The Cyber Security and Resilience (Network and Information Systems) Bill (the Bill) was introduced in Parliament(1) in November 2025, setting out a major overhaul of the UK regulatory framework underpinning the cyber defence of essential public services.

On 6 January, the Bill passed its Second Reading in the House of Commons on the same day that the government’s Cyber Action Plan was launched.(2) The Bill will now move to Committee Stage and the Public Bill Committee is expected to report by 5 March 2026. Responses from regulators and industry bodies to the Bill have been largely positive, with the ICO welcoming the emphasis on increasing resilience.