Policy Threads

2026

5 events

6 Mar 2026 | Policy paper Department for Science, Innovation and Technology linked direct

factsheets

Why linked: DSIT-published factsheets on the CSR Bill, the practitioner-facing companion to the Bill.

Factsheets relating to the Cyber Security and Resilience (Network and Information Systems) Bill introduced to Parliament on 12 November 2025.

▤ View document · ↗ GOV.UK · ↓ Summary of the Bill

+13 more

↓ Data centres ↓ Relevant managed service providers ↓ Relevant digital service providers ↓ Large load controllers ↓ Designating critical suppliers ↓ Incident reporting ↓ Statement of strategic priorities ↓ Information sharing ↓ Cost recovery ↓ Enforcement ↓ Futureproofing ↓ Power to direct regulated entities ↓ Power to direct regulators

3 Feb 2026 | Committee stage Department for Science, Innovation and Technology linked

A Bill to Make provision, including provision amending the Network and Information Systems Regulations 2018, about the security and resilience of network and information systems used or relied on in c

▤ View Bill · ↗ Parliament

14 Jan 2026 | Guidance Department for Science, Innovation and Technology evidence

NIS Guidance for Downstream Gas and Electricity Operators of Essential Services in GB (v3.0)

Why linked: Filled the "Sector-specific guidance on NIS2 compliance issued by competent authorities" gap via web research

Sector-specific NIS compliance guidance issued by Ofgem (as joint competent authority with DESNZ) for downstream gas and electricity operators of essential services in Great Britain, updated January 2026 to reflect the evolving NIS/NIS2-aligned regulatory framework. Fulfils Ofgem's statutory duty under …

▤ View document · ↗ GOV.UK

6 Jan 2026 | Bill stage Department for Science, Innovation and Technology linked

Cyber Security and Resilience (Network and Information Systems) Bill

Second Reading [Relevant document: Eleventh Report of the Business and Trade Committee, Toward a new doctrine for economic security, HC 835 .] 12:51:00 The Minister for Digital Government and Data (Ian Murray): I beg to move, That the Bill be …

▤ View Bill · ↗ Parliament

6 Jan 2026 | Second reading Department for Science, Innovation and Technology linked

Second reading

A Bill to Make provision, including provision amending the Network and Information Systems Regulations 2018, about the security and resilience of network and information systems used or relied on in c

▤ View Bill · ↗ Parliament

2025

5 events

12 Nov 2025 | Impact assessment Department for Science, Innovation and Technology linked direct

supporting documents

Why linked: DSIT's supporting impact documents published alongside the Bill on 12 November 2025.

Supporting documents assessing the impact of the Cyber Security and Resilience (Network and Information Systems) Bill introduced to Parliament on 12 November 2025.

▤ View document · ↗ GOV.UK · ↓ Cyber Security and Resilience (Network and Info… (137pp)

12 Nov 2025 | Bill introduced Department for Science, Innovation and Technology linked

First reading

A Bill to Make provision, including provision amending the Network and Information Systems Regulations 2018, about the security and resilience of network and information systems used or relied on in c

▤ View Bill · ↗ Parliament

12 Nov 2025 | Impact assessment Department for Science, Innovation and Technology Context · primary home: Cyber Security Incentives and… linked

Impact Assessment from the Department for Science, Innovation and Technology

▤ View document · ↗ GOV.UK · ↓ Impact Assessment from the Department for Scien…

12 Nov 2025 | Bill Department for Science, Innovation and Technology linked

Bill 329 2024-26 (as introduced)

▤ View document · ↗ GOV.UK · ↓ Bill 329 2024-26 (as introduced)

9 Apr 2025 | Policy paper Department for Science, Innovation and Technology linked direct

Cyber Security and Resilience Bill: policy statement

Why linked: April 2025 DSIT policy statement directly preceding the Bill, naming the legislative measures that became the CSR Bill.

This statement details the confirmed and proposed measures in the Cyber Security and Resilience Bill, which will be laid before Parliament later this year.

▤ View document · ↗ GOV.UK · ↓ Cyber security and resilience policy statement

+4 more

↓ Cyber security and resilience policy statement (33pp) ↓ Cyber security and resilience policy statement (web-optimis… (33pp) ↓ Cyber security and resilience policy statement (large print… (73pp) ↓ Datganiad Polisi Seiberddiogelwch a Chadernid (Welsh versio…

2023

4 events

19 Dec 2023 | Policy paper Department for Science, Innovation and Technology linked direct

Department for Science, Innovation and Technology: framework documents

Why linked: Cited by workspace synthesis

Framework documents setting out the relationship between departments and their public bodies.

▤ View document · ↗ GOV.UK · ↓ Intellectual Property Office (including Copyrig…

+6 more

↓ Met Office ↓ National Physical Laboratory ↓ Ordnance Survey ↓ UK Research and Innovation ↓ UK Shared Business Services ↓ UK Space Agency

14 Dec 2023 | Consultation (closed) Department for Science, Innovation and Technology Context · primary home: Cyber Security And Resilience… linked evidence

Protecting and enhancing the security and resilience of UK data infrastructure

Why linked: Filled the "Government consultation responses on NIS2 transposition" gap via web research

We're seeking views on a proposed regulation to improve the security and resilience of data infrastructure, including data centres.

▤ View document · ↗ GOV.UK · ↓ Protecting and enhancing the security and resil… (87pp)

19 Oct 2023 | Guidance Department for Business, Energy & Industrial Strategy Department for Energy Security and Net Zero Context · primary home: Cyber Security Incentives and… linked evidence

Implementation of the Network and Information Systems Regulations 2018 for the energy sector in Great Britain

Why linked: Filled the "Sector-specific guidance on NIS2 compliance issued by competent authorities" gap via web research

High level policy principles for compliance with the Network and Information Systems (NIS) Regulations 2018, for operators in energy sector.

▤ View document · ↗ GOV.UK · ↓ Policy guidance for the implementation of the N… (56pp)

1 Sep 2023 | Guidance Department for Science, Innovation and Technology evidence

DESNZ Policy Guidance for the Implementation of the Network and Information Systems Regulations (September 2023)

Why linked: Filled the "Sector-specific guidance on NIS2 compliance issued by competent authorities" gap via web research

Statutory policy guidance issued by the Department for Energy Security and Net Zero (DESNZ) as competent authority for the energy sector in Great Britain, setting out NIS compliance obligations for operators of essential services including security duties, incident reporting thresholds, …

▤ View document · ↗ GOV.UK

2022

3 events

30 Nov 2022 | Consultation outcome Department for Science, Innovation and Technology evidence

Government response to the call for views on proposals to improve the UK's cyber resilience

Why linked: Filled the "Government consultation responses on NIS2 transposition" gap via web research

The formal government response to the January–April 2022 public consultation on proposals to amend the NIS Regulations 2018 — the UK's primary legislative vehicle for NIS2-equivalent transposition. It summarises 304 survey responses, confirms the government will proceed with all major …

▤ View document · ↗ GOV.UK

9 Aug 2022 | Consultation outcome Department for Business, Energy & Industrial Strategy linked direct

Implementation of the Network and Information Systems Regulations in the energy sector: amendments to guidance

Why linked: 2022 consultation outcome on amendments to NIS guidance for the energy sector — implementation-layer consultation in the same regime.

We're seeking views on proposed updates to guidance for operators in the energy sector on compliance with the Network and Information Systems Regulations 2018.

▤ View document · ↗ GOV.UK · ↓ Consultation on the BEIS policy guidance for th… (18pp)

+2 more

↓ Policy guidance for the Implementation of the Network and I… (61pp) ↓ Implementation of the Network and Information Systems Regul… (13pp)

27 Jul 2022 | Policy paper Department for Digital, Culture, Media & Sport Department for Science, Innovation and Technology linked direct

Second Post-Implementation Review of the Network and Information Systems Regulations 2018

Why linked: Second Post-Implementation Review of the NIS Regulations 2018 (July 2022) — direct evidence base for the CSR Bill.

This review assesses the effectiveness of the NIS Regulations, which were introduced in 2018 to improve the security & resilience of essential & digital services.

▤ View document · ↗ GOV.UK · ↓ Second Post-Implementation Review of the Networ…

+1 more

↓ Second Post Implementation Review of the Network and Inform… (117pp)

2021

1 event

20 Dec 2021 | Statutory Instrument linked direct

The Network and Information Systems (EU Exit) (Amendment) Regulations 2021

Why linked: Cited by workspace synthesis

These Regulations are made in exercise of the powers conferred by section 8(1) and (5) of, and paragraph 21 of Schedule 7 to, the European Union (Withdrawal) Act 2018 (c. 16) in order to address failures of retained EU law …

▤ View document · ↗ GOV.UK

2020

5 events

24 Nov 2020 | Policy paper Cabinet Office National Security and Intelligence linked direct

National Cyber Security Strategy 2016 to 2021: progress so far

Why linked: Matched expansion phrase: National Cyber Security Strategy

The National Cyber Security Strategy 2016 to 2021 and progress so far against its strategic outcomes.

▤ View document · ↗ GOV.UK · ↓ National Cyber Security Strategy Progress Report (40pp)

10 Nov 2020 | Statutory Instrument linked direct

The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020

Why linked: NIS (Amendment and Transitional Provision etc.) Regulations 2020 (SI 2020/1245) — predecessor amending SI to the NIS regime.

The Network and Information Systems Regulations 2018 (S.I. 2018/506) (“the 2018 Regulations”), as amended by the Network and Information Systems (Amendment) Regulations 2018 (S.I. 2018/629), implement Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for …

▤ View document · ↗ GOV.UK

9 Nov 2020 | Consultation (open) Department for Digital, Culture, Media & Sport Department for Science, Innovation and Technology linked direct

Call for views on amending the NIS regulations 2018

Why linked: Companion announcement on the 2020 call for views on amending the NIS Regulations 2018.

Call for views on amending the NIS regulations 2018.

In response to: Call for views on proposed amendments to the Network and Information Systems Regulations

▤ View document · ↗ GOV.UK

9 Nov 2020 | Policy paper Department for Digital, Culture, Media & Sport Department for Science, Innovation and Technology linked direct

Call for views on proposed amendments to the Network and Information Systems Regulations

Why linked: Call for views on proposed amendments to the NIS Regulations (November 2020), part of the precursor consultation chain.

The government wants to improve the Network and Information Systems (NIS) Regulations and is seeking feedback from industry on the proposed changes.

▤ View document · ↗ GOV.UK · ↓ Government response to the call for views on pr…

+5 more

↓ Call for views on amending the NIS regulations 2018 ↓ Call for views on amending the NIS regulations 2018 (29pp) ↓ Draft amending regulations - Network and Information System… (14pp) ↓ Keeling schedule - Network and Information Systems Regulati… (50pp) ↓ Call for views questionnaire - NIS Regulations

29 May 2020 | Policy paper Department for Digital, Culture, Media & Sport Department for Science, Innovation and Technology linked direct

Review of the Network and Information Systems Regulations

Why linked: Cited by workspace synthesis

A review of the Network and Information Systems Regulations which came into force in May 2018.

▤ View document · ↗ GOV.UK · ↓ Review of the Network and Information Systems R… (90pp)

2017

1 event

11 Sep 2017 | Policy paper Cabinet Office HM Treasury National Security and Intelligence linked direct

National Cyber Security Strategy 2016 to 2021

Why linked: Matched expansion phrase: National Cyber Security Strategy

The National Cyber Security Strategy 2016 to 2021 sets out the government's plan to make Britain secure and resilient in cyberspace.

▤ View document · ↗ GOV.UK · ↓ National Cyber Security Strategy 2016 to 2021 (80pp)

+6 more

↓ National Cyber Security Strategy 2016 - 2021 (Arabic) (56pp) ↓ National Cyber Security Strategy 2016 - 2021 (Brazilian Por… (60pp) ↓ National Cyber Security Strategy 2016 - 2021 (Chinese) (54pp) ↓ National Cyber Security Strategy 2016 - 2021 (French) (68pp) ↓ National Cyber Security Strategy 2016 - 2021 (Russian) (70pp) ↓ National Cyber Security Strategy 2016 - 2021 (Spanish) (59pp)