The UK bill proposes amendments to the existing UK Network and Information Systems (NIS) Regulations that would bring the UK cybersecurity regime closer to the EU framework established under the NIS2 Directive. In particular, it would:
- expand the scope of regulated entities to include data centres, relevant managed IT service providers, large electrical load controllers and critical suppliers to secure the entire supply chain; and
- introduce stricter incident reporting requirements by, for example, widening the reporting criteria to include attacks, even if no impact has occurred yet but a significant one is likely to materialise.
However, the bill remains distinct from the NIS2 in several aspects, including by relying more on secondary legislation to set out detailed security requirements.
In addition, the bill would enable the UK government to update the cybersecurity framework, for example, by bringing more sectors into scope or introducing new security and resilience requirements.
The UK bill was introduced to parliament on 12 November 2025.
For more information and to read the full report, please click on “Access the full content” - or on “Request full report”, in case you are not subscribed to our European Digital Economy service.
more news
03 April 26
Spectrum policy and new consumer protection rules in the LATAM telecoms market
Cullen International’s latest LATAM Telecoms Update highlights policy developments over the past three months affecting the regulation of radio spectrum, wholesale networks and consumer protection in six markets in the region: Argentina, Brazil, Chile, Colombia, Mexico and Peru.
30 March 26
Transposition status of key EU environmental directives
Our latest benchmark contains summary information on the transposition status of six key EU environmental directives.
26 March 26
What are New Competition Tools and who wields them?
Our new benchmark surveys which European countries have introduced so-called new competition tools (NCTs), also known as market investigation powers. NCTs enable competition authorities to intervene in markets without establishing an infringement of antitrust rules.