Summary
The UK government is rolling out the Cyber Security and Resilience Bill (CSRB), aimed at bolstering cyber resilience in sectors deemed vital for the economy. The bill, previewed on 1 April, signals a significant update to the existing Network and Information Systems (NIS) Regulations from 2018, expanding its reach and adding more specific obligations for UK businesses, particularly in relation to compliance with the EU’s NIS 2 regulations.
The CSRB is designed to enhance the UK’s cyber laws, bringing in new entities like managed service providers (MSPs) and data centres under its purview. This includes a focus on ensuring that businesses manage supply chain cyber risks, a reflection of the interconnected nature of digital services today.
Key Points
- The CSRB updates the existing NIS Regulations and increases the number of businesses under its jurisdiction.
- Managed service providers (MSPs) and data centres are now included in the scope of the law.
- UK organisations are encouraged to align their compliance measures with the EU’s NIS 2 where applicable.
- The distinction between Operators of Essential Services (OES) and Digital Service Providers (RDS) will likely be retained, contrary to NIS 2.
- Compliance will include handling supply chain risks more robustly, recognising that disruptions can have wide-reaching effects.
Why should I read this?
If you’re running a business in the UK, especially in critical sectors, you need to keep your finger on the pulse of the upcoming CSRB. It’s not just a regulatory update; it’s a game-changer that could drastically affect how you manage cybersecurity. We’ve done the legwork for you, so now you can glean insights without wading through pages of legal jargon!