If you are a managed services business, you need to be aware of the Cyber Security and Resilience Bill (“CSR Bill”) being introduced to Parliament this year.
Under the CSR Bill, businesses meeting specified thresholds who provide services related to the installation, management, operation or maintenance of ICT products, networks, infrastructure, applications or any other network and information systems, via assistance or active administration carried out either on customers’ premises or remotely (“Managed Service Providers” or “MSPs”), will be subject to new compliance obligations. It is anticipated that 900-1100 MSPs will be within scope of the CSR Bill.
The purpose of the CSR Bill is to update and strengthen existing legislation in response to the growing frequency, and sophistication of cyber attacks, and in recognition of increasing supply chain vulnerabilities. The Government recognises cyber security as essential for economic stability, investment and innovation.
The CSR Bill is also expected to bring Data Centres within scope of the legislation by classifying them as essential services in a relevant sector (data infrastructure) (they are currently outside of regulatory scope ).
The CSR Bill will, if enacted, bring new compliance obligations to providers of managed services, and certain small and micro digital service providers not currently regulated in this way. Digital service providers forming part of the supply chain to regulated businesses (such as operators of essential services or relevant digital service providers) should also expect to see additional and tighter compliance obligations in its contracts in respect of its cyber security policies, practices and processes.
Please direct any questions you might have to Helen Jones, who will be able to assist.
The information on this site about legal matters is provided as a general guide only. Although we try to ensure that all of the information on this site is accurate and up to date, this cannot be guaranteed. The information on this site should not be relied upon or construed as constituting legal advice and Howes Percival LLP disclaims liability in relation to its use. You should seek appropriate legal advice before taking or refraining from taking any action.
To contact us, please fill out this form and we will get back in touch as soon as possible. Your personal data will be processed in accordance with our privacy policy which can be found here.
Thank you for your enquiry. We will respond as soon as possible.
