Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, whether the Cyber Security and Resilience Bill will ensure that data centres are (a) secure and (b) resilient.

Our current cyber security laws – the NIS Regulations (2018) – are inherited from the EU and are the UK’s only cross-sector cyber security-specific legislation. The cyber threat has since evolved since 2018 due to AI and other technology and geopolitical trends. The laws therefore require an urgent update to ensure UK infrastructure and economy is not comparably more vulnerable. This is why we announced the Cyber Security and Resilience Bill, which will improve the UK’s cyber defences, strengthen our regulatory approach and protect more digital services and supply chains.

The government announced in September 2024 that data centres have been designated as critical national infrastructure, meaning the sector will benefit from greater government support in preparing for and managing critical incidents. Further details on the content of the Cyber Security and Resilience Bill will be published in due course.