Approximate read time: 50 minutes

Cyber security is becoming increasingly important as society becomes more dependent on digital systems. Essential services are particularly attractive targets for cyber criminals, activists or hostile states aiming to cause disruption to the UK economy and public safety.

Legislation protecting essential services from cyber attacks is provided for in the 2018 NIS regulations. These impose duties on providers of essential services and relevant digital services to have cyber security measures in place and to promptly report serious incidents.

The bill would update the 2018 NIS regulations to improve their functioning and respond to changes in cyber threats since 2018. First, it would expand the scope of the regulations. For example, it would bring data centres, electrical load control, and third-party IT products and services under the regulations and require a broader range of incidents to be reported. Second, it would grant the secretary of state powers to update the regulatory framework with secondary legislation to allow the regulations to adapt to changing threats. Third, it would confer powers to the secretary of state to issue directions to certain organisations to provide information or take specific actions in the interest of national security.

The general principle of the bill has received cross-party support and has been welcomed by industry and regulators. However, key points of contention include whether more sectors should be brought in scope, such as retail and manufacturing, and the potential impacts of increased administrative burdens for businesses and regulators. Some have also criticised a lack of legal clarity as many details would be determined later in secondary legislation.

Image by Sasun Bughdaryan on Unsplash.


Related posts

  • National Security (State Threats) Bill: HL Bill 35 of 2026–27

    The National Security (State Threats) Bill would create new powers for the home secretary to designate bodies engaged in state threat activity, equivalent to the proscription of terrorist organisations under the Terrorism Act 2000. The bill would create three new offences associated with designation of supporting, assisting, or receiving material benefit from a designated body. These offences would carry sentences of up to 14 years’ imprisonment.

    National Security (State Threats) Bill: HL Bill 35 of 2026–27
  • Threats to UK democracy: Disinformation, foreign interference and declining public trust

    Social media and other technologies have made it easier, quicker and cheaper for foreign powers to spread false information online aimed at undermining UK democracy. Such disinformation campaigns are one type of interference operation. In parallel, researchers have noted a link between declining public trust and societal polarisation, which can be exacerbated by online discourse. This briefing provides introductory reading to these issues, including recent reports and government announcements.

    Threats to UK democracy: Disinformation, foreign interference and declining public trust
  • Law on the regulation of fertility treatment

    The Human Fertilisation and Embryology Act 1990 regulates in vitro fertilisation (IVF) and human embryo research in the UK. Recently, there have been calls for reform to reflect changes in societal attitudes and scientific developments since the act was last updated in 2008. The government has said it is considering recommendations made by the Human Fertilisation and Embryology Authority, the sector’s independent regulator.

    Law on the regulation of fertility treatment