U.K. Cyber Security and Resilience bill set to regulate critical infrastructure suppliers
By 
Ruth Prickett2025-11-25T21:55:00
Suppliers to U.K. critical infrastructure organizations are to be regulated to ensure they are adequately protected from cyberattacks. The Cyber Security and Resilience Bill, introduced to Parliament on November 12, also increases penalties for digital breaches in critical infrastructure organisations and extends the powers of regulators to designate which suppliers should be deemed “critical.”
The bill could bring a host of medium and large suppliers under regulators for the first time. Affected organizations will include IT management firms and IT helpdesk support providers who work with health service trusts, water companies, transport and energy firms. Those providing, for example, chemicals to water treatment plants or diagnostic test support to hospitals are also likely to be regulated, along with data centers.
Companies identified as critical will need to meet minimum cybersecurity requirements and report cyber breaches promptly to the government, the National Cyber Security Centre and to customers. They will also have to demonstrate that they have “robust” plans to deal with the consequences of a breach.
Related articles
-
ArticleRapid regulatory change requires investment in compliance processes in financial services firms
Geopolitical instability and a general focus on increasing growth and productivity by governments worldwide are causing a slew of regulatory changes in the financial services sector. But most firms are failing to identify potential compliance changes early enough to make meaningful decisions.
-
ArticleFrench court calls out alleged deceptive net zero claims by TotalEnergies
Regulators in Europe are focused on punishing energy firms that make deceptive claims on net zero targets, as TotalEnergies recently discovered.
-
ArticleCompliance should protect firms from AI-washing investigations and insurance claims
Insurance firms are warning that AI-washing could trigger a slew of cases against directors, and are adjusting their directors’ and officers’ liability premiums accordingly. With regulators cracking down on AI-washing, compliance could be a crucial line of defense and save companies on their insurance costs.
More from Regulatory Policy
-
ArticleFCC rolls back Biden-era cybersecurity requirements for telecoms
Telecommunication companies are now on the honor system to protect their networks from cyber attacks, following a Federal Communications Commission (FCC) vote that removed requirements that they harden their networks.
-
ArticleU.K. outlines AI sandbox plan as regulators weigh compliance risks
The U.K. has set out a new blueprint for AI regulation, which aims to slash bureaucracy and ramp up the safe adoption of new and emerging technology to unlock potential and boost investment.
-
ArticleCalifornia may create whistleblower program to root out privacy law violations
A California privacy agency plans to seek a whistleblower law, to encourage corporate employees and others to step forward with complaints about egregious privacy violations at their workplaces.