We value your privacy

We use cookies to enhance your browsing experience and analyze traffic anonymously for internal statistical purposes. By clicking “Accept all,” you consent to the use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    cookieyes-consent
  • Duration
    1 year
  • Description

    CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about site visitors.

  • Cookie
    _GRECAPTCHA
  • Duration
    180 days
  • Description
    This cookie is used by the Google reCAPTCHA service to protect the site from spam and abuse, distinguishing between real users and bots. It performs a risk analysis by collecting information on browsing behavior and device details, such as mouse movements, keystrokes, and technical data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    language
  • Duration
    1 anno
  • Description

    This cookie is used to store the user's language preference.

  • Cookie
    post_viewed_
  • Duration
    1 ora
  • Description

    This cookie prevents a single visit to an article from being counted multiple times when the page is refreshed.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _ga_*
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to count visitors to the page

  • Cookie
    _ga
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to calculate visitor, session, and campaign data and track site usage for site analytic reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

News Flash

London shakes up cyber defence: new bill promises tighter rules and faster response to threats 

From EU lessons to a UK-tailored strategy, the upcoming Cyber Security and Resilience Bill aims to boost national protection across all sectors 

UK's cyber governance

30 April 2025

Table of contents

  • A bold move for cyber security in the UK 
  • Managed service providers come under scrutiny 
  • Tougher supply chain obligations 
  • Enhanced regulatory powers and clearer oversight 
  • Expanding the powers of the Information Commissioner’s Office 
  • What’s next: data centres, strategic direction, and emergency powers 
  • A strategic upgrade to the UK’s cyber resilience 

A bold move for cyber security in the UK 

On April 1, 2025, the UK government released the Cyber Security and Resilience Policy Statement, outlining the framework of the upcoming Cyber Security and Resilience Bill.

Originally announced in July 2024, the Bill aims to overhaul the current NIS Regulations 2018, which were based on the EU’s original Network and Information Systems Directive prior to Brexit. 

Now, with the EU having replaced its directive with the more ambitious NIS2 Directive, the UK is striking a balance, maintaining sovereignty while aligning with effective EU practices. The goal: address the UK’s cyber security challenges through a flexible, proportionate and strategic approach

Managed service providers come under scrutiny 

A major shift in the proposed bill is the expansion of scope to include managed service providers (MSPs). These providers, with their direct access to clients’ networks, infrastructure, and data, represent a critical point of risk. 

The Policy Statement defines managed services as external activities involving connection to customer networks and ongoing support in the management, administration, or monitoring of IT systems and infrastructure, including for cyber security purposes.

Tougher supply chain obligations 

The Bill will also strengthen responsibilities for operators of essential services (OES) and relevant digital service providers (RDSP) in their supply chains. Regulatory bodies will have the power to label certain suppliers as “critical” when their goods or services are vital to the digital or essential service supported. 

While this will apply to a small percentage of suppliers, it reflects the government’s intent to secure every link in the digital infrastructure chain. 

Enhanced regulatory powers and clearer oversight 

The Cyber Security and Resilience Bill seeks to empower regulators with more concrete tools, including technical requirements inspired by the Cyber Assessment Framework of the National Cyber Security Centre (NCSC).

Another key reform involves incident reporting. Entities will need to notify both the regulator and the NCSC within 24 hours of detecting a significant incident, followed by a full report within 72 hours. This aligns with NIS2 requirements, but is tailored to fit the UK landscape. 

Expanding the powers of the Information Commissioner’s Office 

The Information Commissioner’s Office (ICO), already responsible for data protection and the regulation of online platforms, will gain new duties as the authority for managed service providers.

The Bill will enhance its capacity to collect and evaluate data on critical digital services, and enforce compliance through extended information-sharing and through mandatory notification mechanisms. 

What’s next: data centres, strategic direction, and emergency powers 

Beyond the primary proposals, the Policy Statement hints at additional changes under review: 

  • Regulatory framework for data centers
    Facilities that meet certain criteria will be required to comply with reporting requirements and take proportionate security measures.
  • Five-year strategic plan
    The Secretary of State may issue periodic statements with goals for regulators, to be updated every 3-5 years.
  • Exceptional executive powers
    The government will be able to intervene directly in cases of serious cyber threats, ordering immediate action from companies or directing authorities on specific fronts in the name of national security.

A strategic upgrade to the UK’s cyber resilience 

The upcoming Cyber Security and Resilience Bill, expected later this year, could mark a transformative moment in the UK’s cyber governance. By reinforcing oversight, increasing accountability, and anticipating future risks, the Bill sets the foundation for a more resilient, responsive, and robust digital ecosystem. 

If implemented as planned, the bill could become an alternative model to the European strategy, but equally ambitious, for protecting networks, data and critical infrastructure in an era of increasingly sophisticated threats.

4
To top