Morning, Monday, 23rd March 2026
Online
This conference will focus on next steps for UK cyber security policy and regulation, with government and industry focusing on strategic approaches to tackling the evolving threat landscape, and as the Cyber Security and Resilience Bill progresses through Parliament.
Policy & latest developments
It will bring stakeholders and policymakers together to consider key issues for implementing the Government’s recently published National Cyber Action Plan, and to discuss recommendations from the independent Cyber Growth Action Plan published in September 2025, including implications of AI-enabled threats for national cyber risk assessment and policy prioritisation.
Sessions in the agenda will assess next steps for implementation of the action plan, including priorities for supporting the uptake of the Software Security Code of Practice, how the £210m commitment might best be deployed to support public sector cyber defences, and options for measuring the effectiveness of delivery. Key considerations for collaboration between the public and private sector will also be discussed in reinforcing resilience across critical national infrastructure, public services, supply chains, and individual organisations, including SMEs.
Regulation, responsibilities, compliance & support
Sessions will consider proposals in the Cyber Security and Resilience Bill, including how cloud services, managed service providers, and data centres included in the proposed expanded scope of NIS Regulations can best integrate preparedness. Delegates will also assess the way forward for defining critical suppliers, and approaches to implementing new reporting obligations, including where AI-enabled systems or automated decision-making are embedded within essential services or supply chains. Regulatory enforcement and sanction powers will also be examined, including how the UK framework might remain responsive and internationally competitive, in the context of emerging guidance on secure AI development and deployment.
Delegates will discuss concerns expressed in industry, including around clarity of transition timelines and the need for consistent expectations across multiple regulators - as well as how far obligations will extend into complex digital supply chains, and what support will be available for organisations with limited resources but high exposure to cyber risk.
Following the Government response to ransomware legislative proposals in July 2025, attendees will examine the potential impact of banning public sector ransom payments and introducing advance‑notice rules for private companies. Areas for discussion include how such measures might affect organisational decision‑making under pressure, coordination with law enforcement, and considerations for overall national resilience.
Funding, R&D, resource allocation & policy coordination
There will also be a focus on investment and priorities for targeting resources, and alignment with wider policy objectives for national security, infrastructure, and economic growth, as well as immediate priorities for the new Government Cyber Unit. Delegates will consider potential opportunities through funding set out in the Spending Review 2025 for the National Cyber Security Centre and support for R&D through Queen’s University Belfast’s Cyber AI Hub, including the development of tools to counter AI-enabled phishing, malware and ransomware techniques.
Sessions will examine the coordination of these commitments with the National Cyber Action Plan, with stakeholders expressing concerns over strategic approaches to investment and training in local government and public services, and opportunities for developing regional cyber clusters to tackle challenges with capability disparities and access to talent. Support needed to strengthen the resourcing capacity of regulators to supervise newly in‑scope sectors will also be discussed.
Leadership & governance
The agenda will bring out latest thinking on priorities for organisational leadership, skills development, embedding workforce diversity, and tackling regional disparities. Board‑level governance and cyber leadership will be examined, including how good governance principles, clear accountability structures and effective oversight can best be applied to support organisations in meeting new regulatory and resilience requirements.
Innovation, collaboration & UK positioning internationally
Attendees will also explore strategies for embedding secure‑by‑design principles into digital infrastructure, opportunities for AI and wider innovation, and approaches to managing the cyber risks associated with increasingly autonomous and generative technologies - as well as strengthening collaboration through cross‑sector frameworks.
Key considerations for the UK’s positioning internationally will also be considered, including alignment with NIS2 and DORA, and strategies to enhance competitiveness in global markets.
All delegates will be able to contribute to the output of the conference, which will be shared with parliamentary, ministerial, departmental and regulatory offices, and more widely. This includes the full proceedings and additional articles submitted by delegates. As well as key stakeholders, those already due to attend include a parliamentary pass-holder from the House of Commons and officials from the Cabinet Office; Department for Education; Department of Health and Social Care; Department for Environment, Food & Rural Affairs; Department for Business and Trade; Department for Energy Security and Net Zero; Department for Science, Innovation and Technology; Department of Agriculture, Environment and Rural Affairs, NI; Department for Transport; Foreign, Commonwealth and Development Office; Government Legal Department; Government Office for Science; Health and Safety Executive; Home Office; HM Revenue and Customs; HM Treasury; Information Commissioner’s Office; Intellectual Property Office; Ministry of Defence; Ministry of Housing, Communities and Local Government; Ofcom; National Crime Agency; the Welsh Government; and The Scottish Government.
