The Pinch: When Two Well-Intentioned Policies Accidentally Team Up to Crush Small Farmers

Two Policies. One Sector. And a Slow Squeeze on the Farms That Feed Britain.

Picture this: You’re a pig farmer in Yorkshire, UK. You’ve got 400 sows, three employees (one’s your kid), and you’ve been running the same outdoor breeding setup for twenty years. You know your animals. You know your land. And not that long ago, Defra (UK’s Department for Environment, Food and Rural Affairs) figures showed UK pig producers losing around £31,000 a year on average from pig farming alone.

Then one day, you get an email from your German pork processor. Standard supplier stuff, you think. Except it’s a 37-page cybersecurity questionnaire asking about your network architecture, incident response plans, and encryption protocols. You stare at it. You’re still using paper ledgers for half your records.

Welcome to 2025, where two perfectly reasonable policies that nobody coordinated are about to squeeze small UK farmers in ways that nobody planned for and apparently nobody noticed. If you are a farmer or impacted by this, I wish I could buy you a pint while I explain this situation.

The London Side: Environmental Data or No Money

Here’s what’s happening in the UK. The government phased out the Basic Payment Scheme and replaced it with “delinked payments” that run from 2024 to 2027. This year? Delinked payments up to £30,000 are cut by 76%, and anything above that is cut entirely. By 2027, even those delinked payments will end completely. Yes, 76% and then gone. That’s not a typo; that’s policy.

The replacement is Environmental Land Management schemes. The pitch sounds good: “public money for public goods.” Instead of paying you just for having land, they’ll pay you for environmental benefits: track your soil health, measure your carbon, manage nutrients, improve water quality, and support biodiversity. All worthy goals. Nobody’s arguing against cleaner farming. But here’s what they don’t say out loud: you can’t manually track all that data at the scale these schemes require.

So, what do you need? Digital systems. IoT sensors scattered across your fields. Farm management software living in the cloud. Connected equipment monitoring temperature, feeding, and ventilation in your barns. Automated data collection and reporting, because the paperwork alone would bury you.

The government isn’t technically mandating precision agriculture. They’re just making it financially impossible not to adopt it. It’s like saying “we’re not forcing you to buy a car, but the bus stops running next year, and your job’s 30 miles away.”

That’s just the first half of the squeeze.

The Brussels Side: Prove You’re Secure or Lose Your Markets

Now here’s where it gets interesting. The EU’s NIS2 Directive began to take effect from October 2024, when EU Member States’ implementing laws came into force. It’s a cybersecurity regulation that says food production, processing, and distribution are “important entities” that must meet specific security standards. “But wait,” you’re thinking. “Brexit. UK farmers don’t answer to Brussels anymore.” True. Except your EU customers do.

And here’s the kicker: any EU-based processor, distributor, or retailer must now manage cybersecurity risks across their entire supply chain. In practice, that means they’re pushing NIS2-style requirements onto their suppliers. If you’re selling pork to Germany or France, you’ll likely face questionnaires asking you to prove you’ve got:

• Risk management procedures

• Incident response capabilities (with 24-hour reporting windows)

• Supply chain security measures

• Network security controls

• Access management

• Encryption

• Staff training on cybersecurity

• Regular security audits

Can’t demonstrate adequate cybersecurity? You risk getting dropped from the approved supplier list. Not because they don’t want to work with you, but because if they get audited and their suppliers can’t provide proper evidence of security, they’re looking at maximum fines for large entities of €10 million or 2% of global annual turnover. So now small UK farmers face enterprise-grade cybersecurity questionnaires just to stay on buyer lists and keep selling across the Channel.

Nobody planned this. Two separate bureaucracies, two separate policies, zero coordination.

Let’s Talk Money (Because It’s Ugly)

I ran the numbers. They made me wince.

What does cybersecurity compliance cost?
(based on typical small business compliance requirements – these are market estimates):

• Initial security assessment: £5,000-£15,000

• Documentation and policies: £3,000-£8,000

• Technology implementation: £10,000-£30,000

• Annual monitoring: £2,000-£5,000

• Staff training per employee: £500-£1,500/year

• Cyber insurance increases: 30-50%

• Incident response planning: £2,000-£5,000

• Annual audits: £2,000-£4,000

For a market estimate for small operations, realistic NIS2-style cybersecurity measures easily stack up to £25,000-£70,000 upfront, plus £5,000-£10,000 every year, numbers that dwarf the margins of most family farms.

What a small pig farmer actually has:

• Recent typical losses: around £31,000 a year

• Delinked payment, keeping them afloat: about to be cut by 76%

• IT budget: doesn’t exist

• Cybersecurity expertise: zero

• Time for compliance paperwork: competing with actual farming

This isn’t a gap. It’s a canyon.

The Threats Are Real (Unfortunately)

Look, I wish I could tell you the cyber risks are overblown.
I can’t.
Agriculture has become a target.

Back in 2020, the National Cyber Security Centre partnered with the National Farmers Union to produce dedicated cybersecurity guidance for farmers. The UK’s own 2021 Food Security Report flagged cyber threats to food supply chains as a critical vulnerability. Then in May 2025, a ransomware attack hit a logistics firm supplying Tesco and Sainsbury’s, disrupting distribution across major supermarkets. So the government saw the threat coming, produced guidance, and watched it materialize into actual attacks. Here’s the kicker: try finding that NCSC guidance now. You’ll hit error pages. Dead links. The support that farmers desperately need? Buried in broken webpages and third-party summaries, while the attacks keep coming.

And farms are particularly vulnerable because:

They’re running on duct tape and hope.
That expensive IoT system monitoring your barn temperatures? Does it still have the default password, since the manual was 400 pages, and nobody had time? Your systems aren’t segmented, so once an attacker gets into anything, they’re into everything. And that grain silo monitor you bought ten years ago for £50,000? Can’t be updated. Legacy equipment is a nice way of saying “permanently vulnerable.”

But here’s the real problem:
These aren’t just data breaches. Attackers can control physical equipment. Temperature systems. Feeding mechanisms. Ventilation. Things where failure means animals die, and humans get hurt.

Imagine someone hacks your farrowing barn controls at 2 AM. Changes the temperature settings. By morning, you’ve lost sows and piglets to heat stress. Is that your fault for inadequate security? Or the government’s for pushing you onto systems you couldn’t afford to protect?

The Death Spiral (In Slow Motion)

Let me walk you through what’s about to happen. Let’s call our farmer Jane. She’s got 400 sows, runs outdoor breeding, and always does things hands-on. Jane is a good farmer and loves her job, but has tight margins. Here’s what typical figures for a farm this size might look like:

2024: Barely Hanging On

• Revenue: £180,000

• Costs: £211,000

• Loss: £31,000

• Delinked payment (formerly BPS): roughly £20,000 (the only reason she’s still solvent)

2025: The Squeeze Starts

• Delinked payment cut: 76% = loses £15,200

• Total loss now: £46,200

• Needs digital systems to get ELM payments

• Technology cost: £15,000-£25,000

• New total loss: £61,200-£71,200

• She takes on debt she probably can’t service

2026: The Trap Springs

• EU buyer sends NIS2 compliance questionnaire

• Needs cybersecurity compliance: £25,000-£50,000

• Can’t afford it

• Can’t sell to EU without it

• Farm becomes insolvent

2027: Game Over

• Delinked payments end completely

• ELM payments don’t cover the gap

• Lost EU markets

• Farm closes

This isn’t the worst-case. This is the default trajectory.

The Questions That Need Asking

Did anyone coordinate these policies?

Did Defra talk to EU regulators when designing ELM? Did anyone model what happens when you stack UK digital mandates on top of EU cybersecurity requirements? Or did two bureaucracies just build two policies in isolation and accidentally create a compliance trap?

Where’s the actual support?

The UK has held the farming support budget at around £2.4 billion, with a growing share pushed through Environmental Land Management schemes. That includes grants for technology. Know what it doesn’t include? Any dedicated, ring-fenced cybersecurity support for the systems farmers are being nudged to adopt. We’re paying farmers to adopt vulnerable systems and then walking away.

Is consolidation the goal?

Multiple NIS2 analyses warn that smaller organizations in the food sector often lack the financial resources for adequate cybersecurity, which could lead to industry consolidation into fewer, larger players. They know this drives out small farmers. They know only large operations can afford compliance. So, is this accidental, or is it working exactly as intended?

What about the next generation?

Young farmers inheriting family operations are getting failing businesses, negative margins, crumbling infrastructure, and a £50,000+ compliance burden that didn’t exist five years ago. We’re not just losing current farmers. We’re making sure no new ones can enter unless they’re already wealthy.

What Actually Needs to Happen

If anyone cared about keeping small farms viable, here’s what they’d do:

Immediate fixes:

• Match technology grants with cybersecurity support

• Create exemptions for small operations under certain revenue thresholds

• Build manual reporting pathways into ELM

• Actually, coordinate UK and EU policy impacts

Long-term:

• Make large buyers share compliance costs with small suppliers

• Enable farmer cooperatives for shared cybersecurity services

• Hold equipment manufacturers responsible for basic security (not farmers), aka secure-by-design, for the equipment.

• Create opt-out pathways that don’t end in bankruptcy

But that would require admitting the current setup doesn’t work, humble pie. So instead, we’ll watch small farms close one by one, see land consolidate into corporate operations, and then wonder why our food system became less resilient.

The Uncomfortable Truth About AgTech

The agricultural technology industry loves talking about how farmers need these tools. How precision agriculture is essential. How data and connectivity are the future.

But let’s be blunt: Who actually needs small farmers to adopt expensive AgTech?

Is it the farmers drowning in debt? The animals that were fine without sensors? The consumers who just want affordable food? The environment (which was arguably better served by traditional farming in many ways)?

Or is it the AgTech companies selling subscriptions? Or the equipment manufacturers who sell connected machinery? Data brokers collecting information? Large corporate agriculture eliminating competition?

I work in tech. I’m not anti-technology. But when policy creates a system where farmers must adopt technology they can’t afford and then secure it to standards they can’t meet, that’s not innovation. That’s elimination dressed up as progress.

Where This Goes Next

Right now, small UK farmers have three options, and they all suck, to again be blunt:

Option 1: Comply
Spend £50,000-£100,000. Take on debt. Hope you survive long enough for ELM payments. Most won’t.

Option 2: Exit:
Take the government’s lump-sum exit payment. Sell up. Find new work at 55 with farming as your only skill. Watch agricultural knowledge vanish.

Option 3: Resist:
Stay low-tech. Skip ELM. Lose government support. Hope your buyers don’t require NIS2 compliance. Basically, poverty farming until forced exit.

None of these options results in thriving small farms.
And maybe that’s not a bug.
Maybe it’s a feature.

What You Can Actually Do

Here’s what I’m asking:
If you’re a farmer facing this squeeze, talk about it.
If you work in ag policy, explain where I’m wrong. If you have solutions that don’t involve magically finding £50,000, I want to hear them.
As a consumer, you need to get loud about this, too. This will affect not only the food supply chain but also UK food security. It is insane to think about the UK having a major food security issue, but here we are right on the verge.

Because right now, we’re watching two well-intentioned policies team up to accidentally destroy the exact farmers both governments claim they want to protect.

Cybersecurity matters.
Environmental sustainability matters.
But so do the people growing our food.

If we can’t design policies that protect all three, we need to be honest about which ones we’re prioritizing and stop pretending we’re helping when we’re really just squeezing people out.

The food system is a web. When you pull one thread tight enough, the whole thing starts to fray. And if we’re not careful, we’re going to wake up one day and realize we’ve traded resilient, distributed food production for a handful of corporate operations that can afford the compliance costs.

That’s not stronger. That’s just more fragile in different ways.

Stay Safe, Stay Curious,

Kristin King