Editorial

Government unveils new digital, data and cybersecurity legislation in King’s Speech

The UK Government is introducing new digital verification, data and cybersecurity legislation in the Cyber Security and Resilience Bill and the Digital Information and Smart Data Bill.

Posted 18 July 2024 by Christine Horton


Prime Minister Keir Starmer has laid out plans to introduce legislation for cybersecurity, digital and data as part of the King’s Speech at the State Opening of Parliament.

The new legislative programme includes two specific pieces of legislation focusing on the technology sector: the Cyber Security and Resilience Bill and the Digital Information and Smart Data Bill.

The Digital Information and Smart Data Bill comes after the Data Protection and Digital Information Bill was dropped during the last wash up period. Tech leaders were disappointed at the loss of key proposals to support Digital Verification, and urged the new Government to recommit to moving forward with digital verification in the UK.

The new legislation will include establish digital verification services including digital identity products to help people quickly and securely identify themselves when they use online services.

In response, Susan Morrow, head of R&D Avoco Identity and Think Digital Partners’ digital identity advisor, said: “I hope the government provides routes in for the smaller but more innovative companies, not just turn to the usual large tech suspects. Otherwise we will continue to fail at digital identity for mass demographics.”

The Bill will also make changes to the Digital Economy Act, helping the Government to share data about businesses that use public services and will apply information standards to IT suppliers in the health and social care system.

Cyber Security and Resilience Bill

In addition, the new government plans to implement laws to protect the NHS, the MoD, and other public services from cyberattacks by both state and non-state actors. Last month a ransomware attack triggered a critical incident and halted operations continues to disrupt patient care across major London NHS hospitals.

“Currently in the UK there are the Network and Information Systems regulations (NIS) which were inherited from the EU. As the EU has updated this legislation the UK has fallen behind its counterparts, and there have been calls from across the technology sector for the UK to keep pace with other nations to protect against vulnerabilities. This Bill will strengthen the UK’s cyber defences to protect critical infrastructure and digital services and ensure they are secure,” noted TechUK in a statement.

The Bill will give greater power to regulators to push more firms to implement better cybersecurity defences. It will expand the remit of existing regulation and put regulators on a stronger footing, as well as increasing the reporting requirements placed on businesses to help build a better picture of cyber threats to the UK.

The cyber industry has welcomed the Bill’s introduction. Al Lakhani, CEO of IDEE, said: “It looks like the UK government has finally woken up to the massive threat that cybercriminals pose to our public infrastructure. After an election campaign that ignored one of the biggest threats to national security, the new legislation requiring private companies in public sector supply chains to beef up their cybersecurity could be a real game-changer. I can sleep a little easier tonight knowing someone in charge is finally taking action.

“However, let’s not start celebrating just yet. This move, while necessary, doesn’t fully protect the UK’s defences, and it would be foolish to think we’ve suddenly addressed all the vulnerabilities that will remain as the bill is implemented. It might be hard to believe, but this is the first time cybersecurity legislation has been updated in six years – imagine how far behind we’ve fallen compared to the rapidly evolving capabilities of hostile actors in that time.

“We can and must go further, and additional legislation and resources will be needed to tackle the ongoing risks facing the UK’s long-neglected digital infrastructure.”

The King’s Speech did not include an AI bill, which had been expected, but outlined how the government would “seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models”.

Event Logo

If you are interested in this article, why not register to attend our Think Digital Identity and Cybersecurity for Government conference, where digital leaders tackle the most pressing issues facing government today.


Register Now