UK introduces tougher cyber law to protect business and public.
Summary
- Bill expands cyber regulations to more tech and service sectors
- Noncompliant firms risk penalties based on annual turnover
- Law targets AI misuse and aligns UK standards with EU norms
The UK government has formally introduced the Cyber Security and Resilience bill to Parliament, according to an announcement by the Department for Science, Innovation and Technology.
The legislation would expand existing Network and Information Systems regulations to encompass a broader range of technology and managed service providers, the government stated. The bill seeks to strengthen network and data security, improve reporting and response mechanisms for cyber incidents, and reduce risks to critical infrastructure and business networks.
United Kingdom goverment pivots to IT protection
IT management, technical support, and cybersecurity service providers would face the same regulatory obligations as companies currently subject to NIS rules under the proposed legislation. Noncompliant firms could face penalties calculated based on annual turnover, according to the bill’s provisions.
The legislation would grant the technology secretary authority to direct regulators and organizations to implement preventive measures against cyber threats deemed to pose national security risks.
Independent research commissioned by the Department for Science, Innovation and Technology estimated the average cost of a serious cyber attack in the UK at £190,000 per incident, totaling approximately £14.7 billion annually, according to the department.
Government officials stated the legislation would align UK law with European Union standards and strengthen protections against state-sponsored cyber attacks, including threats attributed to China, Iran, and North Korea.
The bill includes provisions aimed at preventing artificial intelligence misuse, specifically targeting the creation of child sexual abuse material. The legislation would authorize trusted organizations, including AI developers and charities, to test AI models for vulnerabilities before harmful content is generated.
Science, Innovation and Technology Secretary Liz Kendall said the legislation reinforces the UK’s approach to cyber threats and aims to safeguard public services, businesses, and citizens.