Emergencies Are Digital
… and why we need a national digital emergency capability
TL;DR: Emergencies are digital. The evidence from pandemics, natural disasters, and war suggests that successful digital responses depend less on technology than on preparation, governance, trust and operational experience. The UK should treat digital preparedness as a core component of national resilience rather than something assembled in the midst of a crisis.
I have wanted to write this for some time. It stems from my experience during the COVID-19 pandemic, and I hope you hear the voice of that experience. It is, however, intended to have a broader scope and, beyond that, to establish the case for a UK national digital emergency capability.
The response to every major civil emergency seems to reveal the same characteristic weaknesses. Information is incomplete or contradictory and organisations struggle to share their data. Resources cannot easily be located, or directed to where they are most needed. Citizens find it difficult to discover what is happening, what assistance is available, what they should do next, and how they might contribute to mitigation. We generally describe these as failures of communication or coordination, and of course they are, but they often stem from failures of digital capability.
In everyday life, we communicate digitally, access services digitally, monitor infrastructure digitally, navigate physical space digitally. Increasingly decisions are digitally mediated. Yet much of our thinking about emergencies and resilience is rooted in a more physical conception of crisis. We tend to think about stockpiles, emergency services, vehicles, buildings and equipment. These things obviously remain essential, you cannot readily digitally substitute for a flood barrier, an ambulance crew or a functioning electricity grid. But almost every serious emergency response now has a digital component and, increasingly, that component determines the overall effectiveness of the response.
The evidence from recent emergencies is consistent - digital capabilities can materially improve outcomes. During the COVID-19 pandemic, Taiwan drew upon pre-existing digital infrastructure, public-health systems and civic-technology networks to support rapid public communication and service delivery. When concerns emerged about mask availability, digital services appeared quickly because the underlying data and governance arrangements already existed.
Ukraine’s digital resilience has similarly rested on foundations laid before the Russian invasion. The Diia platform, originally developed as a digital-government service, became a mechanism for distributing assistance, maintaining access to public services, reporting damage and supporting displaced citizens. Estonia’s long investment in digital government has proved valuable not merely for efficiency but also for resilience. Japan’s earthquake early-warning systems and New Zealand’s GeoNet monitoring network illustrate the same principle in different contexts. Long-term investments in digital infrastructure, information systems and operational capabilities can become critical assets during periods of disruption.
I am conscious that successful cases attract disproportionate attention, and Taiwan, Estonia and Ukraine are extensively studied because they are widely regarded as successes. We know less about the routine performance of digital emergency capabilities during smaller and less visible events. Nor can successful examples simply be copied. Taiwan’s experience reflects particular social, political and institutional conditions, including strong civic-technology communities and relatively high levels of public trust. Causation is often difficult to establish, digital systems typically operate alongside many other interventions. It is rarely possible to determine precisely how much of a successful outcome should be attributed to technology rather than leadership, resources, public behaviour or institutional competence. None of these caveats, however, undermine the primary argument that digital capabilities are critical to emergency response.
Evidence
We have accumulated evidence from pandemics, earthquakes, floods, industrial accidents, cyber attacks and armed conflict across a range of societies and institutional settings. The details differ but the underlying findings are remarkably consistent.
Preparation. Successful capabilities almost always predate the emergency. Systems embedded in everyday operations prior to a crisis outperform those assembled during one. Technology can often be procured quickly but trust, governance, institutional relationships and operational experience generally cannot.
Interoperability. Emergencies cut across organisational boundaries. Data, decisions and services must flow between organisations that often operate independently in normal circumstances. The most effective responses rely upon common standards, agreed interfaces and established mechanisms for information sharing.
Trust. Citizens will not use services they do not trust, nor act on information they do not believe. Trust is often discussed as a cultural phenomenon but it is also an engineering and governance challenge. Transparency, accountability, privacy protections and clear communication all influence effectiveness. A technically elegant solution that lacks public trust is usually an operational failure. It needs to be said, however, that public trust and the voice of the more ideological privacy advocates do not always coincide.
Inclusion. Emergency services that assume universal digital access systematically exclude parts of the population. Older people, vulnerable groups, those with disabilities, rural communities and those with limited digital skills are often precisely those most in need of assistance. Research on emergency cash-transfer programmes during COVID-19 found that mature digital infrastructure enabled assistance to reach citizens more rapidly, but the most successful systems also retained non-digital channels for those unable to access digital services.
Experience. Emergency response is a practical discipline. Systems must be exercised and organisations must understand their roles. Procedures must be tested under realistic conditions. Technologies frequently fail not because they are defective but because organisations have never practised using them under pressure.
One of the most instructive examples comes from the Fukushima nuclear accident in 2011. Japan possessed a radiation-dispersion modelling system, SPEEDI, developed specifically to support nuclear emergencies. The software functioned as intended, yet information was delayed because responsibilities were unclear and outputs were not effectively integrated into operational decision-making. The broader capability did not function as intended.
The same lesson appears elsewhere. Social-media platforms proved invaluable during disasters such as Hurricane Harvey, helping communities coordinate rescue activities when formal channels were overwhelmed. Yet success depended not merely on the existence of the platforms but on the communities, relationships and practices that had developed around them. Drone technologies have repeatedly demonstrated value in damage assessment, search and rescue, infrastructure inspection and the delivery of supplies. Yet effectiveness depends heavily on operator skills, regulatory arrangements and integration with emergency services. In short, digital emergency preparedness is as much about institutional capability as technology.
Foundations
Preparedness does not require a bespoke solution for every conceivable emergency.
The UK National Risk Register catalogues a diverse set of risks: pandemic disease, flooding, industrial accidents, terrorism, cyber attacks on critical infrastructure, major infrastructure failure, severe space weather, and so on. The scenarios differ enormously but many of the digital capabilities required to address them are remarkably similar. All require some combination of public communication, situational awareness, resource allocation, service access, identity management, information sharing and operational coordination.
The technologies may differ at the margins, but the underlying capabilities are often the same. Preparedness should therefore be understood less as a collection of emergency-specific systems and more as a portfolio of reusable assets.
Some of these assets are technical: common data architectures, interoperable platforms, mapping and geospatial services, sensor-integration frameworks, secure communications, identity and access-management systems and mechanisms for rapidly creating citizen-facing services. Others are organisational: governance arrangements, procurement frameworks, data-sharing agreements, relationships with critical suppliers and established operating procedures. Still others are human: skills, experience, institutional knowledge and professional networks.
Security, ethics and public trust cut across all three categories. Emergency systems become particularly attractive targets during periods of disruption. Difficult questions concerning privacy, proportionality and the use of personal data inevitably arise. These issues are far easier to address before an emergency than during one.
Digital preparedness should resemble other forms of civil preparedness. We do not maintain separate capabilities for each emergency type; rather, we maintain adaptable capabilities that can be deployed in different circumstances. The same principle should apply to digital emergency response.
Lessons
My own experience during the COVID-19 pandemic is wholly consistent with these observations. I was involved in work on what became the NHS contact-tracing app. Reflecting, the challenge was not principally technological, despite the novel engineering involved and the pace at which it was undertaken.
Teams had to be assembled and governance arrangements established. Procurement was accelerated, security assessed and data-sharing arrangements set in place. Relationships were created, or at any rate crudely assembled, between organisations that had not previously worked together. Important decisions were taken under intense public scrutiny and considerable time pressure. The programme demonstrated both what can be achieved during a crisis and the limitations of creating and deploying capability simultaneously. The app ultimately helped reduce transmission and save lives, but much of what was required could, and should, already have existed. We improvised successfully in many areas, however, we should not mistake successful improvisation for preparedness.
Preparedness
We tend to think of emergencies primarily as physical events; increasingly, they are also information events. Misinformation, rumours, speculation, and uncertainty can trigger unintended behaviours. Social media enables communities and volunteers to organise rapidly, but can also amplify confusion. The World Health Organisation’s adoption of the concept of an ‘infodemic’ reflects its recognition that information environments can directly influence emergency outcomes.
The lesson is, obviously, not that governments should control information even were that possible. It is that trusted channels, established relationships and the ability to communicate clearly and quickly are themselves components of preparedness. This is likely to become more important rather than less. AI may improve our ability to analyse information and identify emerging problems. Equally, it is set to increase the volume and sophistication of misinformation. Whatever the balance ultimately proves to be, information environment management can no longer be treated as a peripheral activity. The digital capabilities that support it are vital.
Emergency response increasingly depends upon privately owned infrastructure. Cloud providers, satellite operators, telecommunications companies, mapping providers, software companies and social-media platforms all play operational roles during crises. This is not inherently problematic, and governments benefit enormously from private-sector capability and innovation. It does, however, create new dependencies. Critical elements of emergency response increasingly rely on organisations whose governance, incentives and accountability arrangements differ from those of the state. We need to catch up with the challenges this presents.
Ukraine provides perhaps the clearest illustration. Satellite communications have become a critical component of national resilience. Cloud providers supported continuity of government systems. Private technology firms contributed cyber-defence capabilities and operational support. A different lesson came from the Apple/Google Exposure Notification API, shaped by their commercial interests, which effectively dictated the architecture of contact-tracing applications internationally and demonstrated the influence that private technology firms can exert during emergencies.
Capability
The UK would benefit from a standing national digital emergency capability. This would not be another emergency-response organisation sitting alongside existing responders. We already possess extensive operational emergency capabilities; the gap lies in the digital foundations that increasingly support them.
The objective would not be to build a bespoke digital system for every scenario in the National Risk Register. That would be impractical and largely unnecessary. The evidence suggests that many emergencies rely upon a common set of underlying capabilities assembled in different ways. A UK capability would steward, maintain and exercise the reusable assets on which emergency response increasingly depends. It could maintain shared digital infrastructure such as secure communications, mapping and geospatial services, situational-awareness platforms, citizen-facing service capabilities, identity-management systems and frameworks for integrating information from multiple sources.
It could also maintain the less visible but equally important foundations of effective response: reference architectures, interoperability standards, data-sharing frameworks, procurement mechanisms, framework contracts, supplier relationships, security-assurance processes, privacy protections, ethical guidelines and governance arrangements.
A standing network of specialists drawn from government, industry, academia and the voluntary sector could preserve skills, relationships and institutional memory between emergencies. The objective would not simply be to retain expertise but to ensure that people who may need to work together during a crisis already know one another and understand the relevant frameworks.
The capability would support training, exercises and professional development. Research shows that technologies often fail, not because they are defective but because organisations have never practised using them under realistic conditions. Exercises should therefore test not only systems but governance, communication, organisational coordination, private-sector dependencies and decision-making under pressure.
Security would be treated as a core design principle rather than an afterthought. Emergency systems become especially attractive targets during periods of disruption. Architectures, contracts, operational procedures and exercises would therefore incorporate security from the outset.
The National Risk Register does not ‘predict’ the future; rather, it identifies plausible futures. Some of the emergencies it describes will never occur but others almost certainly will. A UK national digital emergency capability could ensure that, whatever emergency occurs, the digital foundations of the response already exist.
Conclusion
Resilience is rarely created at the moment it is needed. It is accumulated over time through investment, preparation, practice and institutional memory. We understand this instinctively when it comes to flood defences, emergency services and critical infrastructure. The digital capabilities that increasingly underpin emergency response should be treated no differently.
The argument here is not about technology but rather about preparedness. Communication, coordination, information management and service delivery increasingly depend upon digital capabilities. As those functions become more digital, so too does resilience. Our goal should be to ensure that, whatever form an emergency takes, the capabilities on which an effective response can be built already exist.
The National Risk Register (NRR) is not fit for the purpose being proposed. It is essentially a laundry list of discrete risks and emergency scenarios. It focuses on acute, emergent crises but pays insufficient attention to chronic, long-term, systemic risks. More fundamentally, it does not take a systems view.
The NRR largely treats separate risks as separate entities. It does not adequately consider cascading effects across interconnected systems, nor does it account for the fact that risks can amplify, reinforce, or even mitigate one another. For example, major public disorder triggered by a single catalytic event—such as a high-profile violent crime away from London committed by a rogue immigrant—may itself catalyse a cascade and increase vulnerability to a wide range of other risks through both the disorder and the public-sector response to it.
More seriously still, we know that complex systems can exhibit spontaneous instabilities that generate emergent catastrophic risks without any obvious single trigger. It is called a loss of stability as underlying parameters move slowly (even imperceptibly). Equally important is the phenomenon of hysteresis, a concept that many politicians and media commentators seem ignorant of, or unwilling to consider. Once a system has been displaced from its previous equilibrium, simply removing the original trigger does not guarantee a return to the status quo. Recovery is neither automatic nor rapid. National systems can be forced onto entirely new trajectories from which return may be difficult or impossible in the short or medium term.
For a fuller discussion, see:
https://www.semanticscholar.org/paper/The-National-Risk-Register-2023%3A-some-reasoned-Grindrod-Bowman/4162a6c05fce9619236e65e78fb0389c09190e20
Or, more recently:
https://www.mdpi.com/3042-6448/2/2/10
The insight highlighted by Professor Serious is both a new threat and a new opportunity.
Digital technologies have dynamically interconnected almost everything, with everything mediated by automated embedded connections, public behaviour, and social media.
As a consequence, the traditional silo-based approach to risk management—an approach embedded within the NRR largely for the purpose of allocating response leadership—has become even more inadequate and inappropriate. Yet the same connectivity also creates new opportunities for intervention.
One of the central challenges is that scientific and technical issues can no longer be separated from wider social and political processes. Social networks, political narratives, conspiracy theories, misinformation, international actors, and algorithmically driven communication systems are now integral components of the risk environment itself. The extreme right is highly networked internationally (see the Springer paper below), but the phenomenon is much broader than any one political movement.
We have already seen UK governments responding to pressure originating outside the country—for example, interventions from J.D. Vance (recently on two-tier policing), or Elon Musk's role in forcing a reversal of the Government's initial resistance to a national inquiry into child grooming gangs (for fear of highlighting the cultural and ethnic background of perpetrators). Whether one agrees with these interventions is beside the point. I don't. The point is, though, that such influences now exist and have become structurally significant.
They are amplified by the prosumer phenomenon underpinning news, opinion, and communications on the internet. The Government is always behind the curve. I severely doubt that, in any future COVID-style emergency, the public would be so compliant with lockdowns, school closures, or business bailouts after Hallett.
Poor framing of fundamental problems creates a vacuum into which external commentators can step. When governments fail to establish a coherent narrative, others will do so for them.
Indeed, the Prime Minister's succession of policy reversals—fifteen U-turns in fifteen months—suggests a striking absence of any strategic grip (who knew?). In such circumstances, digital interconnectivity becomes a threat if leaders, domain owners, and policymakers remain trapped within a silo mentality.
Conversely, digital connectivity is also an opportunity.
Government could adopt a systems perspective, reframe its understanding of risk (both emergencies and chronic risks), and take a more active role in shaping digital civic discourse. This is a recognition that governance within the digital era requires active and open engagement with the environments in which public opinion, social cohesion, and political legitimacy are now formed.
Unfortunately, traditional institutions that once mediated public understanding have lost much of their authority and integrity (they are often blind or in denial). The BBC's fact-checking operations, for example, no longer command any trust (post-Panorama), while the broader information ecosystem is increasingly fragmented.
The question, therefore, is how to stimulate and respond to a genuinely national conversation among citizens who can vote but who are no longer effectively represented, informed, or served by the dominant digital media and communications platforms. The response is important: this is not just more consultation, soundings, or focus groups to be selectively quoted from and patronised. It is to recognise that this is where the action actually is. It is not in the technical, economic, or government spheres alone. Decisions can be emotionally driven and not amenable to rational thinking or common sense. When the herd moves, it moves.
What is required is the emergence of a novel national digital emergency capability: a means of coordinating coherent, cross-government responses to multi-causal, interconnected, and potentially catastrophic events. We need to be on the front foot, not going back to every ball bowled and then finding ourselves stranded LBW.
Such a capability would recognise that modern crises rarely respect departmental or silo boundaries and that effective intervention increasingly depends upon understanding the dynamics of digitally connected systems.
The need for such a capability is becoming urgent. It should be developed as soon as possible.
Specifically in the UK, wouldn’t one of the problems be that there isn’t yet a recognised and trusted digital identity? What happened to the government’s announced commitment to a digital ID?
As usual it’s not just a technology problem!