Since its announcement during the King’s Speech on 17 July 2024, there has been much anticipation over the contents of the Cyber Security and Resilience Bill (“CS&R Bill“) and in particular the extent to which it will bring the UK into alignment with its European counterpart, the NIS2 directive. Currently, cyber regulation in the UK is heavily reliant on the 2018 transposition of the NIS1 Directive (in the form of the NIS Regulations 2018), with a far narrower scope applying to critical infrastructure and Digital Service Providers only. Now, given the substantial progress in NIS2 implementation across Europe (with Finland being the latest to fully implement as at the date of this article), the appetite for UK cyber security reform continues to grow.

In a recent update from the Secretary of State for the Department for Science, Innovation and Technology (found here, Cyber security and resilience policy statement – GOV.UK), the UK Government has started to address some of this anticipation, dropping clues as to how the CS&R Bill will look when compared to its European cousin.

Our article looking at the Government’s recent update is available here.