A Bill to require a company that meets specified criteria to report any cyber extortion or ransomware attack on the company to the Government within a specified time after the attack; to make provision about the content of such reports, including a requirement to provide information about any payments made; and for connected purposes.
This Bill would require certain companies to report cyber extortion or ransomware attacks to the Government within a defined time after the attack. The reports must include details of the attack and any payments made to attackers, with the information used for national security and policy purposes.
The bill is currently at the Second Reading in the Commons. If progressed, it would move to the committee stage for detailed examination.
Generated 21 February 2026
The next stage for this Bill, Second reading, is scheduled to take place on Friday 29 May 2026, although the House of Commons is not expected to be sitting on that date.
This is a Private Members' Bill and was introduced to Parliament on Tuesday 21 October under the Ten Minute Rule.
No recorded votes for this bill yet.