UK government outlines Cyber Security and Resilience Bill scope
01/04/2025 | UK Government
The Department for Science, Innovation and Technology (DSIT) has announced the scope of the Cyber Security and Resilience Bill (CSR), which is expected to be introduced into Parliament later this year.
New measures to be included in the CSR Bill are designed to protect public services and strengthen critical national infrastructure, providing the public, businesses and investors with greater confidence in digital services and thereby supporting the government's mission to kickstart economic growth. More than 1000 service providers will fall into the scope of measures expected to be introduced later this year, including companies that deliver vital services to the public sector. The government highlights that cyber threats cost the UK economy £22 billion a year between 2015-19, while the 2024 ransomware attack on pathology lab services provider Synnovis cost an estimated £32.7 million and caused massive disruption to the NHS.
In a statement, Peter Kyle, Secretary of State for Science, Innovation and Technology, said: "Attempts to disrupt our way of life and attack our digital economy are only gathering pace, and we will not stand by as these incidents hold our future prosperity hostage.
"The Cyber Security and Resilience Bill, will help make the UK's digital economy one of the most secure in the world - giving us the power to protect our services, our supply chains, and our citizens – the first and most important job of any government."
In a statement responding to the announcement, Platform Power Programme Manager James Baker at Open Rights Group said: "ORG welcomes legislation to protect and improve the UK's cyber security. But a key component of any cyber security strategy has to be the promotion of strong encryption for both the state and the public."
The statement also highlighted an opportunity for the UK to reduce its "dependence on large US corporations for vital government infrastructure. Other countries – such as France and the Netherlands – are already debating how to do this, through open source software for example. The UK is subject to the same risks so needs to assess our dependence in the same way."
In a related article, The Register reveals a scenario involving potential daily fines of £100,000 or 10% of turnover for each day that a breach continues.
Additional legal analysis by Pinsent Masons.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 3,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.