Cyber Security and Resilience (Network and Information Systems) Bill
Debate between Ian Murray and Dave RobertsonTuesday 6th January 2026
(2 days, 14 hours ago)
Commons ChamberRead Full debate Cyber Security and Resilience (Network and Information Systems) Bill 2024-26 View all Cyber Security and Resilience (Network and Information Systems) Bill 2024-26 Debates Read Hansard Text Read Debate Ministerial Extracts
Ian Murray
The hon. Gentleman is ingenious in the way in which he uses interventions on pieces of legislation. I know AI copyright is close to his heart as a former, or perhaps current, professional musician and, indeed, one of the key musicians in MP4—let’s not push that to a Division! AI copyright is, of course, a key issue that the Government are looking at. The Secretary of State for Science, Innovation and Technology and the Secretary of State for Culture, Media and Sport are working closely together on this issue. I think the legislation means that there has to be a report to Parliament in March—I am sure the hon. Gentleman will be very interested in that. We are bringing together the industry and tech companies to try to find a way through that particular issue. We know that it is a huge issue. It is not in the scope of this Bill, which has been kept very tight to deal with these specific and serious cyber-security issues.
As we know, the first duty of Government is to keep people safe. The question is how precisely the Bill will achieve that goal. The answer is simple. The UK’s main cyber-rules—the Network and Information Systems Regulations 2018, or the NIS regime—were first introduced seven years ago and have not been updated since. Those rules require operators of essential services such as energy, water and hospitals, as well as some digital service providers such as online search engines, to take steps to protect the services they provide and the data they hold from cyber-threats.
As Members might expect, a lot has changed in the cyber-landscape in the past eight years. We have had the rise of AI, which cyber-criminals are using to their advantage. Data centres have become a firm fixture of modern life, and we want to see more of them. Since the rules were introduced, criminals tactics have evolved to exploit loopholes in the regulations, as they did in the attack on the NHS supplier that I mentioned, which revealed how hackers can target third parties, such as IT companies, or supply chains as a back-door way to bringing down a wider system. As always, the story is one of technology and cyber-threats moving faster than policymakers can possibly keep up with.
Dave Robertson (Lichfield) (Lab)
My right hon. Friend is right to mention the impact on supply chains. In the west midlands, we recently had the cyber-attack on Jaguar Land Rover. That had a significant impact not just on that company, but on the supply chain, which has its roots right through the west midlands. That essential part of our economy was brought to a grinding halt by a cyber-attack. Will he confirm that this Bill will help prevent such instances from happening in the future?