The UK Parliament has opened the floor to cyber security professionals. A new call for evidence invites industry specialists to help shape the Cyber Security and Resilience (Network and Information Systems) Bill — a legislative overhaul that could redefine the UK’s cyber regulatory framework.
The House of Commons Public Bill Committee has formally launched a consultation process, asking organisations and experts to submit written evidence as the Bill progresses through Parliament. Submissions will inform line-by-line scrutiny and guide potential amendments to ensure that new obligations are both practical and proportionate.
The proposed legislation updates and broadens the scope of the existing Network and Information Systems (NIS) Regulations, reflecting the increasing scale and sophistication of cyber threats targeting the UK’s economy and critical national infrastructure.
Under the Bill, regulated entities could soon include managed service providers, data centres, critical suppliers, and large load controllers — extending oversight well beyond traditional network operators. It also proposes tougher incident reporting standards, expanded enforcement powers, and mechanisms for regulators to recover costs.
In addition, the Bill would strengthen information-sharing arrangements between regulators and establish clearer strategic priorities for UK cyber authorities — aiming to enhance national resilience while reducing systemic vulnerabilities across supply chains.
According to Parliament’s statement, the Committee is seeking contributions from practitioners, technology providers, researchers, and organisations that may be affected by the new regime. Early engagement is encouraged, as the Committee is expected to begin taking evidence from early February 2026, with scrutiny continuing into March.
Guidance on submitting written evidence is available on the UK Parliament website.
The initiative marks one of the most significant steps in updating the UK’s cyber governance framework since the original NIS Regulations came into effect in 2018. By inviting direct input from those working in the field, legislators aim to ensure that the new law reflects operational realities, supports effective incident response, and strengthens trust across digital supply chains.
For companies that fall within — or are likely to fall within — the Bill’s expanded scope, early preparation will be essential. The proposed changes could affect governance models, reporting procedures, and contractual obligations across supplier networks.
