techUK gives evidence to the Cyber Security and Resilience Bill Committee

The evidence session formed part of the Committee’s scrutiny of the Cyber Security and Resilience (Network and Information Systems) Bill and brought together expert witnesses from across the cyber ecosystem, including several techUK members. 

In addition to the oral evidence session, techUK has also flagged our areas of concern around the Bill in our parliamentary briefing.

Key topics raised by techUK  

Proportionality of the Bill 

techUK highlighted concerns about how heavily the Bill relies on secondary legislation to define key aspects of proportionality, scope and regulatory expectations. At present, the lack of information creates ambiguity for industry so the primary legislation should look to provide safeguards/frameworks around decision-making on the criteria that will be set out in the secondary processes to ensure appropriate checks & balances are in place.

Definitions and scope 

Significant uncertainty remains around the definitions of Managed Service Providers and designated critical suppliers. For businesses to understand whether they fall in scope, the Bill must provide definitions that reflect the realities of today’s digital supply chains. techUK also emphasised the need for clarity on this point as it’s important industry understands the duties that are incumbent upon them should they need to comply.

The case for a Single Reporting Platform 

techUK reiterated long standing member concerns around the fragmented and resource intensive nature of incident reporting across regulators. The regulatory regime should be as easy as possible to interact with and during the evidence session techUK advocated for a single reporting platform/portal for incident reporting. This would reduce the burden on businesses, allow them to focus on dealing with the cyber incident at hand, and help increase understanding of the risk.

Ensuring open consultation on secondary legislation  

Given that so much operational detail will sit within secondary legislation, techUK urged government to commit to meaningful and ongoing industry consultation to ensure the Bill’s measures are practically implementable, fit for purpose and deliver the intended outcomes.

Additional topics explored by techUK members

Witnesses from across the cyber sector including techUK’s membership gave evidence to the Committee – notably Nine23, Cisco, NCC Group, Darktrace, Amazon Web Services (AWS), Palo Alto Networks and Fortinet. Which is a strong demonstration that industry is committed to supporting government in strengthening national security and protecting growth by boosting cyber protections for our critical national infrastructure.

International alignment and supply chain security

The Committee also explored how the UK’s approach compares with international frameworks, particularly the EU’s NIS2 Directive. Witnesses highlighted growing vulnerabilities across global supply chains and the increasing reliance on managed service providers in delivering essential digital infrastructure. They argued that the current size-based criteria in the Bill may be insufficient and encouraged a shift towards a risk and impact-based assessment model, especially amid rising state sponsored threats to critical infrastructure. Witnesses also emphasised the importance of securing board level investment in cyber resilience while ensuring that compliance requirements do not place disproportionate burdens on smaller firms within the supply chain. 

Emerging technologies and government’s own cyber security

The Committee heard evidence on the role of emerging technologies, including artificial intelligence, in both enabling cyber-attacks and strengthening defensive capabilities. Witnesses noted the need for clearer definitions, streamlined incident reporting processes and greater regulatory transparency to support effective implementation of the Bill. They also called for government to lead by example by addressing outdated legacy systems in critical public services and championing voluntary best practice frameworks. Witnesses stressed that modernising government systems would not only improve resilience but also help set a clear benchmark for industry.  

techUK would like to thank the Committee for inviting us to give evidence, and we stand ready to continue helping them with their scrutiny of the Bill.

Members are encouraged to submit evidence and amendments to the Committee until the enquiry closes on the Thursday 5 March.

Annie Collings

Senior Programme Manager, Cyber Resilience, techUK

Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023. 

In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.

Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.

Email:

[email protected]

Twitter:

anniecollings24

LinkedIn:

https://www.linkedin.com/in/annie-collings-270150158/

Read lessmore

Cyber Resilience Programme activities

techUK brings together key players across the cyber security sector to promote leading-edge UK capabilities, build networks and grow the sector. techUK members have the opportunity to network, share ideas and collaborate, enabling the industry as a whole to address common challenges and opportunities together. Visit the programme page here.

LASR x techUK AI security market insight event

This market insight event will focus on the security challenges emerging from the use of AI, examining how risks are being understood and addressed across industry and government. The session will offer expert perspectives on policy, assurance and implementation, creating space to exchange learning and consider practical steps to support secure and trusted use of AI technologies.

Book now

Government seeks views on opportunities and challenges in secure AI infrastructure

The government has launched a call for views on opportunities and challenges in secure AI infrastructure, covering themes such as resilience, capability and investment. The piece outlines why secure infrastructure matters for organisations developing or deploying AI, and how industry input can help shape future policy direction.

Share your views

Government sets out refreshed plans to strengthen public sector cyber security

This insight examines the government’s refreshed plans to strengthen public sector cyber security, outlining key priorities, policy direction and implications for organisations working with the public sector. It highlights what the changes could mean in practice and supports informed consideration of how industry can engage, adapt and contribute to improving cyber resilience across government.

Read now

 

Upcoming events

10 February 2026

techUK/DSIT SME roundtable: international cyber regulatory cooperation

Online Roundtable

19 February 2026

techUK/DSIT member workshop on the global standard for AI cyber security

London and online Workshop

23 February 2026

LASR x techUK AI security market insight event

London Industry Briefing

Latest news and insights 

09 Feb 2026

techUK gives evidence to the Cyber Security and Resilience Bill Committee

02 Feb 2026

The Growing Cyber Risk in Interconnected Supply Chains

29 Jan 2026

Government seeks views on opportunities and challenges in secure AI infrastructure

Learn more and get involved

 

Cyber Resilience updates

Sign-up to get the latest updates and opportunities from our Cyber Resilience programme.

 

 

Here are the five reasons to join the Cyber Resilience programme

Download

Join techUK groups

techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.

Learn more

 

Become a techUK member

Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.

Learn more

 Meet the team 

Jill Broom

Head of Cyber Resilience, techUK

Jill leads the techUK Cyber Resilience programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.

Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.

Email:

[email protected]

Website:

www.techuk.org/

LinkedIn:

https://www.linkedin.com/in/jill-broom-19aa824

Read lessmore

Annie Collings

Senior Programme Manager, Cyber Resilience, techUK

Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023. 

In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.

Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.

Email:

[email protected]

Twitter:

anniecollings24

LinkedIn:

https://www.linkedin.com/in/annie-collings-270150158/

Read lessmore

Olivia Staples

Junior Programme Manager - Cyber Resilience, techUK

Olivia Staples joined techUK in May 2025 as a Junior Programme Manager in the Cyber Resilience team.

She supports the programs mission to promote cyber resilience by engaging key commercial and government stakeholders to shape the cyber resilience policy towards increased security and industry growth. Olivia assists in member engagement, event facilitation and communications support.

Before joining techUK, Olivia gained experience in research, advocacy, and strategic communications across several international organisations. At the Munich Security Conference, she supported stakeholder engagement and contributed to strategic communications. She also worked closely with local and national government stakeholders in Spain and Italy, where she was involved in policy monitoring and advocacy for both public and private sector clients.

Olivia holds an MSc in Political Science (Comparative Politics and Conflict Studies) from the London School of Economics (LSE) and a BA in Spanish and Latin American Studies from University College London (UCL).

Outside of tech, Olivia enjoys volunteering with local charities and learning Norwegian.

Email:

[email protected]

Read lessmore