Following Jaguar Land Rover (JLR) extending the shutdown of its global production facilities until at least Wednesday 1 October 2025, following a significant cyberattack, and with government officials describing its resolution as a ‘top priority’, we consider the potential legal considerations for other automotive businesses to consider.
The UK’s largest car manufacturer initially became aware of the attack on 31 August 2025 and took the decision to halt production across all sites from 1 September 2025, since extending the closure further. The financial and operational impact of the incident is considerable. It is estimated that the disruption could result in losses exceeding £3.5 billion. It has also been estimated that up to 250,000 jobs in the supply chain could be affected.
Despite the shutdown, JLR has been able to continue trading thanks to its existing vehicle inventory. This highlights the resilience of the automotive sector, which continues to adapt and operate even amid significant disruption.
Legal considerations for automotive businesses
This incident serves as a timely reminder of the legal and commercial risks posed by cyber threats, particularly in complex supply chains. Key areas for consideration are outlined below.
Data protection: if personal data has been compromised, JLR and its partners may be subject to regulatory scrutiny under the UK GDPR and the Data Protection Act 2018. Businesses should ensure that they have appropriate technical and organisational measures in place. They should also review and test their incident response plans regularly.
Contractual risk: automotive businesses should review whether their current contracts sufficiently address disruptions caused by cyber incidents. The disruption highlights the importance of robust contractual protections, including force majeure clauses, business continuity provisions, and service level agreements.
Employment law: where production halts lead to temporary closures or redundancies, employers should be mindful of their obligations under employment law to help support staff during these challenging times. If government support becomes available, businesses should seek advice on eligibility and implementation.
Supply chain resilience: automotive businesses should assess their vulnerability to risks within their supply chain. Regular communication with suppliers can help to minimise the impact of unexpected disruptions.
If you would like to discuss how your business can strengthen its cyber resilience or review its contractual and employment risk exposure, please get in touch with our automotive team at Birketts. Our dedicated automotive specialists have specific expertise in this area and would be pleased to support you.
Key Contacts
The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article please contact the author in the first instance. Law covered as at September 2025.