Contract award notice
Results of the procurement procedure
Section I: Contracting
entity
I.1) Name and addresses
Department for Transport
London
SW1P 4DR
UK
E-mail: dftc.procurement@dft.gov.uk
NUTS: UKI
Internet address(es)
Main address: www.dft.gov.uk
I.2) Joint procurement
The contract is awarded by a central purchasing body
I.4) Type of the contracting authority
Body governed by public law
I.5) Main activity
Economic and financial affairs
Section II: Object
II.1) Scope of the procurement
II.1.1) Title
Future of Cyber Compliance
II.1.2) Main CPV code
79400000
II.1.3) Type of contract
Services
II.1.4) Short description
Awarded contract to a supplier to undertake a business review of the Cyber Compliance Regulatory and Organisational Requirements
II.1.6) Information about lots
This contract is divided into lots:
No
II.1.7) Total value of the procurement
Value excluding VAT:
346 000.00
GBP
II.2) Description
II.2.3) Place of performance
NUTS code:
UKI
II.2.4) Description of the procurement
This work aims to examine and deliver a set of options that outline the core minimum
capacity and capability needed to provide an effective regulator under NIS for Road,
Rail and Maritime. Regulation of aviation under NIS is out of scope of this project.
This work will need to:
• articulate the duties the regulator will need to fulfill, noting not only the changes
under the Cyber Security & Resilience (NIS) Bill, but the potential for changes to
designation thresholds that may increase the number of regulated operators or
bring future transport sub-sectors into scope.
• examine how other cyber regulators operate and are adapting to legislative
changes and consider the benefits of enforcement delivered through a range of
delivery partners. This may include expanding the remit of other existing
regulators to include cyber security as well as delivering some duties through
commercial partners (such as audits).
II.2.5) Award criteria
Quality criterion: Experience
/ Weighting: 25
Quality criterion: Solutions Methodology
/ Weighting: 25
Quality criterion: Contract Management
/ Weighting: 10
Quality criterion: Social Value
/ Weighting: 10
Quality criterion: Price
/ Weighting: 30
Price
/ Weighting:
70/30
II.2.11) Information about options
Options:
No
II.2.13) Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds:
No
Section IV: Procedure
IV.1) Description
IV.1.1) Type of procedure
Award of a contract without prior publication of a call for competition
Justification for selected award procedure:
The procurement falls outside the scope of application of the Directive
Explanation
Undertaken the procurement via an existing Government Commercial Agency Framework
IV.1.8) Information about Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement:
Yes
Section V: Award of contract
Contract No: TRAI3012
Title: Future of Cyber Compliance
A contract/lot is awarded:
Yes
V.2 Award of contract
V.2.1) Date of conclusion of the contract
14/04/2026
V.2.2) Information about tenders
Number of tenders received: 8
The contract has been awarded to a group of economic operators:
No
V.2.3) Name and address of the contractor
KPMG LLP
London
UK
NUTS: UKI
The contractor is an SME:
No
V.2.4) Information on value of the contract/lot (excluding VAT)
Total value of the contract/lot:
: 346 000.00
GBP
V.2.5) Information about subcontracting
Section VI: Complementary information
VI.4) Procedures for review
VI.5) Date of dispatch of this notice
15/04/2026