Skip to content
NINTECH
← All insights
Industry7 July 2026

UK launches Cyber Resilience Pledge as Bill reaches the Lords

Seventy founding signatories including M&S, Nationwide and Vodafone signed a new voluntary cyber pledge at Downing Street, while the Cyber Security and Resilience Bill — which brings MSPs into regulation — heads to its Lords second reading.

Technology Secretary Liz Kendall launched the Cyber Resilience Pledge at a 10 Downing Street reception on 7 July, with 70 founding signatories named, including M&S, Nationwide, ITV, Microsoft UK, Cloudflare, Deloitte, Accenture UK and Vodafone. Signatories commit to three actions: board-level oversight of cyber risk, use of the NCSC's Early Warning service, and a risk-based approach to Cyber Essentials across their supply chains. The government cites an estimated £14.7 billion annual cost of cyber attacks to UK organisations.

The voluntary pledge is the soft edge of a harder instrument. The Cyber Security and Resilience (Network and Information Systems) Bill completed its Commons stages on 10 June, was introduced to the Lords on 17 June as HL Bill 32, and has its second reading on 14 July. Royal Assent is expected late 2026.

The Bill's substance is significant for anyone buying or selling IT services: it brings managed service providers and data centres into regulatory scope, mandates 24-hour incident reporting alongside new near-miss reporting duties, and empowers regulators to levy fines of up to £17 million or 4% of global turnover.

If you are an MSP or rely on one, start preparing now rather than at Royal Assent: map which of your services will fall in scope, test whether you could actually notify a regulator within 24 hours of detecting an incident, and put cyber risk on the board agenda formally. The pledge's three commitments are a sensible, low-cost rehearsal for the statutory duties that will follow.

Source: GOV.UK. Details verified against the source at time of writing — always confirm current patch levels against the vendor's own advisory.

Affected by this? Talk to an engineer.

UK launches Cyber Resilience Pledge as Bill reaches the Lords — Nintech