UK sets out new cyber reporting requirements for critical infrastructure therecord.media/uk-sets-o…

In a policy statement published Tuesday, the British government set out what its forthcoming Cyber Security and Resilience Bill will include when it is introduced to parliament later this year. The belated reworking of the country’s cybersecurity regulations comes three years after the previous government had prematurely described those laws as “updated” while failing to actually introduce the legislation.

“For too long, successive governments have failed to properly address the growing risk posed by cyber criminals and hostile states. Our people have paid the price,” said Peter Kyle, the Secretary of State, in a foreword to the policy document.

Britain’s cybersecurity laws were passed in 2018 and are based on the European Union’s Network and Information Systems (NIS) Directive. They were not reworked following the United Kingdom’s withdrawal from the European Union in 2020, even though the EU itself did so through the NIS2 update in 2022.