Overview
- The government formally introduced the bill to Parliament to broaden the Network and Information Systems regime to more technology and managed service sectors.
- Coverage would extend to managed service providers, data centres, IT management, technical support and cybersecurity firms previously outside the NIS scope.
- Noncompliance would carry turnover-based fines alongside tighter incident reporting and response expectations set out in the proposal.
- The legislation empowers the technology secretary to direct regulators and organisations to take preventive steps when cyber threats pose national security risks.
- Provisions address AI misuse by targeting the creation of child sexual abuse material and allowing trusted groups, including AI developers and charities, to test models for vulnerabilities, with officials also citing EU alignment, state-sponsored threats from China, Iran and North Korea, and estimated harms of £190,000 per serious incident and £14.7bn annually.