Legislation & Litigation , Standards, Regulations & Compliance
UK Labour Introduces Cyber Security and Resilience Bill
Bill Gives Regulators Broader Powers, Seeks to Improve UK Cyber PreparednessIn its initial legislative agenda, the United Kingdom's newly elected Labour government has introduced a new cybersecurity bill in a bid to address rising cyberthreats to the country.
See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation
At the State Opening of Parliament on Wednesday, the newly elected Labour government introduced the Cyber Security and Resilience Bill, which seeks to reduce the severity of cyberattacks on essential services and improve the country's preparedness.
The new bill will expand existing technology regulations and empower British regulators to proactively monitor and investigate potential vulnerabilities. It will require incident reporting for ransomware attacks, in a move to help the government respond to incidents swiftly and collect data needed to improve preparedness.
The proposed regulations will be implemented in the transport, energy, drinking water, health and digital infrastructure sectors. The legislative proposal will also affect online marketplaces, online search engines and cloud computing services. Twelve different regulators will be responsible for implementation.
Ciaran Martin, former head of the U.K. National Cyber Security Center, is among industry experts who welcomed the legislative proposal.
The "proposed Cyber Security and Resilience bill looks eminently sensible. The extension to the supply chain and the mandatory reporting requirements are significant positive steps," Martin tweeted.
Matt Hull, a representative of the CyberUp Campaign, which is leading industry efforts to update the U.K. Computer Misuse Act of 1990, predicts the bill will play a vital role in reducing successful cyberattacks.
"We look forward to working with the government on further ways to upgrade the country's cyber resilience, particularly on any efforts to tackle the outdated Computer Misuse Act 1990. Updating the act will enable the U.K.'s cyber professionals to better protect the U.K. online, safeguarding the digital economy and unlocking the full growth potential of our cybersecurity industry," Hull said.
While it was anticipated that the U.K government will introduce an exclusive artificial intelligence bill akin to the EU's AI Act, the King's Speech during the opening session only highlighted the need to establish "appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models."
The Labour government will likely introduce new AI regulations in the coming months.