Skip to content
The UK Parliament has formally invited cyber security professionals, organisations and subject-matter experts to contribute evidence to the Cyber Security and Resilience (Network and Information Systems) Bill, a major piece of legislation set to reshape the UK’s cyber regulatory landscape.
The House of Commons Public Bill Committee has launched a call for written evidence, giving industry specialists a direct opportunity to influence how the Bill is scrutinised and potentially amended as it moves through Parliament.
Strengthening the UK’s cyber resilience
The Bill is designed to update and expand the existing Network and Information Systems (NIS) Regulations, reflecting the growing scale, complexity and impact of cyber threats on the UK’s economy and critical national infrastructure.
Key objectives of the legislation include:
- Expanding the scope of regulated organisations to cover areas such as managed service providers, data centres, critical suppliers and large load controllers
- Strengthening incident reporting requirements and regulatory oversight
- Enhancing enforcement powers, including higher penalties and regulator cost-recovery mechanisms
- Improving information-sharing arrangements and setting clearer strategic priorities for cyber regulators
These changes are intended to better protect essential services and digital supply chains from disruption, espionage and cyber attack.
Call for evidence: An opportunity for industry input
The Public Bill Committee is explicitly seeking input from:
- Cyber security practitioners and specialists
- Technology and digital service providers
- Academics and researchers
- Organisations likely to be impacted by the Bill
- Industry bodies and professional associations
Written evidence submitted to the Committee will help inform line-by-line scrutiny of the Bill, ensuring that new obligations are practical, proportionate and effective in real-world environments.
This process gives cyber professionals a rare opportunity to shape legislation that will directly affect how cyber risk is managed, reported and regulated across the UK.
Timelines and submissions
The Committee is expected to begin taking evidence from early February 2026, with scrutiny continuing into March. Submissions can be made now, and early engagement is encouraged, as the Committee may stop accepting evidence once its consideration of the Bill is complete.
Guidance on submitting written evidence is available via the UK Parliament website.
Why this matters
As cyber threats continue to escalate, regulatory frameworks must evolve alongside technology and attacker capability. Engagement from cyber professionals is essential to ensure that legislation:
- Reflects operational realities
- Supports effective incident response and cyber resilience
- Avoids unnecessary regulatory burden
- Strengthens trust across critical supply chains
The Cyber Security and Resilience Bill represents one of the most significant updates to UK cyber regulation in recent years and industry voices will play a crucial role in shaping its final form.
Organisations that fall within (or may soon fall within) the scope of updated NIS regulations should act early to understand how these changes could affect their governance, incident reporting, risk management and supply chain obligations.
Have your say: Cyber Security and Resilience (Network and Information Systems) Bill: call for evidence – UK Parliament
How Zensec can help
Zensec’s cyber security specialists can help you:
- Understand upcoming regulatory expectations
- Prepare for enhanced cyber resilience and reporting requirements
- Navigate and respond to evolving cyber regulation with confidence
If you would like to discuss the implications of the Cyber Security and Resilience Bill, or need support preparing for regulatory change, contact the Zensec cyber security team today.
