Finding files in Windows hasn’t always been that easy but now that’s changed with the new search feature from CoPilot. This short video explains how to use it and then you’ll wonder how you lived without it!

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Protect your sensitive conversations with WhatsApp’s Chat Lock feature, adding an extra layer of security and privacy to your chats.

– Open the chat you want to lock by tapping on it.
– Tap the three dots (⋮) at the top right of the chat screen.
– Select “Lock Chat” to move the conversation to a protected folder.
– Access locked chats using your device’s authentication (fingerprint, face recognition, or passcode) or a secret code.

This feature ensures that confidential business discussions remain protected and accessible only to authorised individuals.

New EU rules on who can access and share data from connected products and cloud services are now live, with major implications for UK firms selling into the bloc.

What Is the EU Data Act?

The EU Data Act is a sweeping piece of digital legislation designed to reshape how data is accessed, shared, and transferred across the European Union. Proposed in February 2022 and adopted in late 2023, it formally came into force on 11 January 2024. Its main provisions, however, only became applicable from 12 September 2025, marking a major shift in Europe’s digital policy landscape.

The Focus

The law’s focus is on non-personal data, particularly that generated by connected devices, such as smart fridges, cars, factory machinery, wearable tech (and suchlike), and the digital services linked to them. It aims to ensure that users, whether individuals or businesses, can access the data generated by their devices and services, and share it with third parties, if they choose.

Its introduction forms part of the EU’s wider strategy to build a fair, innovative, and competitive data economy. It also addresses longstanding concerns over vendor lock-in, contractual imbalances, and a lack of transparency, especially in the cloud computing market.

Why the EU Introduced It

The European Commission has made clear its ambition to create a “single market for data.” With the rapid expansion of the Internet of Things (IoT), vast volumes of data are being produced but often remain locked within platforms controlled by manufacturers or service providers.

EU Commissioner Thierry Breton described the regulation as “a landmark in Europe’s digital decade,” saying it would ensure that “data is fairly shared, stored, and used, and that users have access to the value they help create.”

According to Commission estimates, the volume of industrial data in the EU is expected to increase fivefold between 2018 and 2030. The aim is to open up this data to support innovation across sectors, particularly for small businesses and the public sector.

Who It Applies To and Why UK Businesses Should Pay Attention

Although the Data Act is EU legislation, it has extraterritorial effect, i.e. UK companies can still fall within its scope if they:

– Sell connected products or provide related digital services to users in the EU.

– Offer cloud, edge, or data processing services (such as SaaS, PaaS, or IaaS) to EU-based customers.

– Hold or process non-personal data generated by EU users.

In short, any UK business that interacts with EU clients through connected products or cloud services may need to comply.

Which Are Affected Sectors?

The affected sectors are broad and include:

– Manufacturing (especially smart machinery and industrial equipment).

– Agriculture (IoT-enabled farming tools).

– Transport and logistics (connected vehicles, telematics/vehicle data tracking).

– Consumer tech (smart home devices, wearables).

– Cloud and SaaS providers.

– Facility and building management (smart meters, BMS systems).

What Just Came into Force on 12 September 2025?

From 12 September, many of the Act’s central provisions are now legally applicable across the EU, including:

– The right to access data. Users of connected devices, whether consumers or businesses, can request access to the data those products generate, free of charge and in a usable format.

– The right to share data. Users can also request that their data be shared with a third party of their choice, such as an independent repair provider or external analytics service.

– Fair contract rules. Contracts involving data access or sharing must not include unfair terms. The burden of proof lies with the data holder, who must demonstrate that the terms are fair and non-discriminatory.

– Cloud switching rights. Providers of data processing services must allow customers to switch to another provider more easily. This includes setting out clear porting terms and providing transparency around fees and procedures.

More Dates to Watch

While 12 September 2025 marks the beginning of formal obligations, businesses should also take note of two other key upcoming milestones:

– 12 September 2026. All new connected products placed on the EU market from this date must be designed to enable user access to the data they generate. This introduces a new “data access by design” requirement.

– 12 January 2027. Cloud providers will generally be banned from charging switching or data extraction (egress) fees, unless they can justify those charges objectively. This is likely to reshape the EU cloud market, which has faced repeated criticism over anti-competitive fee structures.

What UK Businesses Should Do Now

UK businesses that are affected need to take the following steps to comply:

– Assess applicability. First, determine whether the business sells connected products or offers relevant digital services within the EU. It is also vital to understand whether the data processed meets the definition of non-personal data generated through usage.

– Map data flows. A clear inventory of data flows is essential, i.e. what data is generated, who generates it, where it is stored, and how it is used or shared. This includes understanding which parties hold what rights over the data.

– Review contracts. Data sharing agreements and cloud service contracts must be updated to reflect new user rights. Any clauses that could be considered unfair, restrictive, or non-transparent may need to be removed or revised to ensure compliance.

– Build access infrastructure. Technical systems must allow users and authorised third parties to access data securely, quickly, and in machine-readable formats. Businesses should also start planning now for September 2026, when connected products must be built with user access in mind.

– Clarify cloud terms. Cloud providers must publish clear switching procedures, exit timelines, and any related fees. Some have already acted. Google Cloud, for example, announced it would waive egress fees to support compliance with the new rules.

– Protect trade secrets. Where businesses have a legitimate reason (e.g. the protection of trade secrets or user safety), they may refuse to share certain data. However, such refusals must be properly justified, and documented procedures should be in place.

– Penalties and Enforcement. Each EU member state is required to appoint a national regulator to enforce the rules. These authorities will have the power to investigate and impose penalties on businesses that fail to comply. The exact penalty levels vary by country, but the Act specifies that enforcement must be “effective, proportionate and dissuasive.” For larger organisations with complex operations, this could mean significant exposure if non-compliance is discovered.

Businesses are also required to keep records demonstrating how they comply with the Act. To support implementation, the European Commission has published model contract clauses and launched a dedicated Data Act Legal Helpdesk for practical support.

Criticism and Challenges

While the Act has been broadly welcomed as a long-overdue update to Europe’s fragmented data landscape, it will come as no surprise that it has not escaped criticism.

For example, some industry voices argue that compliance will be costly, particularly for small businesses that may lack the resources to adapt infrastructure and contracts at pace.

Others have raised concerns about cybersecurity and intellectual property. The ability for third parties to access usage data, even with safeguards in place, has prompted questions about how effectively sensitive information can be protected.

Concerns have also been raised about uneven enforcement. For example, as each EU country sets up its own supervisory regime, multinational businesses may face inconsistency in how the rules are applied or interpreted.

That said, supporters appear to believe that these are reasonable trade-offs in building a more equitable and open data economy. As the European Commission noted in its official guidance, “The Data Act provides a horizontal framework for unlocking data value, while protecting rights and ensuring fairness in the data-driven economy.”

What Does This Mean For Your Business?

For UK companies operating in the EU, the immediate priority is to ensure contracts, systems and internal processes reflect the new rights granted to users. This is particularly relevant for manufacturers of connected products and providers of cloud, edge and data processing services. Organisations that fail to prepare could face compliance risks, contractual disputes or even restricted access to key EU markets.

Those that act early may be better positioned to compete. Building in user data access, transparency and portability could strengthen customer relationships and support future product development. For cloud providers, the pressure to enable smooth switching and eliminate unreasonable fees will only increase as the 2027 deadline approaches.

Beyond UK businesses, the regulation is likely to affect a broad range of stakeholders. Public sector bodies may benefit from greater access to data for emergency response and infrastructure planning. Smaller firms across the EU could gain new opportunities by accessing usage data that was previously unavailable to them. At the same time, larger players may face greater scrutiny over how they manage contractual fairness and protect trade secrets.

While enforcement consistency remains a concern, the main message is that any business interacting with EU customers through connected products or cloud services will need to align with these rules. The next key dates are already set. Those preparing now will be in a stronger position to meet them, reduce legal risk, and remain competitive in a rapidly evolving digital market.

In this Tech Insight, we look at how retailers across the UK are deploying new technology to deter shoplifting, reduce abuse of staff plus gather better evidence, whilst retail crime hits record levels.

Why Retailers Are Acting Now

The British Retail Consortium’s Annual Crime Survey reports losses from customer theft reaching £2.2 billion in 2023/24 and over 20 million shoplifting incidents, while violence and abuse against retail workers rose to more than 2,000 incidents per day. Retailers simultaneously lifted spending on prevention to £1.8 billion, yet it seems that satisfaction with police response remains low, with 61% rating it “poor” or “very poor”. “Retail crime is spiralling out of control,” said BRC chief executive Helen Dickinson, calling for industry, government and police to act together.

Figures from the Institute of Customer Service (ICS) provide more service sector context. For example, 42 per cent of public‑facing workers reported abuse in the prior six months, up 19 per cent year on year. 37 per cent even said they had considered quitting, and over a quarter said they had taken sick leave, according to figures highlighted in national coverage of ICS’s “Service with Respect” campaign and open letter urging stronger legal protections for all service workers.

Bodycams On The Shop Floor

It may surprise many people to know that body‑worn video is now commonplace across parts of the high street. For example, Poundland originally reported an 11 per cent drop in violence after rolling out Motorola Solutions VT100 cameras, with footage managed via Motorola’s evidence platform and linked to CCTV. It should be noted here that Poundland has since been sold (by Pepco Group to Gordon Brothers’ Peach Bidco for £1 on 12 June 2025) and it’s not clear if it’s still using the cameras. Another popular high street name, H&M, is piloting bodycams in three UK stores to test impact on de‑escalation and incident reduction. Also, Tesco now uses bodycams for store and some delivery colleagues, activated when staff feel unsafe. EE even equips store teams with cameras that can stream incidents to monitoring teams. These measures are all intended both to act as visible deterrents and to strengthen evidence for police.

Facial Recognition Trials Move Into The Mainstream

Some chains are trialling facial recognition to identify repeat offenders linked to theft or abuse. For example, Sainsbury’s is running an eight‑week pilot with Facewatch in selected stores in London and Bath, where alerts are generated only when someone on a store‑defined watchlist enters. In terms of how effective it could be, Iceland has reported that its early use of Facewatch led to a 30 per cent reduction in violent incidents where deployed, and that it plans a further roll‑out of the technology later this year. Southern Co‑op and other retailers have used similar watchlist alerts for several years.

Retailers say that systems focus on known repeat offenders and that signage is used at trial sites. Sainsbury’s has framed the pilot as a staff‑safety measure in locations with high repeat offending. Iceland’s Richard Walker argued publicly that the technology helps trained store teams to make calm, proportionate interventions.

AI‑Enhanced CCTV And “Smarter” Monitoring

Beyond face matching, retailers are also now trialling AI‑assisted video analytics that compare what shoppers pick up with what is scanned, flagging likely non‑scans in real time. For example, Trigo Retail recently launched a computer‑vision loss‑prevention platform in the UK that tracks shopping behaviours without storing biometric identifiers, thereby aiming to provide targeted alerts rather than blanket monitoring. As Trigo co‑founder Daniel Gabay recently said, “The most effective retail security technology today isn’t about adding more barriers or locks, it’s about making existing infrastructure smarter”.

Security Hubs, Headsets And Digital Crime Reporting

Tesco has set up a 24/7 national Security Operations Centre in Daventry to analyse thousands of hours of CCTV, join up evidence and share intelligence with police. The supermarket says the hub monitors clusters of stores and operates year‑round.

In a different approach, Currys has opted to roll out VoCoVo headsets across stores so colleagues can call for support instantly and coordinate responses. It has also taken Auror’s crime‑reporting platform nationwide after a 12‑week trial identified 10 repeat offenders, led to three arrests, and prevented about £20,000 of theft. Currys also cites a 58 per cent year‑on‑year reduction in aggressive incidents during March–April. The company says incident logging is faster and more consistent, supporting police engagement.

The Home Secretary has publicly urged more UK retailers to use crime‑intelligence platforms like Auror and signalled support for broader data‑sharing with police where lawful and proportionate.

Fogging Devices And Smart Safes

Alongside analytics and reporting, several retailers are investing in fogging and misting systems that rapidly fill areas with disorienting fog during an incident, forensic marking to tag stolen goods for later recovery, and time‑delay stock safes for high‑value items. EE says these measures, combined with tracking tools for stolen devices, are reducing opportunities for smash‑and‑grab theft and improving staff safety.

Is The Technology Actually Working?

In terms of whether these hi-tech approaches to tackling crime are actually working, it seems that some deployments are reporting measurable impact. For example, Poundland’s reported 11 per cent reduction in violence post‑bodycams does appear to indicate a deterrent effect when incidents are recorded and evidence quality improves. Also, Currys’ 58 per cent drop in aggressive thefts during a focused period, along with identified repeat offenders and arrests, could suggest that intelligence‑led reporting can help direct police resources. However, results vary by store, offender behaviour can displace to nearby locations, and none of these tools replace visible policing.

What Privacy Groups Are Saying

Privacy advocates argue that live facial recognition in shops risks normalising biometric checks for everyday purchases and can harm people when errors occur. For example, Big Brother Watch has urged Sainsbury’s to stop its trial, calling the approach “deeply disproportionate and chilling”, and warning that it “turns shoppers into suspects”. The group also raises concerns about privately run watchlists, limited transparency, and the lack of robust redress when people are wrongly flagged.

Campaigners also point to documented cases and regulatory complaints in which customers were allegedly misidentified in stores using commercial facial recognition. In one case, a woman said she discovered she had been placed on a Facewatch watchlist after a dispute over low-value goods, prompting a complaint to the regulator about necessity and proportionality. Such incidents underline why rights groups want independent oversight, strict targeting to serious repeat offending, and clearer routes to challenge mistakes.

The Information Commissioner’s Office describes facial recognition in public-facing spaces as highly intrusive, and expects organisations to complete a Data Protection Impact Assessment for each deployment, show a strong lawful basis, and evidence that less intrusive methods would not achieve the aim. The regulator’s guidance also stresses governance around watchlists, meaningful human review of matches, recording and correcting false positives, careful data retention, and transparency with clear signage.

The Evolving Legal And Policy Picture

Ministers have pledged to create a standalone offence of assaulting a retail worker in the forthcoming Crime and Policing Bill, and signalled plans to remove perceived barriers to charging thefts under £200. Trade bodies are pressing for police to attend incidents more routinely, and for protections to extend to a wider group of public-facing roles. For retailers piloting facial recognition or AI video analytics, compliance is practical and specific, i.e. to set out a clear lawful basis and DPIA, evidence necessity and proportionality, display clear signage, apply tight retention periods with human review of matches, and provide straightforward routes for people to challenge mistakes.

Operational Reality For Businesses

Understandably, it seems that retailers are focused on what actually works in-store. For example, body cameras are known to deter aggression and produce evidence that can be used. Also, AI video systems can spot items that are not scanned and tighten loss prevention without adding physical barriers. Store headsets and digital crime reporting speed up responses and improve the quality of referrals to the police, and central security hubs connect patterns across regions and help investigations move faster.

It should be noted, however, that introducing these measures is not simply a case of just plug and play. It needs training for staff, clear procedures, and close working with local police so that evidence gathered in store is followed up.

Competitors, Customers And Others

With the use of this kind of tech by some retailers, competitors face a strategic question, i.e. if early adopters show clear reductions in violence and stock losses, others are likely to follow or risk falling behind on safety and loss‑prevention. For customers, the line between protection and surveillance needs careful management to maintain trust. Clear signage, narrow watchlists, rapid deletion of non‑matches and accessible complaint routes matter for legitimacy. For staff and unions, evidence that measures reduce assaults and abuse will be critical to ongoing support. For regulators and campaigners, the priority remains ensuring deployments are narrowly tailored, evidence‑led and subject to meaningful oversight.

Key Challenges To Watch

It seems, however, that questions remain about how these measures perform in real stores. For example, evidence is still building and can vary by location, store format and offender behaviour. Also, facial recognition carries a risk of misidentification, so there must be strong human review and clear routes to correct mistakes. Data retention, watchlist criteria and any information sharing need tight governance and regular audit. Without consistent police follow up, even well documented incidents may not progress, which reduces the deterrent that retailers and staff are looking for.

What Does This Mean For Your Business?

It seems that technology has now moved from trial to toolkit. Bodycams, AI-supported CCTV, crime reporting platforms and central security hubs are all reportedly delivering practical gains where deployments are targeted, well trained and supported by local policing. Facial recognition remains the most contested, which is why governance, human review and visible transparency need to be embedded from the start. None of this is a silver bullet, it is a set of controls that work best together and only when the basics of staff training and incident follow up are in place.

For UK businesses the lesson is to invest where the benefits are clear, measure results store by store, and publish what works so staff and customers can see the value. Build privacy and accuracy into the design, with narrow watchlists, short retention periods and simple routes for people to challenge mistakes. Engage early with police, unions and regulators so evidence gathered in store is acted on, not left on a server. Competitors that delay now look like risking higher losses and lower staff confidence, while those that proceed without robust safeguards risk reputational damage and regulatory attention.

For customers, trust depends on openness and restraint. Clear signage, clear explanations and visible accountability help reassure people that security measures are there to protect, not to monitor ordinary shopping. For staff, the test is whether incidents decline and confidence rises, which should be tracked through surveys and incident data.

Over half of all insider cyber attacks in UK schools are now being carried out by students, according to new findings from the Information Commissioner’s Office (ICO).

Alert

A new alert issued by the UK’s data protection regulator has highlighted a “worrying trend” in school cyber breaches, with children as young as seven found to be responsible for serious personal data breaches. The ICO’s analysis of 215 insider cyber incidents reported by education settings between January 2022 and August 2024 found that 57 per cent were caused by students, often exploiting weak security practices and misconfigured systems to gain access.

What’s Happening?

The new findings focus on what the ICO terms the “insider threat”, i.e. a cyber security breach originating from someone inside an organisation, rather than from external attackers. According to the ICO, it seems that in schools and colleges, that threat increasingly means the students themselves.

Logging In Rather Than Hacking In

While traditional hacking is often associated with remote cyber criminals, many of the breaches reported to the ICO involved students who were already inside the school network, whether physically or via a shared device. In most cases, these students didn’t need to ‘hack in’. Instead, they simply logged in using staff credentials they had guessed, found written down, or seen used in shared spaces. For example, the ICO’s investigation found that 30 per cent of the insider breaches involved students using stolen or guessed login details. Of those, 97 per cent were directly attributed to students.

Examples

Examples released by the ICO include Year 11 pupils using freely available hacking tools to access a secondary school’s student records database. In another case, a college student used a staff login to view, amend, or delete personal data belonging to more than 9,000 individuals, including students, applicants and staff. The data accessed included names, home addresses, school records, health data, safeguarding notes and emergency contact details.

Who And Why?

According to the National Crime Agency (NCA), around 1 in 5 children aged 10 to 16 have engaged in some form of illegal online activity. Many young people involved in school-based cyber breaches are tech-savvy teenagers, often motivated by curiosity, dares, rivalry or a desire to test their skills.

Heather Toomey, Principal Cyber Specialist at the ICO, warned: “What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure.”

The ICO’s own report found that a number of student attackers were already members of online hacking forums, with some describing their interest in IT or cyber security as a motivation.

There are also concerns that peer pressure and notoriety may be playing a role. Also, with hacking tools readily available online and a growing culture of ‘cyber experimentation’ among teenagers, the barrier to entry has dropped significantly. In one shocking example, the youngest child referred to the NCA’s Cyber Choices programme (a diversion scheme for young people at risk of cyber crime) was just seven years old!

How Poor Cyber Practices Are Making Things Worse

While students are behind a growing number of these attacks, the ICO says that weak school security practices are often to blame for giving them the opportunity. For example, of the incidents it analysed:

– 23 per cent were due to poor data protection practices, such as staff leaving devices unattended or students being allowed to use staff machines.

– 20 per cent were caused by staff sending data to personal devices.

– 17 per cent were the result of incorrect system access rights, such as misconfigured permissions on platforms like SharePoint.

– Only 5 per cent involved more technically advanced attacks aimed at bypassing security or network controls.

This appears to paint a picture of education settings where basic cyber hygiene is not being consistently enforced, and where curiosity-driven students often find it all too easy to gain access.

In many cases looked at by the ICO, passwords were left written down or reused across multiple systems (password sharing). Also, systems were often inadequately segregated, with students able to access staff portals or administrative databases. Another issue was devices being left unlocked or unattended, giving unauthorised users the chance to view or export sensitive data.

Real-World Impacts

Although students may have been doing this for fun, the fallout from such incidents can be really serious. For example, breaches involving children’s personal data may trigger safeguarding risks, parental complaints, and mandatory reporting to regulators like the ICO and Action Fraud. They can also cause disruption to school operations and damage trust in digital education tools.

A breach involving sensitive pastoral care records or health data could lead to emotional distress for pupils and families. Although the ICO has not confirmed whether any of the reported incidents have resulted in enforcement action, it has made it clear that schools need to raise their game security-wise.

More broadly, the findings raise concerns that early, unchecked behaviour at school could lay the groundwork for more serious criminal activity later on. For example, children who get away with low-level school hacking may be more likely to go on to commit cyber crime in adulthood. In recent years, UK-based teenagers have been arrested in connection with high-profile attacks on major organisations including TfL, M&S and MGM Casinos.

What Can Be Done?

The ICO is urging schools to recognise the insider threat as a real and growing risk, and to take a more proactive approach to cyber security. That includes tightening access controls, improving staff training, and removing unnecessary opportunities for student access to staff systems.

“It’s important that we understand the next generation’s interests and motivations in the online world,” said Heather Toomey. “Schools must act to reduce these risks and ensure children remain on the right side of the law.”

The regulator recommends that GDPR and cyber training be refreshed regularly, especially for staff who handle sensitive pupil data. Schools are also encouraged to report breaches to the ICO promptly so that they can receive tailored guidance and support.

For parents, the message is to talk regularly with children about what they do online and how their actions may have legal and ethical consequences. The NCA’s Cyber Choices programme provides online resources for parents, educators, and young people to help channel cyber skills in positive directions.

It’s also worth noting that Ofsted and the Department for Education have both included cyber security and digital safeguarding as part of broader school leadership responsibilities, particularly for academy trusts and local authority-maintained schools managing large datasets across multiple sites.

What Does This Mean For Your Business?

The scale of these incidents appears to show deeper vulnerabilities in how education settings are managing access, accountability and digital safety. For example, although students may be the ones exploiting the gaps, it seems that the failures often begin with poor digital discipline among staff, misconfigured systems, and weak enforcement of policies that should be basic practice by now. This is, therefore, not just a safeguarding issue but a clear organisational risk, one that could just as easily apply to businesses that underestimate their own internal threat landscape.

For UK companies, especially those working with younger audiences or educational institutions, there’s a broader lesson here. If school systems with limited budgets and complex user bases are proving this easy to exploit, similar risks may be lurking within corporate networks where insider access is also widespread and often poorly monitored. With teenagers already engaging in low-level attacks on schools, and some progressing to more serious breaches in the private sector, early prevention and education have to be part of a wider national cyber strategy.

The ICO’s focus on education, awareness and remediation (rather than punishment) is also notable here. It suggests a recognition that many of these cases are not driven by malice, but by gaps in understanding, supervision and technical control. That said, the legal and reputational consequences of these breaches remain significant, and the longer schools delay action, the harder it will be to rebuild trust.

This appears to be an issue in which everyone has a role to play for prevention. For example, for schools, this means reviewing device access, credential management, and staff training as a matter of urgency. For parents, it means having clearer conversations with children about digital responsibility. Also, for policymakers and industry, it means recognising that today’s teenage hobbyist could become tomorrow’s insider threat, unless there are effective interventions, better systems and stronger support in place to redirect those skills.

A research team in Shenzhen has built a working “cassette tape” that stores files as synthetic DNA on a polyester‑nylon tape, with a theoretical capacity that could dwarf today’s magnetic cartridges.

Who Built It, And What Is It?

Scientists led by Professor Xingyu Jiang at Southern University of Science and Technology (SUSTech), with collaborators including Shanghai Jiao Tong University in China, have designed a compact tape and an automated drive that writes, protects, indexes and retrieves DNA‑encoded files. Their peer‑reviewed paper in Science Advances describes a barcoded membrane tape with hundreds of thousands of addressable partitions, an on‑tape chemical process to encapsulate DNA for long life, and a drive that handles file addressing, recovery and redeposition.

In tests, the team deposited 156.6 kilobytes across four image fragments and successfully reconstructed the full image. The system achieved up to 1,570 partitions per second and created more than 545,000 addressable partitions per 1,000 metres of tape.

Why?

With global data creation expected to reach hundreds of zettabytes by the end of the decade, traditional storage technologies are starting to fall behind in terms of density, durability and efficiency. DNA, on the other hand, offers enormous potential, able to store vast amounts of information in a very small space, with the ability to remain stable for hundreds of years without electricity. This makes it particularly suited to long-term cold storage of archival data.

Not A New Idea

It should be noted here that DNA storage itself is not new. For example, Microsoft and the University of Washington demonstrated the first automated DNA write‑and‑read system in 2019. Startups such as Catalog have also explored ways to make the process faster and more affordable.

What’s So Different About This System?

What sets the SUSTech team’s work apart is the physical format and indexing system, i.e. a roll of membrane tape with barcodes acting as folders and file locations, plus a compact drive that can retrieve and rewrite specific partitions automatically. The idea is to turn DNA storage into something that functions more like a conventional tape library.

How The “Cassette” Works

The tape is actually made from a polyester‑nylon composite. Researchers print black hydrophobic bars and white hydrophilic spaces that form barcodes using a Code‑128 pattern. These barcodes are read by the device’s optical system and used to locate individual files.

To store data, synthetic DNA strands are deposited onto selected partitions and bound using DNA “handles” that have been chemically attached to the tape. A metal-organic protective coating is then applied using zinc ions and 2‑methylimidazole. This Zeolitic Imidazolate Framework (ZIF) protects the DNA but can be removed in seconds when the file is needed. The DNA is then released, amplified and sequenced.

According to the team, the system currently supports around 74.7 gigabytes of actual data per kilometre, with a theoretical capacity of over 360 petabytes per kilometre if losses are eliminated.

Capacity Is Huge, But Speed Isn’t There Yet

While the capacity potential is impressive, it seems that performance remains slow. For example, in one demonstration, it took two and a half hours to recover four image files. The researchers believe this could be reduced to 47 minutes with improved parallel processing, but that still lags far behind existing tape technologies.

For comparison, an LTO‑9 cartridge can store up to 45 terabytes of compressed data and transfer it at hundreds of megabytes per second. By contrast, current DNA tape tests managed only around 75 gigabytes per kilometre, with recovery times measured in hours. This confirms the system is still at the research stage and not ready for large-scale deployment.

Density and Shelf Life Are Key Benefits

What makes the cassette system particularly promising is its density and long shelf life. DNA can retain data for centuries when protected, and the ZIF coating developed by the team allows that protection to be switched on and off quickly.

In accelerated ageing tests, the coated tape remained readable after six weeks at 70°C in humid conditions, whereas uncoated samples failed. The barcode indexing system also allows for targeted access and replacement of individual partitions without affecting the rest of the tape.

How It Compares To Other DNA Storage Approaches

Most current DNA storage approaches use particles, microfluidic chips or benchtop sequencers to handle file storage and retrieval. By contrast, the SUSTech system aims for scalability and automation. It converts a flat surface into a rollable medium, uses a mechanical head to dip partitions into reagents, and enables physical file management using barcodes.

However, the trade‑off here is speed. DNA reading and writing still depend on slow chemical and sequencing steps. Also, synthesis costs remain high, making the technology uncompetitive with tape for frequently accessed data.

Three Key Features

All things considered, three features of this system really stand out. These are:

1. Its high addressability. In other words, the system can store lots of separate files very close together on the tape (500,000 partitions per kilometre), and it can quickly find and access any specific file (1,570 files accessed per second).

2. The ability to erase and redeposit data on a single partition, replacing over 99 per cent of previous content.

3. The rapid ZIF-based protection system, which allows for stable long-term storage and quick decapsulation when needed, i.e. the protective layer can be quickly removed to access the data.

Who Will Use It?

If developed further, the system could be valuable for deep-archive use, where data must be stored securely for long periods without frequent access. For example, sectors such as media, finance, research and government already manage large volumes of rarely accessed data and could benefit from lower storage footprints and energy usage.

However, UK organisations also face strict data governance requirements. For example, the Information Commissioner’s Office (ICO) states: “Holding personal data for too long can be as much a risk as not holding it long enough.” This means that any transition to ultra-dense media must still support data deletion, access control, and documented retention schedules.

Guidance

The ICO’s guidance is clear in this case, i.e. : “You must regularly review the data you are holding, and delete anything you no longer need.” These rules apply regardless of the storage format.

For UK businesses, that means DNA storage must still meet all the requirements of GDPR. Organisations must be able to demonstrate that personal data is held only for as long as necessary, can be retrieved when required, and can be permanently erased when it is no longer needed.

Key Numbers (With Context)

The research team behind the new system estimates a theoretical storage capacity of 362 petabytes per kilometre, which would equal around 375 petabytes on a cartridge the same size as current LTO‑9 media. To put this in context, a petabyte is about 1 million gigabytes, which is roughly equivalent to 250,000 HD movies, or 500 billion pages of standard text.

However, in practice, the system currently delivers just 74.7 gigabytes per kilometre, with slow recovery speeds. The difference between theoretical potential and real-world performance remains significant.

What Next?

Obvious next steps, therefore, include improving the input bandwidth of the system, i.e. ways to write more DNA in parallel, and integrating DNA synthesis directly onto the tape. Other teams are also reportedly working on cheaper synthesis methods and faster access technologies.

Rather than replacing tape, the cassette model from Shenzhen may, therefore, serve as a longer-term complement, packaged in a familiar form, but offering much greater density over time.

Challenges

As with all emerging storage technologies, there are some key challenges. Speed remains the biggest issue, with write and read operations still taking minutes or hours. Costs are also high, and reliable large-scale synthesis is still pretty much out of reach.

Safety and supply chain concerns will also need addressing, given the use of chemicals and lab‑grade processes. Crucially, there are some essential governance and compliance issues to take note of. As the ICO guidance makes clear, any future DNA-based system must allow for secure access, reliable deletion, and transparent oversight, regardless of how much data it can store.

What Does This Mean For Your Business?

Although this DNA cassette system is clearly not yet ready for commercial rollout, the core concept appears to demonstrate a clear step forward in how molecular storage could one day function at scale. The ability to automate writing, protect data on tape, and target individual partitions for retrieval or replacement is a notable change from lab-bound DNA experiments and towards integrated, physical storage devices.

For businesses in the UK and beyond, the long-term potential lies in highly durable, ultra-dense archives that demand little energy and minimal physical space. Sectors with growing compliance and retention requirements, such as financial services, life sciences and government records, will be watching closely. However, the cost of synthesis, the slow speed of read and write operations, and the reliance on specialised reagents and hardware mean that DNA media is still some way from practical deployment.

From a governance perspective, no format is exempt from data protection duties. The ICO’s guidance is unambiguous on that point. Any move towards alternative media, including DNA, must still support secure access, effective data minimisation, and provable erasure in line with UK GDPR. For organisations weighing up future options, the cassette format may prove useful, but only if it integrates cleanly with legal and operational frameworks already in place.

In short, for now, this is a promising development with strong technical foundations and clear use case potential in cold storage. What happens next will depend on how quickly the underlying processes can be refined and how well the technology can be aligned with real-world business needs.