Question to the Home Office:

To ask His Majesty's Government what plans they have to introduce legislation relating to cybersecurity practices and offences.

The Government keeps the UK’s cyber legislation under regular review to ensure that it can be used to tackle new and emerging threats. The UK’s regulatory framework for cyber resilience is a mixture of: sector-based regulation such the Network and Information Systems (NIS) Regulations 2018; thematic regulation such as the Data Protection Act 2018; and criminal legislation such as the Computer Misuse Act 1990.

The Government has undertaken several amendments to legislation to ensure it keeps pace with the evolving cyber threat, including updating the Computer Misuse Act in 2015 and updating the Network and Information Systems Regulations (2018) in 2020.

In 2022 the Government published proposals to make changes to the Network and Information Systems Regulations and these will be implemented as soon as Parliamentary time allows. The government has also carried out a review of the Computer Misuse Act and is currently considering whether to bring forward legislative proposals.