Cyber threats are evolving – and so are the laws designed to combat them. The UK government is preparing to introduce the Cyber Security and Resilience Bill, a major update to existing cyber legislation that will expand its scope and tighten obligations for businesses.

Currently, UK cyber law includes the Network and Information Systems (NIS) Regulations, which apply to operators of essential services (OES) and relevant digital service providers (RDSPs), such as cloud platforms and search engines. If you fall into one of these categories, you must manage risks to your networks and report incidents.

Other laws include PECR 2003, which governs telecom security, and the Product Security and Telecommunications Infrastructure Act 2022, which targets internet-connected consumer devices.

The new bill aims to strengthen these frameworks to reflect the deep concerns that complex global supply chains and reliance on technology increases cyber risk.

Key changes you need to be aware of include:

• Wider scope: More organisations, including Managed Service Providers (MSPs), will be regulated. If you’re an MSP, your deep access to client systems makes you critical to cyber resilience.
• Supply chain accountability: If you’re an OES or RDSP, you may need to include mandatory security clauses in contracts and maintain continuity plans.
• Critical supplier designation: Regulators can classify key suppliers as critical, meaning you could be subject to the same rules as OES and RDSPs.
• Stricter incident reporting: If your business is in scope, you’ll need to report cyber incidents in two stages—initially within 24 hours, followed by a detailed report within 72 hours.

These changes could significantly impact how you manage cyber risk, contract with suppliers and respond to incidents. With high-profile attacks on the rise, the bill is expected to be published soon.

Protect your business from cyberattacks

Now is the time to assess your cyber readiness. Use our interactive cybersecurity tool to spot gaps in your defence and take the next steps to remedy them.

Access tool