Legislative Changes

What's Changing Under CSRB?

The Cyber Security and Resilience Bill represents the most significant overhaul of UK cyber legislation in over a decade. It builds on the existing NIS Regulations (2018) but introduces a dramatically expanded scope, tougher requirements, and stronger enforcement mechanisms.

Get Compliance SupportGet Support

Need Help Navigating These Changes?

Our cybersecurity compliance experts can help you understand how these changes impact your organisation and develop a roadmap for compliance.

Book a Compliance ConsultationBook Consultation Take the Readiness AssessmentTake Assessment

What's Changing Under CSRB?

Expanded Scope of Regulation

Mandatory Incident Reporting (New Timelines)

Required Alignment with the Cyber Assessment Framework (CAF)

Supply Chain Security & Critical Supplier Designation

On-Site Inspections & Enforcement Powers

Delegated Powers & Rapid Legal Change

Transparency & Customer Notification Duties

Regulator Cost Recovery Models

Need Help Navigating These Changes?

What's Changing Under CSRB?

Expanded Scope of RegulationThe definition of 'essential' and 'digital' services has been widened significantly.

Expanded Scope of Regulation

Mandatory Incident Reporting (New Timelines)New rules require reporting of any major security incident with strict timelines.

Mandatory Incident Reporting (New Timelines)

Required Alignment with the Cyber Assessment Framework (CAF)The NCSC's Cyber Assessment Framework becomes the mandatory national standard.

Required Alignment with the Cyber Assessment Framework (CAF)

Supply Chain Security & Critical Supplier DesignationCSRB introduces legal duties to secure your digital supply chain.

Supply Chain Security & Critical Supplier Designation

On-Site Inspections & Enforcement PowersRegulators now have stronger powers to conduct inspections and enforce compliance.

On-Site Inspections & Enforcement Powers

Delegated Powers & Rapid Legal ChangeThe Secretary of State can update obligations via secondary legislation quickly.

Delegated Powers & Rapid Legal Change

Transparency & Customer Notification DutiesNew requirements to notify affected customers directly about significant incidents.

Transparency & Customer Notification Duties

Regulator Cost Recovery ModelsRegulators can now charge fees for compliance monitoring and enforcement.

Regulator Cost Recovery Models

Need Help Navigating These Changes?