The Biggest Shift in UK Cyber Law Since GDPR

The Cyber Security and Resilience Bill (CSRB) has officially landed, expanding the remit of the old NIS regulations to include managed service providers (MSPs), data centres, and a broader range of supply chain entities. If your firm provides “essential services,” the goalposts have moved.

What’s New in 2026?

• 24-Hour Reporting: The Bill now mandates a two-stage reporting process: an initial notification within 24 hours of discovery and a full report within 72 hours.

• Supply Chain Liability: You are now legally responsible for the security posture of your “critical suppliers.”

• Hefty Fines: Non-compliance can now result in fines up to £17 million or 4% of global turnover, mirroring the severity of GDPR.

How Enactia Helps: While legacy tools require manual entry, Enactia’s Automated Incident Response module is pre-configured with the CSRB timelines. It triggers alerts the moment an incident is logged, ensuring your UK legal team meets the 24-hour window every time.

Don’t get caught by the 24-hour reporting window. > Book an Enactia Demo for CSRB Readiness