What to expect from the UKs Cyber Security and Resilience Bill and when Inside Privacy

pUpdates on Developments in Data Privacy and CybersecurityppThe UK Government has announced that it intends to introduce the Cyber Security and Resilience Bill the Bill to Parliament in 2025 Formally proposed as part of the Kings Speech in July this Bill is intended to strengthen the UKs crosssectoral cyber security legislation to better protect the UKs economy and infrastructure This Bill will update the existing NIS Regulations which derive from EU law Part of the UK Governments motivation seems to be to keep pace with updates to EU law in this area specifically relating to the NIS2 Directive that starts to apply this month see our blog post on this hereppA draft of the Bill has not yet been published but the Government has indicated that this new Bill will as compared to the existing NIS RegulationsppFurther detail about the Bill is limited but the previous Governments response to a consultation on amending the NIS Regulations suggested thatppIf the new Labour Government takes inspiration from the EUs NIS2 Directive it could for example expand the sectors within scope of the law even further ppThe Government has stated that it is working with key stakeholders to gather input and will in due course publish further communications on how stakeholders can provide their views on the Bills content Once introduced to Parliament we expect that the Government will look to pass the Bill through the legislative process as quickly as possible The Governments announcements on the Bill have emphasised its urgency in light of a number of recent highprofile cyberattacks on important UK institutions A swift passage could see the Bill becoming law in the first quarter of 2026 or even sooner depending on when it is introduced to ParliamentppMark Young is an experienced tech regulatory lawyer and a vicechair of Covingtons Data Privacy and Cybersecurity Practice Group He advises major global companies on their most challenging data privacy compliance matters and investigations Mark also leads on EMEA cybersecurity matters at theppMark Young is an experienced tech regulatory lawyer and a vicechair of Covingtons Data Privacy and Cybersecurity Practice Group He advises major global companies on their most challenging data privacy compliance matters and investigations Mark also leads on EMEA cybersecurity matters at the firm In these contexts he has worked closely with some of the worlds leading technology and life sciences companies and other multinationalsppMark has been recognized for several years in Chambers UK as a trusted adviser practical resultsoriented and an expert in the field fast thorough and responsive extremely pragmatic in advice on risk provides thoughtful strategic guidance and is a pleasure to work with and has great insight into the regulators According to the most recent edition 2024 Hes extremely technologically sophisticated and advises on true issues of first impression particularly in the field of AIppDrawing on over 15 years of experience Mark specializes inppPaul Maynard is special counsel in the technology regulatory group in the London office He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech cloud computing and onlineppPaul Maynard is special counsel in the technology regulatory group in the London office He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech cloud computing and online platforms He also advises clients on how to respond to law enforcement demands particularly where such demands are made across bordersppPaul advises emerging and established companies in various sectors including online retail software and education technology His practice covers advice on new legislative proposals for example on eprivacy and crossborder law enforcement access to data advice on existing but rapidlychanging rules such the GDPR and crossborder data transfer rules and on regulatory investigations in cases of alleged noncompliance including in relation to online advertising and cybersecurityppTomos Griffiths is an associate working across the technology regulatory and competition groups in LondonppTomos joined the firm as a trainee solicitor in 2021 qualifying in 2023 His practice covers technology regulation competition law and regulation that spans the two His recentppTomos Griffiths is an associate working across the technology regulatory and competition groups in LondonppTomos joined the firm as a trainee solicitor in 2021 qualifying in 2023 His practice covers technology regulation competition law and regulation that spans the two His recent experience includes advising clients on data protection compliance foreign direct investment screening and competition law litigationppAs a trainee solicitor Tomos also gained experience in capital markets and commercial litigation for clients in the technology and life sciences sectorsppppAttorney AdvertisingppRepeatedly ranked as having one of the best privacy practices in the world Covington combines exceptional substantive expertise with an unrivaled understanding of the IT industry and of ecommerce and digital media business models in particularp