6. May 2026

UK Public Sector Business Continuity Contracting: A 10 Year Shift

Over the past decade, business continuity requirements in UK public sector contracts have shifted from plan lead compliance to evidence driven resilience managed through the contract itself. Ten years ago, continuity was often treated as a supporting schedule or a supplier assurance point. Now, in high value, complex and critical public services, buyers are far more likely to expect clear proof of continuity capability, tested recovery arrangements, supply chain visibility, financial resilience, alignment with cyber and security requirements and performance evidence that can be tracked and reported

What has changed?

1. From “having a plan” to “proving the plan works”

Modern Crown Commercial Service and Model Services style clauses ask for much more than a Business Continuity and Disaster Recovery plan on file. They typically require defined content, risk analysis, business impact analysis, alignment with the buyer’s own plans, data recovery arrangements, regular review, annual testing, test reports, remediation activity and further testing where gaps are found.

2. From supplier only continuity to whole service continuity

Current requirements put far greater weight on dependencies. That includes related suppliers, subcontractors, supply chain failure, insolvency risk and the way a supplier’s arrangements fit with the buyer’s wider continuity planning. The direction of travel is clear: the focus has moved away from isolated supplier plans and towards resilience across the whole service.

3. From operational disruption to strategic resilience

The UK Government Resilience Framework and later organisational resilience guidance broadened the conversation. Instead of looking only at immediate response and recovery, the emphasis now includes prevention, preparation, adaptation, management of interdependencies, assurance and learning. In that context, business continuity is no longer seen on its own. It sits within a wider resilience model that also covers risk, cyber and security, safety, crisis management, supply chains and recovery.

4. From “best endeavours” to performance transparency

The Procurement Act 2023 has given measurable contract performance greater importance. For many public contracts above £5 million, contracting authorities must set at least three key performance indicators unless there is a good reason not to, publish KPI information, assess performance at least once a year and publish performance data. That makes weak performance harder to hide and more likely to affect future exclusion decisions.

5. From lowest cost outsourcing to risk aware sourcing

The post Carillion Outsourcing Playbook, now the Sourcing Playbook, changed the commercial stance. It introduced, or strongly reinforced, expectations around market health checks, delivery model assessment, should cost modelling, risk allocation, supplier financial standing checks and resolution planning for critical public service contracts. The point is simple: continuity risk is now considered before award, during delivery and at exit, not only after something has gone wrong.

6. From contractual rigidity to continuity preserving pragmatism

COVID 19 exposed the limits of treating service continuity as nothing more than a contractual enforcement issue. PPN 04/20 encouraged contracting authorities to work with suppliers, use transition planning, maintain cash flow where necessary for critical services, record decisions and avoid transferring risk and cost in ways that could increase the chance of contract failure.

Timeline of the shift

2015 to 2018: Procurement policy focused heavily on transparency, payment performance, open book management, cyber assurance and supply chain visibility. These were not labelled as business continuity measures, but they helped create the commercial conditions for stronger oversight of supplier resilience.

2019: The Outsourcing Playbook marked a major reset after Carillion. It raised expectations around risk allocation, supplier financial standing and resolution planning for critical services.

2020 to 2021: COVID 19 shifted attention away from narrow contractual compliance and towards continuity of supply, supplier viability, open book transparency and transition planning.

2022 to 2025: National and organisational resilience guidance recast continuity as part of a broader resilience system, with more emphasis on assurance, interdependencies, recovery and renewal.

2025 to 2026: Implementation of the Procurement Act and updated sourcing guidance increased the importance of measurable performance, published KPIs, standard contracts and stronger contract management discipline.

What does this means for suppliers

Suppliers bidding for UK public sector work should expect business continuity to be tested as a commercial, operational and governance issue. Strong bids will usually need to show tested plans, credible recovery objectives, mapped dependencies, resilient subcontracting arrangements, sound cyber and data recovery controls, financial stress triggers, incident escalation routes, lessons learned and clear measures for continuity performance.

What does this means for buyers

Buyers should move beyond boilerplate continuity clauses. A stronger approach is to define the continuity outcomes that matter most, tie them to critical services, use proportionate KPIs, require evidence based testing, map key dependencies and make sure continuity obligations continue through transition, exit and supplier distress.

Assumptions challenged

Not every public contract has changed to the same extent. The clearest evidence comes from central government, Crown Commercial Service frameworks, high value or complex services and contracts for critical services. Local procurements and lower value arrangements still vary in maturity.

Business continuity has not disappeared in favour of operational resilience. Instead, it has been folded into a broader resilience model that covers risk, cyber and security, supply chain risk, crisis response, recovery and adaptation.

A written plan on its own is no longer enough. Current contract clauses and guidance point towards a need for evidence of: reviews, testing, reporting, assurance and continuous improvement.

The signal from UK public sector buyers is now clear: resilience is no longer just a supporting document. It is becoming a measurable, testable and commercially managed obligation across the life of the contract.

If this reflects the direction you are seeing in public sector procurement, I would welcome your perspective. How are you approaching business continuity, resilience and contract performance in practice? If you feel you may need some help in regard to this subject, please reach out.

Back

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is mandatory

This field is mandatory

This field is mandatory

There was an error submitting your message. Please try again.

Security Check

Invalid Captcha code. Try again.

©Copyright. All rights reserved.

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.