UK government exempting itself from cyber law inspires little confidence

https://www.theregister.com/2026/01/10/csr_bill_analysis/

319•DyslexicAtheist•4w ago

Comments

ambicapter•4w ago

Why is the UK so authoritarian on cyber security? I feel like they're consistently on HN with this type of "rules for thee, not for me" attitude regarding computer law.

Kenji•4w ago

Not just cyber security.

gnfargbl•4w ago

This article is about the Cyber Security and Resilience Bill, which aims to increase the security of critical assets, and to strengthen breach reporting requirements.

It's puzzling to hear those steps described as "authoritarian." What makes you feel that way?

immibis•4w ago

We're in 2026 and the pendulum has fully pendulumed. Authoritarianism now means when the government does stuff.

iamacyborg•3w ago

There’s a definite trend in many HN threads talking about the UK in the last few months that’s trying to push my narrative.

My money’s on Twitter being the source.

iamacyborg•3w ago

Unfortunate typo. that narrative, not my narrative.

nephihaha•4w ago

The current prime minister is the least popular in recent memory, so that might have something to do with it. [See sources listed below.]

jen20•4w ago

You’re going to need to cite a non-tabloid source if you want that claim to be taken seriously.

Starmer is indeed very unpopular, but “least popular ever” is not a claim which even has an agreed-upon measure.

Remember Liz Truss lasted lasted less time in office than it took for a lettuce to rot.

nephihaha•4w ago

Liz Truss was barely in long enough for people to conduct a poll!

Thatcher was controversial but had ardent supporters. Where are Starmer's supporters? There aren't many even within the Labour Party.

No idea whether someone like Pitt the Younger or Canning back over a century ago were less popular. Really the onus should be on people to disprove this. I have not encountered a single live Starmer supporter in the wild but anyway...

https://www.independent.co.uk/bulletin/news/starmer-labour-c...

"New polling reveals Sir Keir is the least popular prime minister on record, with a net satisfaction rating of -66, lower than previous lows for Rishi Sunak and John Major."

https://www.telegraph.co.uk/politics/2025/09/27/starmer-leas... "Starmer is least popular PM on record, poll finds Only 13 per cent of voters are satisfied with Prime Minister, the fewest of any leader since 1970s."

I suppose you will complain about the Telegraph, but it isn't a tabloid.

https://www.newstatesman.com/politics/uk-politics/2025/12/wh...

"Keir Starmer is the least popular prime minister on record, less than 18 months after being elected. In this sense, he is making history. Few, if any, mainstream political commentators anticipated this situation before the 2024 election. Of course, many on the radical left predicted it several years ago, but who listens to us?"

kitd•3w ago

Popularity is a poor measure of performance in UK politics. The British public are regularly shown to be fickle and easily led in their judgements.

Results are a bit meh so far with Labour but at least they're not Trussesque dangerous. And positive achievements rarely get a mention in our press. Can't think why.

nephihaha•3w ago

This is anecdotal I know, but I have not met anyone who supports Starmer. Not one. I knew Thatcherites and folk who thought Blair and Brown were okay.

He got in because people were sick of the last lot. Jeremy Corbyn got more votes overall as well.

Beretta_Vexee•3w ago

The UK is in a strange position, where it must have regulations that are fairly similar to those of the European Union in order to benefit from cross-recognition and not hinder trade with its main partner. In this case, NIS2.

But at the same time, they don't want to admit it and are rewriting these standards in a very specific way so that only British engineering firms and consultants can draft regulatory documents or ensure compliance.

It ensures a monopoly for these engineering firms and consultants.

graemep•3w ago

The UK is authoritarian on "computer law" but not very different from other western countries.

dwroberts•4w ago

I think this is an overly cynical read on the whole thing, at least after skimming the main points from the bill.

A lot of it is about designating critical suppliers + providers and their security obligations.

Central government would typically be a customer, that uses other suppliers and providers to achieve its goals, not a supplier or a provider itself.

So in that sense it doesn't seem so strange to see it omitted, or at least for first set of legislation etc.? Get the first party suppliers in shape first, then legislate the net result of government function using those suppliers etc.

pdpi•4w ago

What you're describing would see the government fall outside the purview of the law naturally, without the need for an exemption. This is a true case of an exception that proves the rule — the fact that they made the exemption is itself proof that they would've been otherwise subject to the law.

canadiantim•4w ago

I’ve waited so long to hear an appropriate use of the term “exception that proves the rule”, thank you!

halJordan•4w ago

The problem is that this has been (well one of) the fatal flaw of previous attempts. If this were the first revamp i could agree with you.

pletsch•4w ago

Central government would typically be a customer

This is a wrong assumption, it's not that they aren't customers as they'll deal with hundreds of vendors/partners and will benefit from these changes regardless but national cyber & supporting IT agencies (including the UK) are often providers themselves to both other government agencies and private organizations in the country.

This can be anything from running their SOC functions to specialized consulting services to intelligence sharing so the bill is definitely relevant and the exclusion of the govt. doesn't seem to serve a purpose other than saving the budget to implement/maintain their own rules.

jph•4w ago

UK government agencies have opportunities to improve cyber security in a pragmatic way by phasing in coordinated vulnerability disclosure.

This matches the article's point that the UK CSR bill may be a first step that helps to phase in bespoke legislation to improve UK national security.

For me this is professional because my work involves UK software engineering for medical information.

Coordinated vulnerability disclosure: https://github.com/joelparkerhenderson/coordinated-vulnerabi...

nephihaha•4w ago

Do as we say not as we do, and the engineers of "change" sit back.

ProllyInfamous•3w ago

It's similar to how in Texas (and many other places) state agencies don't have to follow local building codes.

src: worked construction in state data centers

¿What asbestos, qué?

Beretta_Vexee•3w ago

So there are legitimate reasons for doing this, such as avoiding having to write reports and request authorizations from oneself, not having to disclose certain sensitive information, etc.

The right way to do this is to draft a framework law and a few decrees along the lines of “administrations XXX and YYY will apply NIS2 with the following exceptions and adaptations ....”

This avoids creating overly broad exemptions, ensuring that there is a reference framework, and preventing each administration from developing its own system.

This is very common in the arms and nuclear sectors, where many civil norms and standards clearly state “not applicable to nuclear” and the nuclear standard states “apply civil standard XXX, with the following specific provisions, the competent authority is the ONR.”

Declaring an overly broad exemption from the outset is not the right way to go about it.

paul_h•3w ago

Brit here. UK Government's position "we will hold ourselves to equivalent standards via the Cyber Action Plan, just without legal obligations" -is institutionally equivalent to "trust the PDF." Fast forward to the non-repudiable era, please.

Show HN: Maravel-Framework 10.61 prevents circular dependency

The age of a treacherous, falling dollar

Ask HN: AI Generated Diagrams

Microsoft Account bugs locked me out of Notepad – are Thin Clients ruining PCs?

Show HN: A delightful Mac app to vibe code beautiful iOS apps

Show HN: Gemini Station – A local Chrome extension to organize AI chats

Welfare states build financial markets through social policy design

Market orientation and national homicide rates

California urges people avoid wild mushrooms after 4 deaths, 3 liver transplants

Matthew Shulman, co-creator of Intellisense, died 2019 March 22

Show HN: SuperLocalMemory – AI memory that stays on your machine, forever free

Show HN: Pyrig – One command to set up a production-ready Python project

Fast Response or Silence: Conversation Persistence in an AI-Agent Social Network [pdf]

C and C++ dependencies: don't dream it, be it

Show HN: Vbuckets – Infinite virtual S3 buckets

Open Molten Claw: Post-Eval as a Service

New York Budget Bill Mandates File Scans for 3D Printers

The End of Software as a Business?

Exploring 1,400 reusable skills for AI coding tools

Show HN: A unique twist on Tetris and block puzzle

The logs I never read

How to use AI with expressive writing without generating AI slop

Show HN: LinkScope – Real-Time UART Analyzer Using ESP32-S3 and PC GUI

Cppsp v1.4.5–custom pattern-driven, nested, namespace-scoped templates

The next frontier in weight-loss drugs: one-time gene therapy

At Age 25, Wikipedia Refuses to Evolve

Show HN: ReviewReact – AI review responses inside Google Maps ($19/mo)

Why AlphaTensor Failed at 3x3 Matrix Multiplication: The Anchor Barrier

Ask HN: How much of your token use is fixing the bugs Claude Code causes?

Show HN: Agents – Sync MCP Configs Across Claude, Cursor, Codex Automatically

Show HN: Maravel-Framework 10.61 prevents circular dependency

The age of a treacherous, falling dollar

Ask HN: AI Generated Diagrams

Microsoft Account bugs locked me out of Notepad – are Thin Clients ruining PCs?

Show HN: A delightful Mac app to vibe code beautiful iOS apps

Show HN: Gemini Station – A local Chrome extension to organize AI chats

Welfare states build financial markets through social policy design

Market orientation and national homicide rates

California urges people avoid wild mushrooms after 4 deaths, 3 liver transplants

Matthew Shulman, co-creator of Intellisense, died 2019 March 22

Show HN: SuperLocalMemory – AI memory that stays on your machine, forever free

Show HN: Pyrig – One command to set up a production-ready Python project

Fast Response or Silence: Conversation Persistence in an AI-Agent Social Network [pdf]

C and C++ dependencies: don't dream it, be it

Show HN: Vbuckets – Infinite virtual S3 buckets

Open Molten Claw: Post-Eval as a Service

New York Budget Bill Mandates File Scans for 3D Printers

The End of Software as a Business?

Exploring 1,400 reusable skills for AI coding tools

Show HN: A unique twist on Tetris and block puzzle

The logs I never read

How to use AI with expressive writing without generating AI slop

Show HN: LinkScope – Real-Time UART Analyzer Using ESP32-S3 and PC GUI

Cppsp v1.4.5–custom pattern-driven, nested, namespace-scoped templates

The next frontier in weight-loss drugs: one-time gene therapy

At Age 25, Wikipedia Refuses to Evolve

Show HN: ReviewReact – AI review responses inside Google Maps ($19/mo)

Why AlphaTensor Failed at 3x3 Matrix Multiplication: The Anchor Barrier

Ask HN: How much of your token use is fixing the bugs Claude Code causes?

Show HN: Agents – Sync MCP Configs Across Claude, Cursor, Codex Automatically

UK government exempting itself from cyber law inspires little confidence

Comments