UK Plans Overhaul of Cybersecurity Law Stymieing Researchers

Geo Focus: The United Kingdom , Geo-Specific , Legislation UK Plans Overhaul of Cybersecurity Law Stymieing Researchers Proposed Bill Could Reopen Debate Over Computer Misuse Act Protections Chris Riotta (@chrisriotta) • May 13, 2026     Credit Eligible Get Permission King Charles III, left, touring London on June 14, 2025. (Image: Alan Fraser Images/Shutterstock) The British government announced plans to update cybersecurity legislation aimed at strengthening the country's digital defenses - while overhauling cybercrime authorities that officials and security researchers warn are no longer fit for modern threats. See Also: How Payment Service Directive (PSD2) is Changing Digital Banking - Are You Ready? King Charles III announced the plans Wednesday during his speech opening Parliament, saying the government would introduce legislation "to improve the country's defences against cybersecurity threats." The announcement comes amid a renewed push by the government to modernize the U.K.'s cyber posture in a Cyber Security and Resilience Bill. The legislation could reignite debate around reforms to the U.K.'s decades-old Computer Misuse Act of 1990, which cybersecurity professionals, academics and industry groups have long argued criminalizes certain forms of legitimate security research and vulnerability testing. The king's speech did not provide operational details about the proposed updates to the cyber legislation. "My government will introduce legislation to tackle the growing threat from foreign state entities and their proxies," the king said, delivering the annual agenda of Labour Prime Minister Keith Starmer. "My ministers will also introduce legislation to improve the country’s defenses against cybersecurity threats." The proposal comes after years of pressure from cybersecurity researchers and industry advocates who argued the Computer Misuse Act - drafted before the commercial internet era - fails to distinguish between malicious hacking activity and good-faith security testing conducted to identify vulnerabilities before criminals or foreign intelligence services can exploit them. The Home Office under the previous administration of Conservative Prime Minister Rishi Sunak acknowledged concerns surrounding the law during a 2023 review, including calls for legal protections covering authorized threat hunting, vulnerability disclosure work and defensive cybersecurity operations carried out in the public interest. British officials and law enforcement have also recently pushed for stronger cybercrime authorities, including expanded powers to disrupt ransomware infrastructure, preserve digital evidence and target criminal services used to facilitate cyberattacks. The Cyber Security and Resilience Bill is expected to move through Parliament alongside other security-focused measures tied to state threats and public safety, though the government has not yet published draft legislative text or a formal implementation timeline. The government has not yet specified whether the forthcoming legislation will create explicit legal defenses for cybersecurity researchers or instead pursue narrower reforms focused primarily on critical infrastructure resilience and state-backed cyber threats. The government in April called on corporate boards to elevate cybersecurity oversight, strengthen supply chain security requirements and enroll in the National Cyber Security Center's free early warning service to improve threat visibility and resilience across critical sectors. Officials said the initiative is designed to provide organizations with a public framework for demonstrating cyber maturity while also encouraging executives to treat cybersecurity as a core business risk. "The cybersecurity of British business is a matter of national security," Security Minister Dan Jarvis said in late April. "Basic cyber hygiene is no longer optional, but the baseline - the absolute minimum we should expect of any serious organization operating in the modern economy." The National Cyber Security Centre has warned in recent months that Britain faces a growing risk from state-backed cyber activity tied to adversarial governments including China, Russia and Iran.