Geopolitics and Critical National Infrastructure

Views on the security implications of a shifting global order

recent posts

about

The King’s Speech 2026

UK Legislative Agenda for Security & Resilience

By Stephen Hermanson

14 May 2026

The King’s Speech traditionally receives a comprehensive level of analysis and commentary, which is no different in 2026.

This piece is a small contribution that focuses specifically on the government’s agenda for security and resilience, which contains a number of legislative measures to respond to the security landscape driven by the current geopolitical context.

For organisations on the frontline, responding to security threats, the timing and nature of public policy interventions has important implications for the success and sustainability of security postures and investments.

A complex tapestry of extant, updated and new legislation has arisen to provide both governments and industry with mandates and obligations to understand and respond to threats against national security and resilience (examples in Annex-A).

Leaving aside how governments define national security and resilience (something to return to in a future piece), the mission for organisations is to chart a course through a complex array of legal and regulatory requirements to arrive at an effective and sustainable security strategy.

Too often, however, the strategy merely responds to the legal and regulatory position as it lands. At this point the legal and regulatory position has determined the paradigm and broad parameters. Security Public Policy gets in front of this cycle and helps to assess and shape the design and scope of legislative measures for current and future contexts.

This is useful as it brings real world operational data about security into the public policy process. This allows for careful analysis of what works, what doesn’t and what the trade-offs might be in terms of cost, capability and intrusion. It’s also useful as it allows for a holistic approach that considers how separate pieces of legislation co-exist to support/amplify effects.

There’s no avoiding the reality of complex legislative stacks. The role of Security Public Policy is to refine and consolidate security and resilience measures to reduce overlap, ambiguity and gaps insofar as possible – looking across primary and secondary legislation, regulatory interpretations and industry standards.

The aim is effective and efficient public policy that creates the conditions for good security outcomes. It’s a long game that needs to span a number of policy cycles, financial years and even governments.

Annex-A – Key Security Initiatives as of 14 May 2026

LegislationHeadline Summary
Cyber Security & Resilience BillReplaces 2018 Network & Information Systems (NIS) Regulations. Expands scope. 24/72-hour incident reporting. Regulators gain cost recovery and audit powers.
Computer Misuse Act ReformNew legal defence for individuals who access systems in good faith to identify and responsibly disclose vulnerabilities where they follow defined safeguards.
Terrorism (Protection of Premises) Act (Martyn’s Law)Comes into force no earlier than April 2027. Security Industry Authority oversees compliance of proactive steps to ensure formal security planning and training for public events.
Border Security, Asylum & Immigration ActCounter Terrorism style ‘precursor offences’ criminalise supply chain support and information gathering for organised immigration crime.
Crime and Policing ActNew youth diversion orders for terrorism-related arrests. Police can extract data from cloud accounts accessed via seized devices.
Tackling State Threats BillNew designation mechanism for state-linked organisations to disrupt foreign proxies and front companies. 2023 National Security Act offences also extended to state proxies.
National Security BillCriminalises creation and sharing of the most harmful online material associated with mass casualty planning. Extends Online Safety Act framework.
Energy Independence BillExplicitly framed as a national security measure and creates a dual regulatory track for energy operators that intersects with Cyber Security & Resilience Bill obligations.
Armed Forces BillIntroduced in 2024–26 session and carries over to 2026-27. Improves the service justice system and establishes the Armed Forces Covenant in statute.
Defence Readiness BillAbsent. Would have implemented the Strategic Defence Review 2025 recommendations. Defence Investment Plan stalled.
Posted in

Leave a comment