UK businesses urged to brace for Cyber Security and Resilience Legislation, as an NCC Group specialist issues alarm
The UK government is set to introduce the Cyber Security and Resilience Bill to Parliament before the end of the year, most likely in the Autumn. This legislation, announced in July 2024, is considered the UK's response to the EU's NIS2.
Katharina Sommer, Group Head of Government Affairs & Analyst Relations at NCC Group, has contributed to the firm's Global Cyber Policy Radar report and will speak at Infosecurity Europe 2025 to evaluate European cybersecurity laws and their impact on UK and EU-based companies.
The Bill is expected to bring new sectors and parts of the UK economy into scope, including managed service providers (MSPs), critical suppliers, and possibly data centres at or above 1MW capacity. This could result in approximately 1000 UK organisations being affected.
Sommer has raised concerns about potential differences in security requirements between NIS2 and the Cyber Security and Resilience Bill, such as cyber incident reporting timelines for covered entities. She has also noted potential specific provisions for the financial sector in the Bill, which could lead to clashes with DORA provisions.
The Bill should grant the UK Secretary of State greater authority and introduce updates to technical and security requirements, aiming to improve incident reporting. Sommer recommends that organisations preparing for the upcoming legislation read the UK Department for Science, Technology and Innovation's Policy Statement.
The increased complexity of cybersecurity regulatory compliance will be a primary focus at Infosecurity Europe 2025. A session titled 'Clarification on the upcoming tsunami of legislation' will take place on June 4, 2025, at 13.55 BST.
Sommer indicated that the Cyber Security and Resilience Bill might result in more direct intervention into organisations' cyber resilience. She suggests that organisations within scope could benefit from improved information sharing, including from the UK government.
Organisations operating across borders have made the case for harmonization and alignment across the two regulatory regimes (NIS2 and the Cyber Security and Resilience Bill) to streamline their compliance efforts. In the EU, the implementation of the NIS2 Directive and the Cyber Security and Resilience Bill involves various bodies, such as national competent authorities, sector-specific regulators, and entities responsible for critical infrastructure and essential services compliance. In the UK, the implementation falls under bodies like the National Cyber Security Centre (NCSC) and regulatory authorities overseeing critical sectors, tasked with enforcing compliance in line with the UK's Cyber Security and Resilience Bill framework.
Registration and the full program for Infosecurity Europe 2025 can be found on their respective websites. It promises to be an invaluable event for organisations seeking to navigate the complexities of the upcoming tech laws, including the Cyber Security and Resilience Bill, and the AI Bill.
Read also:
- Unidentified cybercriminals suspected in mobile banking fraud in Kenya, as insiders potentially implicated in the scheme
- Exploring the Architecture and Skills of Qualys' Agentic AI: A Deep Dive into Its Technological Framework and Abilities
- Auto Industry Update: Geotab, C2A, Deloitte, NOVOSENSE, Soracom, and Panasonic in Focus
- Preparations Underway for the 2022 FIFA World Cup: Impact on Sports Betting Industry
