Collection

Cyber Security and Resilience Bill

The Cyber Security and Resilience (Network and Information Systems) Bill proposes new laws to improve UK cyber defences and protect our essential public services.

From:
Department for Science, Innovation and Technology
Published
30 September 2024
Last updated
18 November 2025 — See all updates

Overview

The government introduced the Cyber Security and Resilience Bill to Parliament for its first reading on 12 November 2025.

The Cyber Security and Resilience Bill will reform and add to the existing Network and Information Systems (NIS) Regulations 2018, to increase UK defences against cyber attacks, better protecting the services the public rely on to go about their normal lives – to switch on lights, turn on the tap to safe water, and know the NHS is there to support them.

The Bill will deliver a fundamental step change in the UK’s national security – making essential and digital services more secure in the face of cyber criminals and state actors who want to disrupt our way of life. Reforms will underpin greater economic stability, helping grow the economy for working people, by reducing business cost and disruption, and supporting investment.

Key documents

Read the press notice announcing bill.

See factsheets explaining the measures in the Bill.

Read the full Bill on the Parliament website.

View the Bill’s impact assessment.

Legislation documents can be found on the Parliament website including:

  • Cyber Security and Resilience Bill
  • Explanatory Notes
  • Delegated Powers Memorandum
  • Impact Assessments

Background

The government announced as part of the July 2024 King’s Speech that it would introduce a Cyber Security and Resilience Bill in the current Parliamentary session.

In April 2025 the government published details of the measures to be included in the bill.

Read the April 2025 press notice detailing the measures in the bill.

Read the Cyber Security and Resilience Bill policy statement from April 2025.

Read the ministerial statement on the bill.

Read the National Cyber Security Centre blog about the bill.

Cyber Security and Resilience Bill (2025)

Details of the new legislation to be introduced to Parliament in 2025

Research supporting the Bill

Details of research which supports the development of the Bill and informs its content.

April 2025 policy announcement documents

Existing cyber security regulation

Details of the current regulations and two-post implementation reviews which assessed their impact.

Previous work on cyber security regulation

Background on the government’s previous work to assess and update cyber security regulations.

Updates to this page

Published 30 September 2024
Last updated 18 November 2025 show all updates

  1. Added a link to the Regulatory Policy Committee's publication stating they have rated the impact assessment on the Cyber Security and Resilience Bill as fit for purpose; green-rated.

  2. Added link to the full details of the Bill on the Parliament website, as well as links to the Bill impact assessment, factsheets explaining the measures in the Bill, and supporting research.

  3. The Bill was introduced to Parliament on 12 November 2025. This page has been updated to include links to details of the proposed legislation, including the press notice and factsheets detailing the measures in the Bill.

  4. Added details of the Bill Policy Statement, press notice, ministerial statement and NCSC blog.

  5. First published.

Contents