Commons2nd reading

Cyber Extortion and Ransomware (Reporting) Bill

A Bill to require a company that meets specified criteria to report any cyber extortion or ransomware attack on the company to the Government within a specified time after the attack; to make provision about the content of such reports, including a requirement to provide information about any payments made; and for connected purposes.

Originating House

House of Commons

Sponsor

Bradley ThomasConservative

Parliament last updated

1 May 2026

In Plain English

AI-generated

May contain errors — check source documents for definitive information.

The Bill would require certain companies to report cyber extortion or ransomware attacks to the Government within a set time after an incident. The reports must include details of the attack and any payments made to attackers. The goal is to improve government awareness and response to cyber threats.

Key Points

Applies to companies that meet the bill's specified criteria.
Requires reporting to the Government within a defined time after a cyber extortion or ransomware attack.
Reports must include information about the attack and any payments made to attackers.
The Bill is currently at the 2nd Reading stage in the House of Commons and is sponsored by Bradley Thomas.

Progress

The bill is at the 2nd Reading in the House of Commons. If it progresses, it would move to committee stage and then further stages before a potential Lords consideration.

Who is affected?

Companies that meet the bill's specified criteria (the reporting obligation applies to them)UK Government departments and public bodies that would receive and handle the reportsEmployees and stakeholders within affected companies who may be affected by the new reporting requirements

Generated 21 February 2026

Bill Stages

1st readingCommons

21 Oct 2025

2nd readingCommons

Committee stageCommons

Report stageCommons

3rd readingCommons

1st readingLords

2nd readingLords

Committee stageLords

Report stageLords

3rd readingLords

Royal Assent

Updates & Documents

News (1)

Cyber Extortion and Ransomware (Reporting) Bill

22 Oct 2025

The 2024-2026 session of Parliament has come to an end so the House of Commons is now prorogued until the next session begins on 13 May 2026. Prorogation is the formal end to the parliamentary year.

This Bill will therefore make no further progress.

Parliamentary Votes (0)

No recorded votes for this bill yet.

Cyber Extortion and Ransomware (Reporting) Bill | TrackPolitics