New Stronger UK Regulations for IT Providers Revealed

With legislations continually changing and coming into effect, in this month’s thought leadership piece, our Lead Solutions Expert, Dean Watson, overviews what’s changing in regulations, what’s being proposed, and how these changes could affect you and your customers.

This month saw the proposed Cyber Security Resilience (CS&R) Bill introduced to UK parliament for the first time on the 12th of November.

The CS&R Bill is designed to:

1. Expand the scope of entities and digital infrastructure under the scope of regulation
2. Enhance oversight, information gathering and the Government’s ability to recover costs directly from regulated entities for regulatory bodies exercising their functions under NIS regulations
3. Increase financial penalties for non-compliance
4. Improve efficiency against emerging cyberthreats without needing new primary legislation
5. Confer new powers on the Secretary of State to intervene directly in cases concerning national security risks

We asked Dean Watson, our Lead Solutions Expert, what this means for the channel, where he responded:

“At this stage it’s important for channel partners to understand if they will fall under the remit of the Cyber Security & Resilience Bill. It’s also a good time to start reviewing processes and systems capability in relation to meeting the Information gathering and reporting requirement of the Bill. It’s reported that there will be a grace period until 2027 before the Cyber Security & Resilience Bill goes into enforcement. However, there will be a clear advantage for channel partners who are compliance-ready from the start of the grace period with regards to new tenders and service renewals. Early exposure to the compliance process is also an opportunity for channel partners to develop new products and services for customers who will find themselves to be in the scope of compliance froma supply chain perspective.” – Dean Watson, Lead Solutions Expert at Infinigate.

New Proposed Ban for Ransomware Pay outs

The government has also set out plans to ban public sector bodies and operators of critical national infrastructure, including the NHS, local councils and schools, from paying ransom demands to cybercriminals. They would also be looking to introduce a mandatory incident reporting regime for these same entities. View the proposal here.

“This will likely be the next area of focus for legislators as they have stated that they want to ensure complimentary alignment with the Cyber Security & Resilience act. It will certainly be interesting to see how this will be implemented and if it will be purely from a process perspective or if there will be a requirement for automated reporting. The channel should keep abreast of this situation, especially in respect to supply chain compliance.” – Dean Watson, Lead Solutions Expert at Infinigate.

How Infinigate can support you

Infinigate stands ready to support partners during this compliance transformation with a wide range of Endpoint Protection and E-mail Security Platforms, Human Risk Management, SecOps and SASE solutions to accelerate the time to compliance with the Cyber Security and Resilience Bill and future Ransomware legislation. Your Client Manager can support you with requirements, and if you’re new to Infinigate, a member of our team can support you during this period! Simply fill out the new partner form here.