Department for Science, Innovation and Technology
High confidence
DSIT frames the Bill as a necessary response to ransomware attacks on UK critical services (notably Synnovis/NHS pathology in June 2024) and proposes to expand scope to managed service providers and critical suppliers, modernise incident reporting, and provide national-security direction powers. The policy statement (April 2025) and Bill factsheets (March 2026) set out the substantive measures.Nov 2025Apr 2025Mar 2026Nov 2025
Tension with Liberty, Privacy International, Open Rights Group
Liz Kendall
Low confidence
As Secretary of State, sponsors the Bill in line with the DSIT policy statement and King's Speech 2026 commitment; substantive ministerial positioning has been led by junior ministers (Narayan, Clark) and the Lords pair (Vallance, Lloyd).Nov 2025May 2026
Kanishka Narayan
High confidence
Framed the Bill at introduction as a direct response to the Synnovis ransomware attack on NHS pathology services and the broader CNI cyber-threat picture, and acted as the lead Government minister through Public Bill Committee.Nov 2025Feb 2026
Feryal Clark
High confidence
Announced the pre-introduction policy statement on 1 April 2025, positioning the Bill as 'bolstering the UK's cyber security and resilience' alongside parallel growth measures.Apr 2025Apr 2025
Dr Ben Spencer
High confidence
On the national-security dimension: tabled NC14 (statutory register of foreign powers presenting a risk to UK critical NIS) and NC15 (annual GCHQ-confirmed review of state-actor cyber risk reported to Parliament with classified material referred to the ISC) — pressing for a more codified state-threat architecture inside the Bill.Apr 2026
Victoria Collins
High confidence
On scope and supportive infrastructure: led a substantial Liberal Democrat new-clause programme covering an SME cyber-support service (NC2), a foreign-state-ownership review of regulated bodies (NC3), inclusion of critical manufacturing, food production and retail (NC4), local authorities (NC5), a CMA 1990 review (NC6), board oversight (NC10), regular testing (NC11) and a Digital Sovereignty Strategy on foreign-tech reliance (NC13), and tabled amendment 1 inserting fraud into RDSP risk-identification duties.Apr 2026
David Chadwick
High confidence
On regulatory capacity and electoral integrity: co-led Lib Dem new clauses on resourcing of regulators and regulated persons (NC7), designation of electoral infrastructure as an essential service (NC8) and political parties as providing essential services (NC9), alongside board oversight (NC10) and regular testing (NC11).Apr 2026
Freddie van Mierlo
High confidence
On post-enactment scrutiny: tabled amendment 2 cutting the statutory review interval in clause 40 from five years to three years, alongside co-sponsoring the broader Liberal Democrat new-clause cluster.Apr 2026
Alex Sobel
High confidence
On AI/data-centre intersection: led NC12 creating 'last-resort' powers for the Secretary of State to direct the shutdown of data centres or AI systems used or deployed by them in an 'AI security or operational emergency', with associated parliamentary reporting, High Court relief and biannual ministerial reports on adversarial uses, autonomous-AI cyber-attack capability and 'superintelligent AI'.Apr 2026
Sir Iain Duncan Smith
High confidence
On information-sharing safeguards: led cross-party amendment 3 inserting a fair-trial exemption preventing NIS enforcement authorities sharing information overseas where the Secretary of State determines the receiving jurisdiction cannot guarantee the right to a fair trial, with subject-matter-expert and civil-society consultation.Apr 2026
Siân Berry
High confidence
On digital sovereignty: tabled NC16 requiring a Digital Sovereignty Strategy with explicit assessment of open-source software, open standards and open architectures, options to diversify open-source suppliers and reduce strategic dependencies, and legislative/regulatory/procurement measures to support digital sovereignty.Apr 2026
Regulatory Policy Committee
High confidence
On regulatory analysis quality: issued a green-rated opinion on DSIT's impact assessment, validating the Department's quantification of compliance costs and benefits as fit for purpose, and submitted further written evidence (CSRB34) to the Public Bill Committee.Nov 2025Feb 2026
Joint Committee on the National Security Strategy
High confidence
On the framing case: its December 2023 report 'A hostage to fortune' established ransomware as a Tier-1 national-security threat — a key independent reference the Government has used to justify the Bill.Dec 2023
National Cyber Security Centre
High confidence
On operational backdrop: published January 2026 guidance to CNI leaders warning of severe cyber threat and urging immediate board-level action, sharpening the operational case for the Bill while underscoring NCSC's continuing role through the CAF.Jan 2026Aug 2025
Ofgem
High confidence
On energy-sector implementation: issued NIS Guidance v3.0 for downstream gas and electricity OES in January 2026 (jointly with DESNZ as competent authority), confirming that sector-specific compliance guidance continues to operate alongside the Bill.Jan 2026
Information Commissioner's Office
Medium confidence
On DSP supervision: continues as competent authority for relevant digital service providers under reg 12 NIS 2018, with reg 12(7)(b) (since SI 2021/1461) anchoring the duty on RDSPs to have regard to ICO guidance — a regulatory hook the Bill leaves in place and that NC2 / amendment 1 (fraud) and related Lib Dem proposals would broaden.Dec 2021
Liberty
High confidence
On civil liberties: jointly with Privacy International (CSRB16) raised concerns about the breadth of directions and information-sharing powers and their rights implications — positioning that aligns with amendment 3's fair-trial exemption.Feb 2026Apr 2026
Tension with Department for Science, Innovation and Technology
Privacy International
High confidence
On civil liberties: co-author of CSRB16 with Liberty, raising privacy and proportionality concerns about the Bill's enforcement and disclosure architecture.Feb 2026
Tension with Department for Science, Innovation and Technology
Open Rights Group
Medium confidence
On digital rights: submitted written evidence (CSRB04) raising digital-rights concerns about the Bill's design.Feb 2026
Tension with Department for Science, Innovation and Technology
techUK
Medium confidence
On industry implementation: submitted supplementary written evidence (CSRB37), engaging substantively with the Bill's expanded scope (MSPs, critical suppliers) — positioned as the principal trade-association voice on the regulated-entity side.Feb 2026
Microsoft
Medium confidence
On managed-service / DSP perimeter: submitted CSRB39 — a major hyperscaler perspective on how the Bill should treat managed service providers and digital service providers.Feb 2026
Cloudflare
Low confidence
On internet-infrastructure perspective: submitted CSRB38 on the Bill's treatment of digital infrastructure providers.Feb 2026
National Grid
Low confidence
On CNI operator perspective: submitted CSRB40 from the position of a major electricity-transmission OES.Feb 2026
National Gas
Low confidence
On gas-sector implementation: submitted CSRB20 from a gas-transmission OES perspective on the Bill's resilience duties.Feb 2026
UK Cyber Security Council
Medium confidence
On workforce capacity: submitted CSRB06 and CSRB32 raising cyber-workforce sufficiency issues — relevant to the skills-shortage angle pressed by PQ 120158 [57258] and to NC7's regulator-resourcing consultation requirement.Feb 2026Feb 2026Apr 2026Mar 2026
UK Finance
Low confidence
On financial-services interface: submitted CSRB14 representing the banking trade-body view on how the Bill interacts with existing FS resilience regimes.Feb 2026
Association of British Insurers
Low confidence
On insurance-market implications: submitted CSRB23 on how the Bill affects the cyber-insurance landscape and underwriting.Feb 2026
Cyber Security and Resilience Bill Public Bill Committee
High confidence
On procedural disposition: reported the Bill as amended (Bill 385) on 25 February 2026, having taken oral and written evidence across seven sittings and accepted Government amendments.Feb 2026Feb 2026
Business and Trade Committee
Medium confidence
On the economic-security framing: its 11th Report 'Toward a new doctrine for economic security' (HC 835) was tagged as a relevant document at Second Reading, supporting a stronger economic-security lens on the Bill.Jan 2026