Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what steps his Department is taking to ensure that the public sector is adequately protected under the forthcoming Cyber Security and Resilience Bill, and whether he plans to extend regulatory requirements to public sector organisations.

The forthcoming Cyber Security and Resilience Bill will strengthen the UK’s existing cyber regulatory framework (the Network and Information Systems (NIS) Regulations 2018) by protecting more digital and essential services, putting regulators on a stronger footing, and increasing reporting requirements.

The NIS Regulations covers five sectors (transport, energy, drinking water, health, digital infrastructure) and some digital services (online marketplaces, online search engines, cloud computing services). Where a public body delivers these services, such as NHS Trusts, they are in scope of the NIS Regulations.

The Bill will include powers that will enable more services and sectors to be brought into scope of regulation in the future, where this is considered necessary to address emerging risks.