interact in a setting with similar counter-intelligence considerations – see our security for political fundraising and donor events guide.

Sources:

National Security Act 2023, Part 4 (FIRS). HMSO. Transparency of Lobbying, Non-Party Campaigning and Trade Union Administration Act 2014. HMSO. Foreign Agents Registration Act, 22 U.S.C. §§ 611-621. DOJ. MI5: Annual Threat Update 2024. Director General’s Statement. NCSC: Guidance for High-Profile Individuals and Organisations at Foreign Intelligence Risk. 2024. EU Transparency Register: Annual Report 2024. Brussels. DOJ: FARA Enforcement Actions 2022-2024. Parliament Security Department: Parliamentary Estate Access and Security. 2024. NCSC: Cyber Essentials Scheme. 2024. Control Risks: Political Risk and Intelligence Targeting of Lobbying Sector. 2025.

James Whitfield is a Senior Security Consultant with experience in personal security for high-profile individuals, counter-intelligence awareness, and security programme design for professional services firms.

Summary

Key takeaways

Public lobbying registers create a searchable intelligence asset for foreign states

The UK Register of Consultant Lobbyists, the EU Transparency Register, and FARA in the US publish individual lobbyist names, employers, and client areas. This is an adversarial intelligence resource as well as a transparency mechanism. Government affairs professionals should be conscious that their public profile on these registers maps their relationships and areas of influence.

The Foreign Influence Registration Scheme creates personal criminal liability from 2024

Under the National Security Act 2023, government affairs professionals working on behalf of foreign government-linked organisations may have a legal obligation to register political influence activities under FIRS. Failure to register is a criminal offence. Assessment of registration requirements is a mandatory legal step, not an optional compliance review.

Party conferences and parliamentary receptions are documented foreign intelligence collection venues

MI5 and NCSC reporting identifies party conferences, lobbying receptions, and policy events as specific environments where foreign intelligence services conduct elicitation operations against government affairs professionals and political advisers. Social and professional conversations in these settings should be conducted with the same information discipline applied to sensitive client environments.

Sensitive commercial discussions do not belong on the parliamentary estate

The Palace of Westminster is a high-footfall, politically sensitive environment that is not a secure venue for commercially confidential discussions. Private meeting rooms with access control and no shared infrastructure are the appropriate venue for sensitive discussions involving client strategy, unpublished policy positions, or commercially sensitive information.

Briefing document security requires active controls, not reliance on NDAs

Policy briefings, consultation responses, and strategic documents that map a client's political relationships are high-value intelligence targets. Full-disk encryption, end-to-end encrypted transmission, and role-based access controls are technical requirements, not optional improvements.

FAQ

Frequently Asked Questions

Government affairs and lobbying professionals face three specific risks that most corporate professionals do not. First, their identities, employer names, and areas of policy interest are typically public record on one or more mandatory registers (the UK Register of Consultant Lobbyists, the EU Transparency Register, FARA in the US), which creates an easily searchable map of who is influencing whom on which subjects. Foreign intelligence services use this public data as a planning tool for targeting operations. Second, their work brings them into regular contact with elected politicians and senior civil servants, which makes them targets for surveillance by parties who want to understand the relationship between specific commercial interests and policy outcomes. Third, if they work on behalf of foreign government-linked organisations, they may face criminal liability under the UK Foreign Influence Registration Scheme or equivalent legislation – a direct personal legal risk that is new as of 2023.

The Foreign Influence Registration Scheme (FIRS) was introduced under Part 4 of the National Security Act 2023 and creates two registration obligations. The Political Influence Tier requires registration by any person or organisation carrying out political influence activities – broadly, communications with UK politicians, political parties, or government officials intended to influence a political decision or political opinion – if directed by a specified foreign government or its close affiliates. The Enhanced Tier requires registration for a wider range of activities (not limited to political influence) if directed by a specified foreign power. Failure to register when required is a criminal offence carrying up to five years imprisonment. For government affairs professionals who work on behalf of foreign state-linked clients – sovereign wealth funds, state-owned enterprises, foreign government advisory bodies – an assessment of whether registration is required is a legal obligation, not a compliance option.

MI5’s annual threat reporting and the NCSC’s guidance on hostile state activity both document the targeting of individuals who work at the interface of commercial interests and government policy. The specific interest is intelligence collection: mapping which commercial organisations have relationships with which politicians and officials, identifying who can be approached for information or influence, and assessing the relationship between business interests and policy positions. The methodology includes cultivation at industry events (parliamentary lobbying receptions, policy conferences, party conferences) where casual social contact with lobbyists is a standard format, elicitation of policy information through apparently innocent professional conversation, and in some cases direct approach to a lobbyist with a proposal to provide information in exchange for access or introductions. The risk is not limited to lobbyists working explicitly on defence or security-adjacent policy; commercial policy (trade, technology regulation, financial services) is of substantial interest to foreign intelligence services operating economic collection programmes.

The Palace of Westminster and Portcullis House operate a tiered access control system: Members’ Pass holders (MPs and Peers) have unrestricted access; research and support staff with passes have defined access; visitors require a sponsor and are subject to screening and escorted access. Lobbying receptions held on the parliamentary estate – a common format for government affairs work – take place in a setting where access has been validated by a Member sponsor, but the guest list for the event itself may not be vetted at the same standard as the estate’s general access controls. The physical security of the parliamentary estate is managed by the Parliamentary Security Department (PSD) with Metropolitan Police support. For meetings of a sensitive or commercially confidential nature, the parliamentary estate is not a secure environment for the discussion in the way that a properly swept and access-controlled private meeting room would be. Sensitive commercial discussions with elected officials or civil servants are better held in a controlled private venue.

Government affairs professionals routinely handle documents that are extremely sensitive in commercial and political terms: draft policy briefings for submission to ministers, responses to consultation documents before they are public, pre-budget analysis shared with officials, and internal strategic documents that map a client’s policy priorities and relationships. These documents are valuable intelligence targets for commercial competitors, hostile foreign states, and investigative journalists. The baseline digital security requirements are: full-disk encryption on all devices, end-to-end encrypted communications for sensitive document sharing, role-based access controls on internal systems, and a clear policy on what documents should not be transmitted electronically at all. The NCSC Cyber Essentials scheme provides the foundation controls. For professionals working on behalf of clients in sensitive sectors (defence, critical national infrastructure, financial services, healthcare), the NCSC’s additional guidance for sectors of high intelligence interest applies directly.

Get in Touch

Request a Consultation

Describe your security requirements below. All enquiries are confidential and handled by licensed consultants.