Summary
The government is consulting on proposals for new laws to improve
the cyber resilience of organisations which are important to the
UK economy.
This consultation closes at
11:45pm on 10 April 2022
Consultation description
As part of the £2.6 billion National Cyber Strategy
2022 the government is working to improve the cyber resilience of
businesses and organisations across the UK economy.
Recent high-profile cyber attacks, such as the December 2020
SolarWinds supply chain compromise, the May 2021 ransomware
attack on the US Colonial Pipeline, and the July 2021 attack on
the managed service provider Kaseya demonstrate how malicious
actors are able to compromise a country’s national security and
disrupt activities in the wider economy and society.
The government is therefore consulting on proposals for
legislative changes which would drive up levels of cyber
resilience, particularly in organisations which play an important
role in the UK economy, like managed IT service providers.
A pre-consultation impact assessment has been provided to support
the legislative proposals.
In addition, a separate consultation on Embedding standards and
pathways across the cyber profession by 2025 is also being
published. This details proposals for how a stronger cyber
security profession can support better cyber resilience.
There is further analysis on the need to improve UK cyber
resilience in the 2022 Review of Cyber
Security Incentives and Regulation which is being published
alongside this consultation.
Read more in the press notice.
Documents
Proposal for legislation
to improve the UK’s cyber resilience
Privacy notice - cyber
resilience legislation
Cyber legislation
pre-consultation impact assessment
Ways to respond
Respond online
