Active Announced in the King's Speech on 13 May 2026. 41 events
Lifecycle stage Implementation
1,665 days in stage

Cyber Security and Resilience Bill

The King's Speech 2026 cyber bill to strengthen the UK's defences against cyber threats, update resilience duties, and protect essential and digital services.


Showing 41 key signals from 176 total
Family
Signal
Year
Body
Role

2026

16 events
13 May 2026 | Policy paper Prime Minister's Office, 10 Downing Street Context · primary home: Railways and Passenger Benefi… linked direct

King's Speech 2026: background briefing notes

Why linked: King's Speech 2026 background briefing notes - primary source document for the Bill announcement and government legislative programme context

Read the briefing notes on the announcements made in the 2026 King’s Speech.

13 May 2026 | Policy paper Department for Energy Security and Net Zero Department for Science, Innovation and Technology Information Commissioner's Office National Cyber Security Centre Ofgem Regulatory Policy Committee Context · primary home: Civil Aviation Bill linked commitment

King's Speech announces Cyber Security and Resilience Bill

Why linked: The King's Speech 2026 and official briefing notes announce the Cyber Security and Resilience Bill as part of the government's legislative programme.

The King's Speech 2026 cyber bill to strengthen the UK's defences against cyber threats, update resilience duties, and protect essential and digital services.

6 Mar 2026 | Policy paper Department for Science, Innovation and Technology linked direct

Cyber Security and Resilience (Network and Information Systems) Bill: factsheets

Why linked: DSIT-published factsheets on the CSR Bill, the practitioner-facing companion to the Bill.

Factsheets relating to the Cyber Security and Resilience (Network and Information Systems) Bill introduced to Parliament on 12 November 2025.

28 Jan 2026 | Guidance Department for Energy Security and Net Zero Department for Science, Innovation and Technology Information Commissioner's Office National Cyber Security Centre Ofgem Regulatory Policy Committee evidence

Preparing for severe cyber threat: why leaders must act now – NCSC Guidance

Why linked: Filled the "Sector-specific cyber resilience guidance (energy, water, transport, health, finance)" gap via web research

NCSC guidance published January 2026 directed at operators of critical national infrastructure across energy, transport, health, communications and financial services sectors, advising on how to prepare for and respond to severe cyber threats in the context of the Cyber Security …

14 Jan 2026 | Guidance Department for Science, Innovation and Technology evidence

NIS Guidance for Downstream Gas and Electricity Operators of Essential Services in GB (v3.0)

Why linked: Filled the "Sector-specific guidance on NIS2 compliance issued by competent authorities" gap via web research

Sector-specific NIS compliance guidance issued by Ofgem (as joint competent authority with DESNZ) for downstream gas and electricity operators of essential services in Great Britain, updated January 2026 to reflect the evolving NIS/NIS2-aligned regulatory framework. Fulfils Ofgem's statutory duty under …

2025

7 events
12 Nov 2025 | Impact assessment Department for Science, Innovation and Technology linked direct

Cyber Security and Resilience (Network and Information Systems) Bill: supporting documents

Why linked: DSIT's supporting impact documents published alongside the Bill on 12 November 2025.

Supporting documents assessing the impact of the Cyber Security and Resilience (Network and Information Systems) Bill introduced to Parliament on 12 November 2025.

4 Aug 2025 | Guidance Department for Energy Security and Net Zero Department for Science, Innovation and Technology Information Commissioner's Office National Cyber Security Centre Ofgem Regulatory Policy Committee evidence

Cyber Assessment Framework (CAF) – NCSC Guidance Collection

Why linked: Filled the "Sector-specific cyber resilience guidance (energy, water, transport, health, finance)" gap via web research

The NCSC's primary sector-specific cyber resilience guidance framework, explicitly designed for organisations operating essential services in energy, healthcare, transport, digital infrastructure and government. It provides sector-specific profiles (Basic and Enhanced) and is directly cited in the Cyber Security and Resilience …

9 Apr 2025 | Policy paper Department for Science, Innovation and Technology linked direct

policy statement

Why linked: April 2025 DSIT policy statement directly preceding the Bill, naming the legislative measures that became the CSR Bill.

This statement details the confirmed and proposed measures in the Cyber Security and Resilience Bill, which will be laid before Parliament later this year.

2024

1 event
26 Mar 2024 | Guidance Department for Transport linked direct

Enforcement management model: transport sector

Why linked: Enforcement management model for transport sector under NIS Regulations 2018; sector-specific guidance on resilience duties and enforcement that informs the Bill's approach to critical infrastructure operators

Helps operators of essential services understand the enforcement options under the Network and Information Systems Regulations (2018) and how DfT will apply these within the transport sector.

2023

4 events
19 Dec 2023 | Policy paper Department for Science, Innovation and Technology linked direct

Department for Science, Innovation and Technology: framework documents

Why linked: Cited by workspace synthesis

Framework documents setting out the relationship between departments and their public bodies.

14 Dec 2023 | Consultation (closed) Department for Science, Innovation and Technology Context · primary home: Cyber Security And Resilience… linked evidence

Protecting and enhancing the security and resilience of UK data infrastructure

Why linked: Filled the "Government consultation responses on NIS2 transposition" gap via web research

We're seeking views on a proposed regulation to improve the security and resilience of data infrastructure, including data centres.

19 Oct 2023 | Guidance Department for Business, Energy & Industrial Strategy Department for Energy Security and Net Zero Context · primary home: Cyber Security Incentives and… linked evidence

Implementation of the Network and Information Systems Regulations 2018 for the energy sector in Great Britain

Why linked: Filled the "Sector-specific guidance on NIS2 compliance issued by competent authorities" gap via web research

High level policy principles for compliance with the Network and Information Systems (NIS) Regulations 2018, for operators in energy sector.

1 Sep 2023 | Guidance Department for Science, Innovation and Technology evidence

DESNZ Policy Guidance for the Implementation of the Network and Information Systems Regulations (September 2023)

Why linked: Filled the "Sector-specific guidance on NIS2 compliance issued by competent authorities" gap via web research

Statutory policy guidance issued by the Department for Energy Security and Net Zero (DESNZ) as competent authority for the energy sector in Great Britain, setting out NIS compliance obligations for operators of essential services including security duties, incident reporting thresholds, …

2022

3 events
30 Nov 2022 | Consultation outcome Department for Science, Innovation and Technology evidence

Government response to the call for views on proposals to improve the UK's cyber resilience

Why linked: Filled the "Government consultation responses on NIS2 transposition" gap via web research

The formal government response to the January–April 2022 public consultation on proposals to amend the NIS Regulations 2018 — the UK's primary legislative vehicle for NIS2-equivalent transposition. It summarises 304 survey responses, confirms the government will proceed with all major …

9 Aug 2022 | Consultation outcome Department for Business, Energy & Industrial Strategy linked direct

Implementation of the Network and Information Systems Regulations in the energy sector: amendments to guidance

Why linked: 2022 consultation outcome on amendments to NIS guidance for the energy sector — implementation-layer consultation in the same regime.

We're seeking views on proposed updates to guidance for operators in the energy sector on compliance with the Network and Information Systems Regulations 2018.

27 Jul 2022 | Policy paper Department for Digital, Culture, Media & Sport Department for Science, Innovation and Technology linked direct

Second Post-Implementation Review of the Network and Information Systems Regulations 2018

Why linked: Second Post-Implementation Review of the NIS Regulations 2018 (July 2022) — direct evidence base for the CSR Bill.

This review assesses the effectiveness of the NIS Regulations, which were introduced in 2018 to improve the security & resilience of essential & digital services.

2021

1 event

2020

6 events
10 Nov 2020 | Statutory Instrument linked direct

The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020

Why linked: NIS (Amendment and Transitional Provision etc.) Regulations 2020 (SI 2020/1245) — predecessor amending SI to the NIS regime.

The Network and Information Systems Regulations 2018 (S.I. 2018/506) (“the 2018 Regulations”), as amended by the Network and Information Systems (Amendment) Regulations 2018 (S.I. 2018/629), implement Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for …

9 Nov 2020 | Policy paper Department for Digital, Culture, Media & Sport Department for Science, Innovation and Technology linked direct

Call for views on proposed amendments to the Network and Information Systems Regulations

Why linked: Call for views on proposed amendments to the NIS Regulations (November 2020), part of the precursor consultation chain.

The government wants to improve the Network and Information Systems (NIS) Regulations and is seeking feedback from industry on the proposed changes.

27 Aug 2020 | Policy paper Department for Digital, Culture, Media & Sport Department for Science, Innovation and Technology Context · primary home: Cyber Security Incentives and… linked evidence

Cyber security incentives & regulation review: government response to the call for evidence

Why linked: Filled the "Government Response to cyber security consultations and call for evidence" gap via web research

A summary of evidence received by the government as part of the Review of Cyber Security Incentives & Regulation, plus associated research publications.

2019

1 event
12 Mar 2019 | Consultation outcome Department for Digital, Culture, Media & Sport linked direct

NIS Regulations: Targeted Consultation on Digital Service Providers

Why linked: NIS Regulations: Targeted Consultation on Digital Service Providers (2019); consultation outcome on implementation of NIS Directive for digital service providers, which remains in scope for the updated Bill

The Government held a targeted consultation on the implementation of the NIS Directive and its associated Implementing Act for digital service providers.

2018

1 event
31 Aug 2018 | Consultation outcome Department for Digital, Culture, Media & Sport linked direct

NIS Regulations: Public Consultation on the NIS Directive

Why linked: NIS Regulations: Public Consultation on the NIS Directive (2018); consultation outcome on NIS Directive implementation, establishing the baseline regime being modernised by the Bill

The Government held a public consultation on its proposals to implement the Directive on the security of Network and Information Systems (NIS Directive).

2017

1 event