A Bill to require a company that meets specified criteria to report any cyber extortion or ransomware attack on the company to the Government within a specified time after the attack; to make provision about the content of such reports, including a requirement to provide information about any payments made; and for connected purposes.
House of Commons
Bradley ThomasConservative
22 October 2025
May contain errors — check source documents for definitive information.
The Cyber Extortion and Ransomware (Reporting) Bill would require certain UK companies to report any cyber extortion or ransomware attack to the Government within a defined timeframe. The report must include details of the attack and whether any payments were made to attackers. The aim is to improve national cyber resilience, and the Bill is currently at the 2nd reading in the Commons.
The Bill is progressing through the Commons and is now at the 2nd reading stage. It has completed its 1st reading and will continue to later stages such as Committee and Report stages in due course.
Generated 21 February 2026
21 Oct 2025
29 May 2026
The next stage for this Bill, Second reading, is scheduled to take place on Friday 29 May 2026, although the House of Commons is not expected to be sitting on that date.
This is a Private Members' Bill and was introduced to Parliament on Tuesday 21 October under the Ten Minute Rule.
No recorded votes for this bill yet.
