The UK Christmas coronavirus restrictions are a fascinating example of compliance and risk management in action. They're playing out how we often see this play out in security.

Taking expert opinion on board but balancing the risk of harm from a particular threat source with risks of other harms an accountable risk owner has set the limits of policy.

Experts in the risk source have then repeatedly tried to remind those bound by the rules that they are the 'limit of the licence' and that everyone still needs to make their own determination of risk.

External commentators then decry this as too complex and continually try to get the experts to admit that the rules either are or are not safe on their own against an assumption that those bound by them will be confused by anything other than a compliance-led approach.

Other external experts in the risk source then either laud or decry the limits set by policy and explain how the policy setters should change their mind in one or other direction.

Other groups negatively affected by the policy limits decry the damage this will do to their priorities and demand restitution from the policy setters.

In the face of the confusion of disagreement or agreement from external commentators policy setters stay the course until new data is presented.

I predict the next step will be external commentators telling everyone that they told them so once the outcome doesn't precisely match that used to set the level of policy.