Firms urged to act ahead of new IT legislation

Experts at managed IT services provider Air IT have urged small and medium-sized businesses to act following new technology bills announced in the recent King’s Speech.

In the coming months, Parliament will introduce a new Cyber Security and Resilience Bill, and the Digital Information and Smart Data Bill.

Once the bills have been debated and then approved by Parliament, they will receive Royal Assent and become legal requirements.

And while no new AI bill was mentioned in the King’s Speech, the Government has emphasised its intent to legislate for advanced AI model development in the future.

The Cyber Security and Resilience Bill aims to address the rising number of cyber security breaches or attacks, while the Digital Information and Smart Data Bill aims to drive economic growth through innovative data use.

The Cyber Security and Resilience Bill seeks to strengthen cyber security across more firms by expanding existing regulations, enhancing regulatory authority, and increasing reporting requirements for a clearer understanding of cyber threats in the UK.

Lee Johnson, from Air IT, who is managing director of Air Sec, the firm’s cyber security division, said: “This bill highlights the urgency to fortify the UK’s cyber defences, securing critical infrastructure and digital services.

“For businesses, more stringent cyber security requirements will be mandated, making cyber security a key budget priority for businesses, both large and small.”

The legislation comes in the wake of recent high-profile cyber-attacks, such as the ransomware incident affecting NHS supplier, Synnovis.

This legislation aims to align the UK’s regulations with the EU’s proposed Cyber Resilience Act, an act which covers a wide range of products, focusing on enhancing the security posture of the connected ecosystem and mandates incident reporting, including ransomware attacks, to improve data on cyber threats.

Lee said: “The previous UK government had begun to look into reforming the  Security of Network & Information Systems regulations regime through a review and consultation.

“However, the new bill will likely extend the scope of NIS regulations to cover more digital services and supply chains, incorporating and mandating additional layers of incident reporting obligations and stronger regulatory powers and penalties for non-compliant businesses.”