Campaign mentioned as CMA Amendments withdrawn at Committee Stage from CSR Bill

Written By Daniel Laing

Yesterday (24 February), the Public Bill Committee on the Cyber Security and Resilience (Network and Information Systems) Bill debated two new clauses proposing mechanisms to update the Computer Misuse Act 1990 (CMA), before they were ultimately withdrawn following ministerial assurances on the Government’s direction of travel.

Freddie van Mierlo MP tabled new clause 18, which would have required the Secretary of State, within 12 months of the Bill passing, to review whether amendments to the CMA could help ensure, maintain or improve the security and resilience of network and information systems used for essential activities, and to report back to Parliament on potential amendments and the Government’s intentions.

Dr Ben Spencer MP tabled new clause 19, which focused on ethical vulnerability research, including a review of the merits of introducing a tightly defined statutory defence to section 1 of the CMA to enable legitimate security research in the public interest while safeguarding against abuse. In his speech on the amendment, he explicitly mentioned the campaign and referred to its activity and research.

Andrew Cooper MP intervened to press the Government on timescales, asking whether reforms would be brought forward in this parliamentary Session or the next and arguing the uncertainty is holding back the UK cyber-security industry. Responding, Minister Kanishka Narayan MP acknowledged the shared intent to modernise the CMA, noted the Home Office’s recent industry engagement with more than 75 attendees and ongoing work on proposals, and stated: “The question is simply not whether we will reform the Computer Misuse Act, but simply how.”

In closing, the Minister reiterated that CMA reform is Home Office-led, and committed to writing to Committee members with as much detail as possible on the timeline to ensure progress continues at pace. On that basis, Freddie van Mierlo MP withdrew the clause.

The CyberUp Campaign welcomes the constructive, cross-party focus on CMA reform in Committee.

We will continue engaging with Parliament and stakeholders to help ensure any reforms provide clear, workable protections for responsible cyber security practice while keeping the law robust against malicious actors.

You can read the full Committee exchange in Hansard.

Daniel Laing
Next

CSR Bill a “golden opportunity” to reform CMA and remove its “chilling effect”, Public Bill Committee hears