Cyber Security and Resilience (Network and Information Systems) Bill (First sitting)

Debate between Freddie van Mierlo and Lincoln Jopp
Committee stage
Tuesday 3rd February 2026

(3 days, 12 hours ago)

Public Bill Committees
Share Debate
Read Full debate Cyber Security and Resilience (Network and Information Systems) Bill 2024-26 View all Cyber Security and Resilience (Network and Information Systems) Bill 2024-26 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 3 February 2026 - (3 Feb 2026)
Freddie van Mierlo Portrait Freddie van Mierlo
- Hansard -
-

Q I have two questions: one to Jill and one to Dr Mehta. First, what is your view, Jill, on the relative strength of this legislation, compared to what is coming forward in the EU? Do you think that the fact that we are not following the EU will make it harder for your members to interact and trade with individuals and companies in Europe?

Secondly, Dr Mehta, you spoke earlier about what is not in scope in this legislation. I am particularly interested in the fact that local government is not included in it, because it has a critical role in electoral services and in local and national democracy. What do you think are the threats from leaving local government out of scope?

Jill Broom: I think that generally, our members would always call for alignment, where possible, in any kind of legislation that spans the geographies. But we understand that the Bill focuses on a particular sector—the critical national infrastructure in the UK—and we welcome the intent of it.

Dr Sanjana Mehta: On sectoral scope, with the way that the Bill is currently drafted, there is obviously flexibility to introduce new sectors, and to bring in more provisions and guidance through secondary legislation and additional guidance. That being said, our recommendation is certainly to expand the sectoral scope at this stage by bringing in public administration.

There are a number of key reasons for that. First, public administration needs to be role model of good cyber-security to the rest of the economy. I think it was the 2025 state of digital government review that pointed out that the risk of cyber-attacks on Government is critical. You mentioned local government, but there are also central Government Departments that hold and process vast amounts of personal and sensitive information; I think, for example, DWP administered £288 billion of benefits over the past year. More than 23 million people claimed some sort of benefits from DWP and, in responding to those claims, DWP must have processed huge amounts of very sensitive medical and financial information on individuals. We think it is an omission to leave it out, and we recommend that the Government consider bringing it into scope.

Lincoln Jopp Portrait Lincoln Jopp (Spelthorne) (Con)
- Hansard -
- - Excerpts

Q On the question of closer alignment, can you give us a sense from the international picture of whether certain regulatory regimes raise the barrier to terrorists or criminals so high that they are left alone? Is that a national thing or a company-based thing? Where are the flow lines of attack and threat? Is it on a national or a corporate basis?

Stuart McKean: I do not think the cyber-criminal really cares, to be blunt. They will attack anywhere. You can, of course—

Return to start of debate - Return to top of page