UK Cyber Security Resilience Act (CSRA)

 UK Cyber Security Resilience Bill (CSRB)

The UK Cyber Security Resilience Bill, presented to parliament on the 12th November 2025 , marks a significant advance in boosting the nation’s cyber defences amid mounting digital threats and complex supply chains. This Bill extends regulatory scope beyond earlier frameworks, such as the original Network and Information Systems (NIS) Regulations, responding proactively to major economic losses from cyber incidents. It draws on global best practices, reflecting elements of European NIS2 and CRA regulation, applied to improve the operational security and incident management for essential services and digital service providers in the UK.

International Alignment

The CSRB will align better with some of the International cybersecurity frameworks such as:

  • EU NIS2 Directive (January 2023)

    • Protecting Critical Infrastructure
    • Proactive Cyber Risk Management
    • Public-Private Sector Collaboration

  • EU Cyber Resilience Act (CRA)

    • Improving Product Security
    • Increasing accountability of Manufacturers
    • Defining frameworks for vulnerability disclosure and remediation

  • Global Cybersecurity Best Practices

    • Incorporates international risk management frameworks
    • Adapts to evolving global threat landscapes
    • Promotes interoperability across international markets
    • Supports UK's position as a global cybersecurity leader

Certification Standards

Comprehensive certification options to demonstrate compliance:

  • ISO/IEC 27001: Information Security Management

    • Risk management methodologies
    • Security control implementation
    • Continuous improvement processes
    • Comprehensive documentation requirements
    • Applicable across multiple industry sectors
    • Internationally recognised standard

IEC 62443: Industrial Cybersecurity

Specialised standard for operational technology (OT) environments

  • Specialised standard for operational technology (OT) environments

    • Industrial control system protection
    • Sector-specific security requirements
    • Comprehensive risk mitigation strategies
    • Critical for: manufacturing, critical infrastructure, industrial automation and addressing unique challenges in industrial networks