Cyber Security and Resilience (Network and Information Systems) Bill

Key Points

• - Expanded scope: the bill would cover more players such as managed service providers (MSPs), large data centres and other critical suppliers, with tightened duties on risk management and incident handling for these groups.
• - Incident reporting and information sharing: there is ongoing focus on making incident reporting clearer and potentially streamlined; Labour amendments introduced information-sharing provisions (enforcement authorities sharing with listed bodies) and a clause to allow directions by email, while several proposals for a single, mandatory incident-reporting channel were defeated.
• - Governance, oversight and resources: Liberal Democrat and Conservative amendments seeking board-level oversight and periodic testing or a dedicated review of resources were largely defeated; Labour amendments moved to refine regulator structure (e.g., removing a joint regulator for data infrastructure, leaving Ofcom as sole regulator for that subsector) and to improve how regulators and industry work together.
• - International standards and alignment: debate emphasises aligning with international standards (ISO/IEC 27001, NIS2) and reducing duplication with existing regimes; some drafting corrections and alignment provisions were agreed to broadly match international norms.
• - SME support and resilience: there is concern about SME burdens and whether there will be targeted support (e.g., SME cyber security services or incentives); several SME-focused amendments were not carried at report stage, with ongoing calls for practical help and tooling.
• - Foreign interference and state actor risk: amid calls for scrutiny of foreign influence risks, several amendments addressing foreign powers and risk reporting were defeated, while information-sharing and clearer designation of critical suppliers remained on the table as policy levers.

Progress

The bill has moved from Committee scrutiny to Report Stage in the Commons after a reintroduction in May 2026. Several Labour amendments were agreed, and some Conservative and Liberal Democrat proposals were defeated or withdrawn. The next step is Third Reading.