Regulatory Outlook

Cyber security | UK Regulatory Outlook November 2022

Published on 30th Nov 2022

European Parliament adopts NIS2 Directive | Call for evidence on ransomware inquiry | NCSC announces new scanning activities of all Internet-accessible systems

Fingerprint ID on a screen

European Parliament adopts NIS2 Directive

As mentioned in our previous Regulatory Outlook, the Directive on measures for a high common level of cybersecurity across the Union (the NIS2 Directive) was with the European Parliament and Council for approval. The European Parliament has now adopted the NIS2 Directive, which aims to further increase the levels of cyber security across Europe.

The new legislation is set to introduce stronger requirements including on incident response, supply chain security, and encryption, in a wider selection of sectors including energy, transport, banking, and health.

The European Council will also need to formally adopt the legislation before is published in the Official Journal, and will enter into force 20 days after publication.

Call for evidence on ransomware inquiry

On 31 October 2022, the Parliamentary Joint Committee on the National Security Strategy launched a call for evidence for its new inquiry into ransomware.

Organisations are invited to submit evidence on topics including the following:

  • The extent and nature of ransomware threats, including the sources and modes of extortion.
  • The sources of support for prevention, detection and recovery, access to and availability of insurance cover.
  • The effectiveness of the response to ransomware by the government and law enforcement agencies.
  • The scope for international cooperation to combat the global ransomware threat, including comments on crypto-currency regulation.

 The deadline for written submissions is 16 December 2022.

NCSC announces new scanning activities of all Internet-accessible systems

The National Cyber Security Centre (NCSC) announced that it is carrying out scanning activities over internet-accessible systems hosted within the UK in support of the UK government's Cyber Security Strategy.

The NCSC clarified that the data collected from the scans will help the centre better understand the vulnerability and security of the UK and that it will use the data to assist system owners in understanding their security position.

Organisations that wish to opt out of having their servers scanned by the NCSC may contact the centre with a list of IP addresses that they wish to have excluded from any future scan activities.


* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Interested in hearing more from Osborne Clarke?