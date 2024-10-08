The UK’s new government has teased further details of its proposed Cyber Security and Resilience Bill, confirming that it will contain a clause that mandates centralised incident reporting, including in the event cyber attacks that involve ransomware.

Keir Starmer’s incoming administration first brought forward the possibility of a mandatory reporting law in the King’s Speech in July 2024, and the bill’s two core objectives – to expand the remit of current regulation and paint a more accurate picture of the threat landscape – were warmly welcomed by experts at the time.

In the update, published on Wednesday 30 October to little fanfare, Westminster said that it planned to introduce the bill in 2025, and that a public consultation is in the planning stages.

It said recent events – such as ransomware attacks on NHS suppliers and hostile state actors caught lurking in Ministry of Defence networks – showed the impacts of cyber incidents could be severe, and that the UK’s laws had not kept pace with the rate of technological change, hence action to strengthen the country’s defences and protect critical national infrastructure (CNI) and digital services was a priority.

Additionally, it said, existing regulations reflect law inherited from Brussels following Brexit, and as these are now being rapidly superseded in the European Union (EU), change is even more urgently needed to ensure the UK does not mark itself out as a soft target in Europe, and to help British businesses remain on par with their competitors and peers across the Channel.