Keyfacts
The key facts from the King's Speech are:Consequences
Digital verification services would be established and include " digital identity products to help the public quickly and securely share key information about themselves as they use online services in their everyday life." A National Underground Asset Register would be created enabling "planners and excavators instant, standardised access to pipe and cable data around the country." The Bill will enable the creation of smart data schemes, "which would allow for the secure sharing of customer data, upon their request, with authorised third-party service providers." It will introduce compulsory ransomware reporting so that the authorities can better understand the threat and "alert us to potential attacks by expanding the type and nature of incidents that regulated entities must report." While this information collection is likely to increase resilience to attacks, the administrative burden for businesses from this reporting might well bring with it additional costs as well as the original cyber incident's expense. As modern business practices are interconnected, organisations must ensure that their partners and suppliers also adhere to the standards set by the CS&R. In the EU, the original Network and Information Security Directive (NIS Directive 2016/1148) is being updated to Directive 2022/2555, known as EU NIS 2. EU NIS 2 introduces wide-reaching changes to the existing EU cyber security laws for network and information systems. The CS&R should bring the existing UK NIS regulations 2018 to a framework similar to that of the EU. The Bill as yet has no information on any punishments for non-compliance or what the data regulators' demands from an organisation that has experienced a cyber security incident will be.Reaction
Jon Ellison, NCSC Director of National Resilience, said that the proposed bill was "a landmark moment tackling the growing threat to the UK's critical systems". He continued that it will be "a crucial step towards a more comprehensive regulatory regime, fit for our volatile world". Former head of the NCSC Ciaran Martin along with other experts welcomed the legislative proposal. On social media, he wrote that the proposed legislation seemed sensible, with mandatory reporting requirements being significant and positive steps. A representative of the CyberUp Campaign Matt Hull said that the organisation is looking forward to the Government updating UK cyber resilience and in particular the Computer Misuse Act 1990. Any updates to this Act would help cyber professionals protect the U.K., safeguard the digital economy and unlock the potential growth within the cybersecurity industry.Schedule
The Bill will proceed through seven stages of the legislative process which happens in both houses of the UK parliament: first reading, second reading, committee stage, report stage, third reading, opposite house and royal assent. # July 17th Bill announced. # Stage: Pre-legislative Scrutiny (current). # Stage: First reading - yet to be presented.See also
* Cyber Resilience Act - EU regulation to improve cybersecurity and cyber resilience. * GDPR - The General Data Protection Regulation. *References
{{ReflistExternal links