The Department for Digital, Culture, Media & Sport and Department for Science, Innovation and Technology are jointly leading policy on cyber security incentives and regulation to protect critical national infrastructure and promote economic growth. The McPartland review examines the relationship between cyber security and economic growth, while government monitors threats from nation states and criminal actors. This active policy addresses both defensive measures and incentive structures for private sector cyber resilience.
Statement of intent between the Government of the United Kingdom of Great Britain and Northern Ireland and the Government of the Federal Republic of Nigeria.
The March 2026 edition of the DSIT cyber security newsletter.
A scheme to champion secure software development and support a resilient cyber ecosystem.
The December 2025 edition of the DSIT cyber security newsletter.
Why linked: DSIT Impact Assessment accompanying the Cyber Security and Resilience Bill.
The June 2025 edition of the DSIT cyber security newsletter.
The April 2025 edition of the DSIT cyber security newsletter.
Cyber Local is the government's programme to deliver tailored support for the cyber security sector across the regions.
This diagram shows how the five cyber security codes of practice apply to different organisations and technologies.
The March 2025 edition of the DSIT cyber security newsletter.
The February 2025 edition of the DSIT cyber security newsletter.
Feedback from a call for views on the code of practice for software vendors, and the government's response.
The International Coalition on Cyber Security Workforces is working to develop and maintain skilled cyber security workforces.
A list of Cyber Local projects which received funding in 2025.
The November 2024 edition of the DSIT cyber security newsletter.
The December 2024 edition of the DSIT cyber security newsletter.
A joint statement on how the UK's leading banks are working with the government to expand the role of Cyber Essentials and improve supply chain cyber security.
The October 2024 edition of the DSIT cyber security newsletter.
The September 2024 edition of the DSIT cyber security newsletter.
The August 2024 edition of the DSIT cyber security newsletter.
The April 2024 edition of the monthly DSIT cyber security newsletter.
Why linked: Enforcement management model: transport sector — direct guidance on NIS enforcement options.
Helps operators of essential services understand the enforcement options under the Network and Information Systems Regulations (2018) and how DfT will apply these within the transport sector.
Why linked: Filled the "McPartland Review on cyber security and economic growth" gap via web research
The McPartland Review of Cyber Security and Economic Growth was seeking views and evidence to inform its work.
The February 2024 edition of the monthly DSIT cyber security newsletter.
The government has asked the Rt Hon Stephen McPartland MP to conduct an independent review into cyber security as an enabler of economic growth.
The December 2023 edition of the monthly DSIT cyber security newsletter.
Call for Information on the uses and security of Private Telecommunications Networks within the UK.
We’re seeking views on the opportunities for connected digital twins and other advanced cyber-physical systems to enable a national capability in CPI.
The November 2023 edition of the monthly DSIT cyber security newsletter.
This code of practice sets out minimum security and privacy requirements for app store operators and app developers.
Why linked: Implementation of NIS Regulations 2018 for the energy sector in Great Britain — sector implementation guidance.
High level policy principles for compliance with the Network and Information Systems (NIS) Regulations 2018, for operators in energy sector.
Why linked: NIS Regulations 2018: health sector guide — direct operational guidance for an OES sector.
A guide for designated operators of essential services for healthcare in England explaining the practical impact of the NIS Regulations.
Call for Information on the uses and security of Private Telecommunications Networks within the UK.
The September 2023 edition of the monthly DSIT cyber security newsletter.
An evaluation of the government's LORCA programme to help cyber security businesses innovate, develop and grow.
The August 2023 edition of the monthly DSIT cyber security newsletter.
The July 2023 edition of the monthly DSIT cyber security newsletter.
Call for Information on the uses and security of Private Telecommunications Networks within the UK.
The June 2023 edition of the monthly DSIT cyber security newsletter.
The February 2023 edition of the monthly DSIT cyber security newsletter.
The government is holding a call for views on plans to improve the security and privacy of apps and app stores.
In response to: Proposal for legislation to improve the UK’s cyber resilience
The government is consulting on proposals for new laws to improve the cyber resilience of organisations which are important to the UK economy. We received a number of positive responses which are being considered. The government hopes to respond to …
Why linked: Telecoms security regulations consultation outcome — defines the parallel telecoms regime carve-out.
The government is consulting on proposals for new regulations and a code of practice to improve the security and resilience of public telecoms networks and services.
Why linked: Consultation on NIS Regulations guidance for the energy sector — sector-specific implementation.
We're seeking views on proposed updates to guidance for operators in the energy sector on compliance with the Network and Information Systems Regulations 2018.
Why linked: Second Post-Implementation Review of NIS Regulations 2018 — the statutory review that drove the current Bill.
This review assesses the effectiveness of the NIS Regulations, which were introduced in 2018 to improve the security & resilience of essential & digital services.
The government is holding a call for views on plans to improve the security and privacy of apps and app stores.
We’re seeking views on the opportunities for connected digital twins and other advanced cyber-physical systems to enable a national capability in CPI.
The government is holding a call for views on plans to improve the security and privacy of apps and app stores.
The government is conducting research to evaluate the effectiveness of its cyber security growth and innovation programmes.
The government is consulting on proposals for new laws to improve the cyber resilience of organisations which are important to the UK economy. We received a number of positive responses which are being considered. The government hopes to respond to …
The April 2022 edition of the monthly DCMS cyber security newsletter.
We’re seeking views on the opportunities for connected digital twins and other advanced cyber-physical systems to enable a national capability in CPI.
The government is consulting on proposals for new laws to improve the cyber resilience of organisations which are important to the UK economy. We received a number of positive responses which are being considered. The government hopes to respond to …
This review details the progress made in improving cyber resilience in recent years and sets out further government intervention to protect organisations online
Why linked: Government response on amending the NIS regulations (2021) — direct precursor to the Bill.
The government's response to a call for views on amending the Security of Network and Information Systems (NIS) Regulations
In response to: Call for views on supply chain cyber security
Why linked: Call for views on security of network and information systems — companion document.
Call for views on security of network and information systems — companion document.
In response to: Call for views on amending the NIS regulations
Why linked: Call for views on amending the NIS regulations — direct evidence base for the Bill.
A call for views on amending the incident reporting framework for digital service providers within the Network & Information Systems (NIS) regulations.
The government's response to a call for views on proposals for regulating consumer smart product cyber security.
Why linked: NIS Regulations guidance for UK DSPs operating in the EU — companion cross-border guidance.
What UK digital services providers must do to comply with the regulations covering the security of network and information systems.
Why linked: NIS Regulations guidance for non-UK digital service providers — implements reg. 8A nominated representative regime.
What organisations based outside the UK offering services in the UK must do to comply with the regulations covering the security of network and information systems.
Why linked: Matched expansion phrase: National Cyber Security Strategy
The National Cyber Security Strategy 2016 to 2021 and progress so far against its strategic outcomes.
Why linked: SI 2020/1245 is a foundational statutory instrument for the regime; the attached document is the operationalising amendment of NIS 2018.
The Network and Information Systems Regulations 2018 (S.I. 2018/506) (“the 2018 Regulations”), as amended by the Network and Information Systems (Amendment) Regulations 2018 (S.I. 2018/629), implement Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for …
Why linked: Call for views on amending the NIS regulations 2018.
Call for views on amending the NIS regulations 2018.
In response to: Call for views on proposed amendments to the Network and Information Systems Regulations
In response to: Proposals for regulating consumer smart product cyber security - call for views
A call for views on proposals for regulating the cyber security of consumer 'smart' products ran from 16 July to 6 September 2020.
In response to: Cyber security incentives & regulation review: government response to the call for eviden…
A summary of evidence received by the government as part of the Review of Cyber Security Incentives & Regulation, plus associated research publications.
In response to: Proposed changes to the Cyber Security Breaches Survey
In response to: Consultation on regulatory proposals on consumer IoT security
Consultation on the Government’s regulatory proposals regarding consumer Internet of Things (IoT) security
A call for evidence to help improve cyber security across the UK economy.
Government response to a call for views on the proposed approach to cyber security certification following the UK’s departure from the EU.
Following EU Exit, the UK proposes to introduce a requirement for non-UK based DSPs offering services in the UK to comply with the NIS Regulations.
Following EU Exit, the UK proposes to introduce a requirement for non-UK based DSPs offering services in the UK to comply with the NIS Regulations.
Consultation on the Government’s regulatory proposals regarding consumer Internet of Things (IoT) security
Why linked: Filled the "Cyber security skills and workforce development initiatives" gap via web research
In response to: Cyber Security Skills Strategy
Consultation on the Government’s regulatory proposals regarding consumer Internet of Things (IoT) security
Following EU Exit, the UK proposes to introduce a requirement for non-UK based DSPs offering services in the UK to comply with the NIS Regulations.
The Government held a targeted consultation on the implementation of the NIS Directive and its associated Implementing Act for digital service providers.
The Department for Digital, Culture, Media & Sport (DCMS) is running a survey to gather data on the UK's cyber security industry.
Government response to feedback onSecure by Design: Improving the cyber security of consumer internet of things report published on the 7 March 2018
The Government held a public consultation on its proposals to implement the Directive on the security of Network and Information Systems (NIS Directive).
The Government held a targeted consultation on the implementation of the NIS Directive and its associated Implementing Act for digital service providers.
Why linked: NIS Regulations: Impact Assessment (2018) — baseline evidence for the original regime.
This document sets out the expected impact of the Network & Information Systems Regulations 2018.
The Government held a targeted consultation on the implementation of the NIS Directive and its associated Implementing Act for digital service providers.
Call for views on the European Commission’s proposed Regulation on ENISA, the “EU Cybersecurity Agency”, and on Cyber Security Certification.
Call for views on the European Commission’s proposed Regulation on ENISA, the “EU Cybersecurity Agency”, and on Cyber Security Certification.
Call for views on the European Commission’s proposed Regulation on ENISA, the “EU Cybersecurity Agency”, and on Cyber Security Certification.
The Government held a public consultation on its proposals to implement the Directive on the security of Network and Information Systems (NIS Directive).
Why linked: National Cyber Security Strategy 2016–2021 — predecessor strategic framework.
The National Cyber Security Strategy 2016 to 2021 sets out the government's plan to make Britain secure and resilient in cyberspace.
The Department for Digital, Culture, Media & Sport (DCMS) is running a survey to gather data on the UK's cyber security industry.
The Department for Digital, Culture, Media & Sport (DCMS) is running a survey to gather data on the UK's cyber security industry.
The Government held a public consultation on its proposals to implement the Directive on the security of Network and Information Systems (NIS Directive).
This review considered whether there is a need for additional regulation or incentives to boost cyber risk management in the wider economy.