Dokar Tsaro da Resilience ta yanar gizo

A ranar 17 ga Yuli, 2024, an sanar da shi a lokacin bude Majalisar Dokoki ta Jiha cewa gwamnatin Labour za ta gabatar da Dokar Tsaron Yanar Gizo da Juriya ta Intanet (CS&R). An tsara dokar ne don sabunta Dokokin Tsaron Yanar Gizo da Bayanai na 2018 da ake da su a yanzu, wanda aka sani da UK NIS. ^[1] CS&R za ta ƙarfafa kariyar yanar gizo ta Burtaniya da juriya ga hare-haren abokan gaba, ta haka za a tabbatar da cewa kayayyakin more rayuwa da muhimman ayyukan da kamfanonin Burtaniya suka dogara da su an kare su ta hanyar magance raunin da ke tattare da su, yayin da za a tabbatar da cewa tattalin arzikin dijital zai iya samar da ci gaba . ^[2]

Dokar za ta faɗaɗa ayyukan ƙa'idojin da ake da su da kuma sanya masu kula da harkokin kuɗi a kan turba mai ƙarfi, da kuma ƙara buƙatun bayar da rahoto da aka sanya wa 'yan kasuwa don taimakawa wajen gina kyakkyawan hoto game da barazanar yanar gizo. Manufarta ita ce ƙarfafa kariyar yanar gizo ta Burtaniya, tabbatar da cewa muhimman kayayyakin more rayuwa da ayyukan dijital da kamfanoni ke dogara da su suna da aminci. ^[3] Dokar za ta faɗaɗa kuma ta yi aiki a faɗin Burtaniya. ^[2]

Sabbin dokokin suna cikin alƙawarin Gwamnati na inganta da ƙarfafa matakan tsaron yanar gizo na Burtaniya da kuma kare tattalin arzikin dijital. ^[4] CS&R za ta gabatar da cikakken tsarin dokoki wanda aka tsara don aiwatar da tsauraran matakan tsaro na yanar gizo a sassa daban-daban. Wannan tsarin zai haɗa da bin ƙa'idodi da ayyuka na tsaro na yanar gizo da aka kafa don tabbatar da cewa ana aiwatar da muhimman matakan tsaron yanar gizo. A ƙarshe, 'yan kasuwa za su buƙaci nuna bin waɗannan ƙa'idodi ta hanyar yin bincike da bayar da rahoto akai-akai. Haka kuma an haɗa da hanyoyin dawo da kuɗi don samar da albarkatu ga masu kula da harkokin da kuma samar da iko don bincika yiwuwar rauni. ^[5]

An yi wa kudirin 'Tsarin Tsaron Intanet da Juriya (Cibiyoyin Sadarwa da Bayanai)' karatu na farko a Majalisar Dokokin Burtaniya a ranar 12 ga Nuwamba, 2025. ^{[6] [7] [8]}

Muhimman bayanai daga Jawabin Sarki sune: ^[2]

i) The current UK NIS cyber security regulations play an essential role in safeguarding the UK’s critical national infrastructure by placing security duties on industry involved in the delivery of essential services.^[9] These regulations cover the five sectors of transport, energy, drinking water, health and digital infrastructure, as well as some digital services including online marketplaces, online search engines, and cloud computing services. 12 regulators are responsible for implementing the present regulations.

ii) Hostile cyber actors are increasingly targeting UK critical sectors and supply chains. Recent serious high-profile attacks impacting London hospitals and the Ministry of Defence, as well as ransomware attacks on the British Library and Royal Mail, have highlighted that UK services and institutions are vulnerable to attack.

iii) The impacts of a cyber attack on these sectors pose severe risks to UK citizens, core services and the economy at large. For example, as a result of the ransomware attack affecting the NHS in England in June [2024], 3,396 outpatient appointments and 1,255 elective procedures were postponed across King's College Hospital, Guy’s Hospital and St Thomas’ Hospital, all in South London. It has been estimated that the cost of cybercrime in the UK in 2023 was $320 billion, near £225 billion.^[10]

iv) The National Cyber Security Centre (NCSC) assess that the increased threat from hostile states and state-sponsored actors continues to escalate. At a recent speech at CyberUK, NCSC CEO Felicity Oswald warned that providers of essential services in the UK cannot afford to ignore these threats.^[11]

v) 2 UK NIS Post-Implementation Reviews found that the original regulations are having a positive impact, but that progress has not been fast enough.^[12][13] In 2022 the review found that they "are a vital framework in raising wider UK resilience against network and information systems security threats", but updates are required to keep pace with growing threats. Just over half of the operators of essential services have updated or strengthened existing policies and processes since the inception of the UK NIS Regulations in 2018, which were introduced after EU NIS Directive 2016/1148.^[1][14]

Zai gabatar da rahoton 'yan fashin teku na dole domin hukumomi su fahimci barazanar da kyau kuma su "faɗakar da mu game da hare-haren da ka iya tasowa ta hanyar faɗaɗa nau'in da yanayin abubuwan da hukumomin da ke kula da su dole ne su bayar da rahoto." ^{[4] [15]} Duk da cewa wannan tattara bayanai zai iya ƙara juriya ga hare-hare, nauyin gudanarwa ga 'yan kasuwa daga wannan rahoton na iya kawo ƙarin kuɗaɗe da kuma kuɗaɗen da aka kashe wajen satar bayanai ta yanar gizo. ^[4]

Ganin cewa hanyoyin kasuwanci na zamani suna da alaƙa, dole ne ƙungiyoyi su tabbatar da cewa abokan hulɗarsu da masu samar da kayayyaki suma sun bi ƙa'idodin da CS&R ta gindaya. ^[4]

A cikin Tarayyar Turai, ana sabunta ainihin Umarnin Tsaron Yanar Gizo da Bayanai (NIS Directive 2016/1148) zuwa Umarnin 2022/2555, wanda aka sani da EU NIS 2. ^{[16] [17]} EU NIS 2 ta gabatar da sauye-sauye masu yawa ga dokokin tsaron yanar gizo na Tarayyar Turai na yanzu don tsarin sadarwa da bayanai. ^[16] CS&R ya kamata ta kawo dokokin NIS na Burtaniya na 2018 da ke akwai zuwa tsarin kama da na Tarayyar Turai. ^{[16] [18]}

Dokar har yanzu ba ta da wani bayani game da duk wani hukunci na rashin bin doka ko kuma abin da masu kula da bayanai ke buƙata daga wata ƙungiya da ta fuskanci matsalar tsaron yanar gizo. ^[19] An sanar da hakan a watan Afrilun 2025 ta hannun Peter Kyle, Sakataren Harkokin Waje na Ma'aikatar Kimiyya, Kirkire-kirkire da Fasaha ta Burtaniya, cewa za a ci tarar £100,000 a kowace rana saboda rashin ɗaukar mataki kan barazanar da ta shafi hakan. ^{[20] [21]}

Jon Ellison, Daraktan NCSC na Juriyar Kasa, ya ce kudirin da aka gabatar "lokaci ne mai muhimmanci wajen magance barazanar da ke kara ta'azzara ga tsarin Burtaniya mai mahimmanci". ^[22] Ya ci gaba da cewa zai zama "mataki mai mahimmanci zuwa ga tsarin dokoki mafi cikakken tsari, wanda ya dace da duniyarmu mai saurin canzawa". ^[22]

Tsohon shugaban NCSC Ciaran Martin tare da sauran ƙwararru sun yi maraba da shawarar majalisar. A shafukan sada zumunta, ya rubuta cewa dokar da aka gabatar ta yi kama da ta dace, tare da buƙatar bayar da rahoto mai mahimmanci da kuma matakai masu kyau. ^[23]

Wakilin Kamfen na CyberUp Matt Hull ya ce kungiyar na fatan gwamnati ta sabunta juriyar amfani da yanar gizo a Burtaniya, musamman Dokar Amfani da Kwamfuta ta 1990. Duk wani sabuntawa ga wannan Dokar zai taimaka wa kwararru kan yanar gizo su kare Birtaniya, su kare tattalin arzikin dijital da kuma bude yiwuwar ci gaba a masana'antar tsaron yanar gizo. ^[23]

A watan Afrilun 2025, an buga Bayanin Manufar CS&R, wanda ya bayyana matakan da aka tabbatar da kuma waɗanda aka tsara don haɗawa a cikin kudirin. Yana ambato: "Juyin juya halin dijital yana canza Tsarin Kayayyakin more rayuwa na ƙasa (CNI) da muhimman ayyukanmu na jama'a. Yana ba da dama ta musamman - don inganta rayuwar mutanenmu da ƙasarmu. Duk da haka, yana iya kawo sabbin rauni masu haɗari... A cikin wannan Bayanin Manufar, na tsara shawarwarin dokoki don wannan Dokar. Na kuma yarda cewa yanayin yanar gizo yana motsawa sosai - abubuwa da yawa na iya faruwa cikin ɗan gajeren lokaci. Wannan bayanin ya gabatar da ƙarin matakai da yawa don magance barazanar da muke fuskanta yanzu." ^[24]

Dokar tana da nufin ƙarfafa tsaron yanar gizo na Burtaniya da kuma tabbatar da muhimman ababen more rayuwa da muhimman ayyukan dijital, ta haka ne za a inganta kariyar CNI. ^[25] Sanarwar ta yi cikakken bayani game da shirin fadada tsarin dokoki don rufe ƙarin hukumomi, ƙarfafa masu kula da harkokin da kuma inganta kulawa. Wannan ya haɗa da haɓaka rahotannin abubuwan da suka faru, ƙara ƙarfin tattara bayanai na ICO da inganta hanyoyin dawo da farashi na masu kula da harkokin. Dokar ta kuma magance buƙatar tsarin dokoki mai daidaitawa don ci gaba da tafiya daidai da yanayin yanar gizo mai ci gaba. ^[25]

CS&R na neman faɗaɗa iyakokin ƙungiyoyin da ake buƙata don inganta kimanta haɗarinsu, ƙarfafa matakan tsaro na tsaro na yanar gizo ga ƙungiyoyi kusan 1000. Waɗannan matakan za su ƙara kariyar bayanai da tsaron hanyar sadarwa kuma wataƙila za su haɗa da masu gudanar da cibiyar bayanai da masu samar da sabis da ake gudanarwa . Shawarwarin sun kuma haɗa da ba wa masu kula da ƙa'idoji ƙarin kayan aiki don haɓaka ƙa'idodin tsaro, tilasta wa gwamnati bayar da rahotannin abubuwan da suka faru dalla-dalla da kuma ba wa gwamnati ikon sabunta tsarin dokoki yayin da barazana da fasaha ke tasowa. ^[26]

Sanarwar ta ba da cikakken bayani game da canje-canjen da aka yi wa shirin Cyber Essentials, gami da sabuntawa ga ma'anar software, gyaran raunin da kuma kalmomin da suka shafi aiki daga nesa. ^[27] Za a sabunta ƙayyadaddun gwajin Cyber Essentials Plus tare da sabbin alamun tabbatarwa, tabbatar da rarrabuwa ta hanyar ƙaramin saiti da kuma tabbatar da samfur. Sanarwar ta kuma bayyana matakan da ƙungiyoyi za su buƙaci ɗauka don cimma takardar shaidar Cyber Essentials a 2025 da kuma gaba. Waɗannan sun haɗa da canje-canje ga buƙatun kayayyakin more rayuwa na IT, kamar gabatar da tantancewa mara kalmar sirri . ^[27]

Kudurin zai ci gaba da matakai bakwai na tsarin dokoki wanda zai gudana a majalisun biyu na Burtaniya: karatu na farko, karatu na biyu, matakin kwamiti, matakin rahoto, karatu na uku, majalisar da ke adawa da ita da kuma amincewar sarki.

1. 17 ga Yuli 2024 - An sanar da kudirin dokar.
2. 1 ga Afrilu 2025 - Sanarwar manufofin tsaron yanar gizo da juriya. ^[28]
3. 12 Nuwamba 2025 - Karatu na farko: An gabatar da kudirin ga Majalisar Dokoki (na yanzu). ^[6]

• Dokar Juriyar Yanar Gizo - Dokokin EU don inganta tsaron yanar gizo da juriyar yanar gizo.
• GDPR - Dokar Kare Bayanai ta Gabaɗaya.
• Malware - Misalan sun haɗa da ƙwayoyin cuta na kwamfuta, kayan leƙen asiri da kuma adware .

• Sanarwar manufofin tsaron yanar gizo da juriya Afrilu 2025
• Takaitaccen Bayani Kan Tsaron Yanar Gizo a Burtaniya - Laburaren Majalisa

1. 1 2 "King's Speech: new cyber resilience laws planned in the UK". Pinsent Masons. 17 July 2024. Retrieved 5 August 2024.
2. 1 2 3 "The King's Speech 2024" (PDF). UK GOV. p. 94. Retrieved 30 July 2024. Cite error: Invalid <ref> tag; name "CSRB_7" defined multiple times with different content.
3. ↑ Patefield, D.; Broom, J.; Collings, A.; Tsolova, R.; Modha, T. (19 July 2024). "Government announces new Bill to strengthen the UK's cyber security and resilience". techUK. Retrieved 30 July 2024.
4. 1 2 3 4 "Cyber Security and Resilience Bill: what businesses and insurers need to know". CMS Legal. 18 July 2024. Retrieved 30 July 2024. Cite error: Invalid <ref> tag; name "CSRB_4" defined multiple times with different content.
5. ↑ "UK set to debut Cyber Security and Resilience Bill to boost national cyber defenses, secure critical infrastructure". Industrial Cyber. 19 July 2024. Retrieved 30 July 2024.
6. 1 2 "Cyber Security and Resilience (Network and Information Systems) Bill". UK Parliament. 12 November 2025. Retrieved 16 November 2025. Cite error: Invalid <ref> tag; name "CS&R_rd1" defined multiple times with different content.
7. ↑ "Cyber Security and Resilience (Network and Information Systems) Bill" (PDF). UK Parliament. 12 November 2025. Retrieved 16 November 2025.
8. ↑ "Cyber Security and Resilience (Network and Information Systems) Bill: impact assessment" (PDF). Crown. 12 November 2025. Retrieved 17 November 2025.
9. ↑ "The Network and Information Systems Regulations 2018". Crown. 10 May 2024. Retrieved 4 August 2024.
10. ↑ "Annual cost of cybercrime in the UK 2017-2028". Ani Petrosyan. 1 December 2023. Retrieved 7 August 2024.
11. ↑ "CYBERUK 2024: Felicity Oswald keynote speech". National Cyber Security Centre. May 2024. Retrieved 15 August 2024.
12. ↑ "Review of the Network and Information Systems Regulations". Crown. 29 May 2020. Retrieved 2 November 2024.
13. ↑ "Second Post-Implementation Review of the Network and Information Systems Regulations 2018". Crown. 27 July 2022. Retrieved 15 August 2024.
14. ↑ "Directive (EU) 2016/1148 of the European Parliament and of the Council". Crown. 6 July 2016. Retrieved 22 August 2024.
15. ↑ Muncaster, P. (18 July 2024). "UK Government Set to Introduce New Cyber Security and Resilience Bill". Reed Exhibitions. Retrieved 5 August 2024.
16. 1 2 3 Belcheva, R. (23 July 2024). "New Cyber Security & Resilience Bill announced in King's Speech". The Lens. Retrieved 13 August 2024.
17. ↑ "The NIS 2 Directive". Cyber Risk. 2022. Retrieved 13 August 2024.
18. ↑ Poireault, K. (12 August 2024). "Navigating Regulation Discrepancies: EU's NIS 2 v UK's Cyber Security and Resilience Bill". RELX. Retrieved 26 September 2024.
19. ↑ Jones, C. (30 July 2024). "Revamped UK cybersecurity bill couldn't come soon enough, but details are patchy". The Register. Retrieved 4 August 2024.
20. ↑ Jones, Connor (1 April 2025). "UK threatens £100K-a-day fines under new cyber bill". The Register. Retrieved 22 August 2025. pledging £100,000 ($129,000) daily fines for failing to act against specific threats under consideration.
21. ↑ Kundaliya, Dev (2 April 2025). "UK's new cybersecurity bill threatens £100K daily fines". Computing. Retrieved 22 August 2025.
22. 1 2 Say, M. (25 July 2024). "NCSC highlights importance of Cyber Security Bill". Informed Communications Ltd. Retrieved 29 August 2024.
23. 1 2 Akshaya, A. (17 July 2024). "UK Labour Introduces Cyber Security and Resilience Bill". Information Security Media Group. Retrieved 16 August 2024. Cite error: Invalid <ref> tag; name "UKL_1" defined multiple times with different content.
24. ↑ Cite error: Invalid <ref> tag; no text was provided for refs named "GPP_1".
25. 1 2 Ribeiro, Anna (1 April 2025). "UK Cyber Security and Resilience Bill: Policy statement details confirmed and proposed measures for enhanced CNI protection". Industrial Cyber. Retrieved 15 April 2025.
26. ↑ Cite error: Invalid <ref> tag; no text was provided for refs named "IMCR_1".
27. 1 2 "Cyber Security and Resilience Bill - Policy Statement of Intent". TechUK. 1 April 2025. Retrieved 15 April 2025.
28. ↑ "Cyber security and resilience policy statement". Crown. 1 April 2025. Retrieved 2 April 2025.