Parliament invites cyber experts to give evidence on new UK cyber security bill

The Cyber Security and Resilience Bill will expand the UK’s cyber regulations to cover managed service providers, data centres and critical suppliers. The Public Bill Committee is calling for written evidence from practitioners and industry bodies as MPs prepare for line-by-line scrutiny from February

UK cyber security specialists have been invited to submit evidence to Parliament as MPs begin detailed scrutiny of the Cyber Security and Resilience (Network and Information Systems) Bill, a major update to the country’s cyber regulation framework.

The House of Commons Public Bill Committee has issued a formal call for written submissions from practitioners, academics, organisations likely to be regulated and professional associations. 

Evidence submitted will inform scrutiny and any amendments as the Bill moves through Parliament, giving cyber professionals direct input into a regulatory framework that will set new rules for governance, incident reporting, operational resilience and supply-chain security, and determine how cyber risk is overseen by the state in the years ahead.

The legislation will update and expand upon the Network and Information Systems (NIS) Regulations and its objectives include widening the categories of regulated operators to cover managed service providers, data centres, critical suppliers and large load controllers; strengthening incident reporting obligations; enhancing regulator enforcement powers, including higher penalties and cost-recovery mechanisms; and improving information sharing between regulators and operators.

Ministers argue the changes are necessary to protect essential services and digital supply chains amid rising levels of espionage, disruption and cyber crime targeting critical infrastructure.

The Committee is expected to begin taking oral evidence in early February, with written submissions accepted now. The window for contributions may close once the Committee has completed its consideration of the Bill, and early engagement has been encouraged.

READ MORE: ‘ISF warns geopolitics will be the defining cybersecurity risk of 2026‘. Geopolitics is set to become the dominant cybersecurity risk of 2026, the Information Security Forum warns, as nation states intensify digital espionage and pressure on critical infrastructure — and even paper back-ups regain importance as a last line of defence when systems fail.

Do you have news to share or expertise to contribute? The European welcomes insights from business leaders and sector specialists. Get in touch with our editorial team to find out more.

_{Main image: Recal Media/Pexels}