UK sets out cyber resilience Bill & digital ID plans

SOFIAH NICHOLE SALIVIO

News Editor

The UK Government has set out plans for a Cyber Security and Resilience Bill and new voluntary digital identity initiatives, following King Charles’s outline of forthcoming digital legislation in his parliamentary address.

The legislation is expected to be a central part of the Government’s cyber strategy. The Cyber Security and Resilience Bill will sit alongside a push to increase business take-up of a new Cyber Resilience Pledge and continued work on digital identity services such as GOV.UK One Login.

Legal and industry figures said the package underlined a sustained focus on cyber risk across critical infrastructure, public services and private enterprise. They also warned that businesses should prepare for tighter expectations around governance, reporting and cryptography.

Mark Bailey, Partner at International Law Firm Charles Russell Speechlys, said pressing ahead with the Bill aligned with long-standing policy priorities.

“This inclusion is important but perhaps unsurprising, given that the Government has consistently treated the Bill as a key part of its wider cyber policy agenda. It shows that ministers remain focused on strengthening the UK’s cyber resilience, particularly around critical infrastructure, supply chains and the cyber integrity of individual businesses. Businesses should expect more detailed guidance as the Bill progresses, along with greater scrutiny of incident reporting, governance and supply chain security.”

Mike Baxter, President and Chief Technology and Product Officer at digital security firm Entrust, said the reference to digital identity in the King’s address signalled a further phase in the rollout of online identification systems for citizens.

“We can expect to see the development and deployment of new voluntary digital identity initiatives following the King’s comments today. To succeed, these systems must build trust and, crucially, be designed to work for everyone. GOV.UK One Login provides a strong foundation, but the next step is to ensure any scheme is genuinely voluntary, privacy-first and transparently governed. Only by getting these fundamentals right will digital ID make people’s lives meaningfully easier and more secure.”

“It is encouraging to hear the King restate the Government’s commitment to improving the UK’s defences against cybersecurity threats. However, the upcoming Cyber Security and Resilience Bill must go beyond traditional measures to create stronger incentives for post-quantum readiness, including publishing clear cryptographic standards and timelines for compliance.”

Alongside the Bill, the Government is urging organisations to sign a voluntary Cyber Resilience Pledge. The scheme calls for board-level oversight of cyber risk, wider adoption of the Cyber Governance Code of Practise, use of the National Cyber Security Centre’s Cyber Governance Training for directors, registration for the NCSC Early Warning service, and Cyber Essentials certification across supply chains.

Signatories must also encourage similar steps among their suppliers and publish a signed declaration on their websites. Officials see the measure as a way to set clear minimum expectations for organisational resilience and create a more consistent security standard across sectors.

Katharina Sommer, Director of Government Affairs and Analyst Relations at NCC Group, said the pledge was already gaining traction across industries.

“The Cyber Resilience Pledge is one of several strands the UK Government is pursuing to increase business engagement, particularly at senior management level, with cyber resilience. While voluntary, it appears to be attracting cross-sector interest. Organisations are engaging with the pledge to ensure they can meaningfully meet commitments that largely continue the UK Government’s recent guidance on what good looks like: the Cyber Governance Code of Practise to strengthen organisational resilience, uptake of Cyber Essentials across supply chains, and sign-up to the NCSC’s Early Warning Service to improve economy-wide awareness and preparedness as the threat landscape evolves.”

“Becoming a named signatory could become a visible sign that organisations take cyber resilience seriously and, over time, a competitive differentiator as awareness of cyber risk grows. There will always be debate over whether initiatives like this are too prescriptive or too high-level, but if a majority of organisations implement the pledge’s elements, we are likely to make progress in raising the cyber resilience baseline as they mature and develop the capability to take more tailored approaches. What the pledge demonstrates, in any case, is that the UK Government is now setting out very clear expectations for how it wants organisations to approach cyber resilience.”