Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what estimate she has made of the resources required for essential service providers to comply with the mandatory incident reporting requirements of the Cyber Security and Resilience Bill.

The Impact Assessment of the Cyber Security and Resilience (Network and Information Systems) Bill provides estimates of the additional costs for businesses that will be impacted by the Bill and is available on GOV.UK.

The government is developing further detail on how the incident reporting regime will operate in future implementation proposals and will continue to work closely with regulators and industry to identify opportunities for the streamlining the reporting process. This will support organisations in meeting the improved incident reporting requirements and other duties.

The Bill will require regulators to publish sector-specific guidance to regulated entities to support compliance and address sectoral nuances.