King's Speech 2026: Cyber Security and Resilience Bill

Cyber Security and Resilience Bill

“My Ministers will also introduce legislation to improve the country’s defences against
cyber-security threats”

● The first duty of a government is to protect its citizens. The UK’s digital economy
is increasingly being attacked by cyber criminals and state actors, affecting
essential services and infrastructure. The Cyber Security and Resilience Bill will
increase the UK’s defences against cyber attacks and better protect the services
that people rely on every day.

● The Bill will deliver a fundamental step change in the UK’s national security –
making essential digital services more secure in the face of cyber criminals and
state actors who want to disrupt our way of life - ensuring the economy is better
protected. This will make the UK a safer place to live, work and do business.

What does the Bill do?

● The Cyber Security and Resilience Bill will strengthen the UK’s defences to
protect essential UK services from cyber attacks, by making crucial updates to
existing legislation.

● The Bill will:

Expand the remit of existing regulations to better protect more of the
core services people and businesses rely on
○ Many managed IT companies will be regulated under the Bill. These
organisations deliver key services such as IT helpdesks and cyber
security to private and public sector organisations like the NHS. They
will need to meet new security duties as they hold trusted access
across government, critical national infrastructure and business
networks.
○ Data centres will be brought into scope as they are critical to keeping
the UK running, underpinning essential and digital services from patient
records and online payments to email services and AI development.
○ Operators that manage the flow of electricity to smart appliances, like
electric vehicle charge points and electrical heating appliances in
homes, will also have to meet new security requirements. This will
reduce the risk of disruption to consumers using smart-energy

124
 appliances, and the electricity network, bolstering the UK’s energy
security.
○ Regulators will be given new powers to designate critical suppliers to
the UK’s essential services such as those providing healthcare
diagnostics to the NHS or chemicals to a water firm, where they meet
the criteria. This will assist in closing gaps in supply chains that
criminals could exploit to cause wider disruption.

Ensuring cyber regulators are more effective and consistent to protect
essential services
○ Organisations in scope will need to report a greater range of harmful
cyber incidents to their regulator and the National Cyber Security
Centre (NCSC) within 24 hours, with a full report within 72 hours, to
ensure support can be on hand more quickly to help build a stronger
national picture of cyber threats.
○ If a data centre or digital and managed service provider faces a
significant or potentially significant cyber incident, they will have to take
reasonable steps to identify and notify promptly the customers who are
likely to have been impacted, so organisations can act fast to protect
their business, people and services.
○ Enforcement will be modernised, including tougher turnover-based
penalties for serious breaches, so cutting corners is no longer cheaper
than doing the right thing. Companies providing essential services to
the public and businesses should ensure they have tough protections
in place to keep their systems up and running.

Ensure the UK is resilient to new threats
● Ministers will be given new powers to instruct regulators and the
organisations they oversee, like NHS trusts and Thames Water, to take
specific, proportionate steps to prevent cyber attacks where there is a
threat to UK national security. This includes requiring that they bolster
their monitoring or isolate high-risk systems to protect and secure
essential services.
● The Government will be more agile and responsive to evolving cyber
threats with powers to make changes to the regime in secondary
legislation, such as bringing more services into scope, or updating
security requirements.

125
Territorial extent and application

● The Bill will extend and apply to the whole of the UK.

Key facts

● The cyber security sector makes an important economic contribution. In
2024, the cyber security sector contributed £13.2 billion in revenue to the
economy. The sector now employs 67,300 people and created 6,600 new jobs
from 2024-25.

● The UK is subject to daily cyber attacks, as cyber criminals and
state-linked actors blackmail businesses, steal data, and threaten our way of
life. According to a report by IBM, the UK is the most targeted country for
cyber attacks in Europe. This threat is now evolving: a new generation of AI
models are becoming increasingly capable of cyber offence, finding and
exploiting weaknesses in software at speed and scale. In April 2026, AI firm
Anthropic announced a new model called Mythos, which testing by DSIT’s AI
Security Institute found to be substantially more capable at cyber offence than
any model previously assessed.

● A cyber attack on critical national infrastructure could be hugely costly
to the economy. According to a 2025 report by KPMG, a systemic cyber
incident to the rail network causing one week of disruption could result in an
estimated cost of £1.8 billion.

● The National Cyber Security Centre, part of GCHQ, is world-leading in
defending the UK online. It provides free, practical advice, training and
guidance at ncsc.gov.uk, for organisations of every size, as well as an Early
Warning Service which can inform organisations of potential cyber attacks and
give them time to act. The UK has also established the AI Security Institute
which provides the Government with a world-leading capability for
understanding AI cyber capabilities.

● The Chief Executive Officer of the National Cyber Security Centre, Dr
Richard Horne, said “The real-world impacts of cyber attacks have never
been more evident than in recent months, and at the NCSC we continue to
work round the clock to empower organisations in the face of rising threats.
As a nation, we must act at pace to improve our digital defences and
resilience, and the Cyber Security and Resilience Bill represents a crucial step
in better protecting our most critical services.”

126
 CONTACT DETAILS

Bill Lead Department Contact Details

Steel Industry Department for Business 0207 215 2000
(Nationalisation) Bill and Trade

Northern Powerhouse Department for Transport 0300 777 7878
Rail Bill

European Partnership Bill Cabinet Office pressoffice@cabinetoffice.
gov.uk

Small Business Protection Department for Business 0207 215 2000
(Late Payments) Bill and Trade

Clean Water Bill Department for 0330 041 6560
Environment, Food and
Rural Affairs

Competition Reform Bill Department for Business 0207 215 2000
and Trade

Regulating for Growth Bill Department for Business 0207 215 2000
and Trade

Enhancing Financial His Majesty’s Treasury 0207 270 5238
Services Bill

Highways (Financing) Bill Department for Transport 0300 777 7878

Overnight Visitor Levy Bill Ministry of Housing, 0303 444 1209
Communities and Local
Government

Social Housing Renewal Ministry of Housing, 0303 444 1209
Bill Communities and Local
Government

Commonhold and Ministry of Housing, 0303 444 1209
Leasehold Reform Bill Communities and Local
Government

Education for All Bill Department for Education 0203 371 4832

Representation of the Ministry of Housing, 0303 444 1209
People Bill Communities and Local
Government

Remediation Bill Ministry of Housing, 0303 444 1209
Communities and Local

127
Bill Lead Department Contact Details

Government

Draft Conversion Office for Equality and 0207 276 3999
Practices Bill Opportunity

Draft Ticket Tout Ban Bill Department for Digital, 0208 080 3054
Culture, Media and Sport

Sporting Events Bill Department for Digital, 0208 080 3054
Culture, Media and Sport

Police Reform Bill Home Office 0300 123 3535

NHS Modernisation Bill Department of Health and 0207 972 3272
Social Care

Railways and Passenger Department for Transport 0300 777 7878
Benefits Bill

Digital Access to Services Cabinet Office pressoffice@cabinetoffice.
Bill gov.uk

Public Office Ministry of Justice 0300 790 0711
(Accountability) Bill

Removal of Peerages Bill Cabinet Office pressoffice@cabinetoffice.
gov.uk

Courts Modernisation Bill Ministry of Justice 0300 790 0711

Northern Ireland Troubles Northern Ireland Office 0779 947 0812
Bill

Draft Taxi and Private Department for Transport 0300 777 7878
Hire Vehicle Bill

Civil Aviation Bill Department for Transport 0300 777 7878

Sovereign Grant Bill His Majesty’s Treasury 0207 270 5238

Energy Independence Bill Department for Energy 0207 215 1000
Security and Net Zero

Nuclear Regulation Bill Department for Energy 0207 215 1000
Security and Net Zero

Electricity Generator Levy His Majesty’s Treasury 0207 270 5238
Bill

Tackling State Threats Bill Home Office 0300 123 3535

128
Bill Lead Department Contact Details

Armed Forces Bill Ministry of Defence 0207 218 7907

National Security Bill Home Office 0300 123 3535

Immigration and Asylum Home Office 0300 123 3535
Bill

Cyber Security and Department for Science, 0207 215 3000
Resilience Bill Innovation and Technology

129