Controlling AI Agents: Why Detection Is Too Late

This is Part 2 of a 2-part series. Read Part 1: Your AI Agent Doesn’t Care About Your Controls

If AI agents change how execution happens, they also expose a fundamental limitation in how most security controls operate. Many control models assume there is sufficient time to detect, assess, and respond to events before they result in material impact.

That assumption no longer holds.

Traditional detection models follow a sequence in which an event occurs, is logged, analysed, and then acted upon. This approach works at human speed, where actions are spaced out and intervention is possible. In automated environments, particularly those involving AI agents, that sequence is compressed to the point where response often occurs after the outcome has already been realised.

The Speed Problem

AI agents operate at a pace that removes the window for meaningful intervention. They do not pause between actions or wait for approval cycles. Once triggered, they execute tasks rapidly across systems, often chaining multiple actions together in a single flow.

By the time an alert is generated, the action has already completed. By the time it is reviewed, the downstream effects may already be in place. This fundamentally changes the role of detection. It becomes a mechanism for understanding what has happened, rather than preventing it.

The Illusion of Monitoring

In response to increasing complexity, many organisations invest in expanding their monitoring capability. More logs are collected, more alerts are generated, and dashboards become more detailed. However, this increase in visibility does not automatically translate into improved control.

Without context, prioritisation, and validation, monitoring becomes a record of activity rather than a means of assurance. Security operations teams are often left dealing with high volumes of alerts that are difficult to interpret in real time. AI agents amplify this problem by increasing both the frequency and the speed of events.

The result is a growing gap between what can be seen and what can be meaningfully controlled.

Evidence and Its Limitations

Control assurance depends on evidence, but evidence is only useful if it reflects the current state of the environment. In slower operational models, evidence can remain valid for extended periods. In highly automated environments, that validity window shortens significantly.

Access models change, configurations drift, and behaviour evolves rapidly. Evidence that was accurate recently may no longer represent reality. This creates a challenge for organisations that rely on periodic validation or static reporting to demonstrate control effectiveness.

In this context, evidence must be continuously refreshed and validated against actual behaviour, not assumed based on design.

What Needs to Change

Addressing this challenge does not require abandoning existing frameworks, but it does require changing how they are applied.

The first shift is from access control to execution control. It is no longer sufficient to confirm that an identity has access to a system. Organisations must understand what actions are being executed, in what sequence, and under what conditions.

The second shift is the reintroduction of accountability. Every action performed by an AI agent should be attributable, traceable, and explainable. Without that, it is difficult to demonstrate that controls are operating effectively.

The third shift is towards validating real behaviour. Policies, architectures, and intended workflows provide useful context, but they do not prove how systems behave in practice. Validation must be based on observed activity in production environments.

Finally, independent assurance becomes increasingly important. Second-line validation provides a mechanism to challenge assumptions, review evidence, and confirm that controls operate as intended under real conditions. Without this, there is a risk that assurance becomes self-declared rather than evidence-based.

Final Thought

AI agents are efficient and highly capable. They execute exactly what they are designed to do, often with greater speed and consistency than human operators.

The risk lies not in the technology itself, but in the assumption that existing control models still provide meaningful assurance. As execution changes, so must the way control effectiveness is measured and validated.

The key question is no longer whether controls exist, but whether their effectiveness can be demonstrated in the context in which they are now operating.

Your AI Agent Doesn’t Care About Your Controls

This is Part 1 of a 2-part series on AI agents and control assurance.  Read Part 2: Controlling AI Agents: Why Detection Is Too Late

The cybersecurity industry has spent years investing in visibility. Dashboards have improved, detection tooling has matured, and the volume of telemetry available to security teams has increased significantly. Most organisations can now see more of their environment than at any point in the past.

However, one of the most important emerging risks is not hidden malware or an unknown vulnerability. It is the rapid introduction of AI agents operating across environments that organisations do not fully understand, cannot clearly inventory, and often cannot meaningfully govern.

This is not simply another software category. It represents the introduction of autonomous digital actors interacting with identity systems, APIs, SaaS platforms, cloud environments, and business processes. These agents are not constrained by the same assumptions that underpin traditional control models, and that is where the risk begins to surface.

From Users to Actors

Traditional security models are built around users. Users authenticate, request access, and perform actions within defined boundaries. Even when errors occur, those actions are constrained by identity controls, privilege models, monitoring, and the natural pace of human interaction. There is friction in the system, and that friction is part of how control is maintained.

AI agents remove much of that friction. They are not passive tools assisting users; they are active actors executing tasks. They retrieve data, make decisions, invoke APIs, and trigger workflows across multiple systems in seconds. The shift is subtle but important. The challenge is no longer limited to managing access. It becomes a question of controlling execution.

Execution Without Assurance

Most organisations assume their existing control frameworks still apply in this new model. On paper, they do. In practice, they often do not.

Control frameworks were designed to validate human-driven actions, predictable workflows, relatively static privilege models, and slower operational cycles. They were not designed to validate high-frequency automated decisions, cross-system execution chains, or real-time, context-driven behaviour.

This creates a gap that is easy to overlook. The agent may be authenticating correctly, calling approved APIs, and interacting with authorised systems. From a control perspective, nothing appears to be broken. Yet there is often no mechanism to prove that the actions being executed are appropriate, proportionate, or safe in the context in which they occur.

Where Controls Start to Fail

This is not a theoretical issue. It is a structural one, and it tends to appear in consistent ways across environments.

The first area is identity. AI agents commonly operate using service accounts, shared credentials, or delegated access tokens. While this enables integration and automation, it weakens attribution. In a traditional model, actions can be traced to an individual. In an AI-driven model, activity may be technically valid but operationally ambiguous, making it difficult to establish accountability when something goes wrong.

The second area is privilege. To enable capability, agents are often granted broad access across systems and services. However, least privilege is not simply about limiting access; it is about ensuring that access is used appropriately in context. An agent may be authorised to access a system, but that does not mean every action it performs within that system aligns with business intent or risk tolerance. Most control models validate access rights rather than behavioural appropriateness.

The third area is monitoring. As automation increases, so does logging. However, more data does not necessarily lead to more assurance. When an agent executes hundreds of actions in a short period, logs can quickly become noise, alerts become volume-driven, and meaningful signal is harder to extract. Monitoring shifts from proactive oversight to retrospective analysis.

The final and most important area is control validation. Controls such as access reviews, segregation of duties, and approval workflows may still exist, but they are rarely tested against autonomous, multi-step execution across systems. The result is not a lack of controls, but a lack of confidence that those controls are operating effectively in the way they were intended.

Final Thought

AI agents are not bypassing controls. In most cases, they are operating within them. The issue is that those controls were not designed to validate how work is now being executed.

If control effectiveness cannot be demonstrated against real behaviour, then the presence of controls alone does not provide assurance.

Next in the series:
Controlling AI Agents: Why Detection Is Too Late

AI Agents Are Creating a New Cybersecurity Blind Spot

The cybersecurity industry has spent years focusing on visibility. Dashboards expanded. Detection tooling improved. Telemetry volumes exploded. Yet one of the biggest emerging risks in 2026 is not hidden malware or an unknown zero-day. It is the rapid deployment of AI agents that organisations barely understand, cannot fully inventory, and often cannot meaningfully govern.

AI agents are moving beyond chat interfaces and simple copilots. They are increasingly capable of reasoning, planning, accessing systems, invoking tools, retrieving information, and taking autonomous actions with limited human involvement. That changes the security conversation entirely.

This is not simply another software category. It is the emergence of autonomous digital workers operating across identity systems, APIs, SaaS platforms, cloud environments, and business processes.

And most organisations are deploying them faster than they can secure them.

Research and industry reporting throughout 2026 show a growing concern across both government and enterprise sectors around agentic AI security risks. Security leaders increasingly view autonomous AI systems as one of the most significant new attack surfaces facing organisations.

The concern is justified.

AI agents introduce a combination of risks that traditional governance and security models were never designed to handle.

AI Agents Change the Nature of Identity Risk

Most cybersecurity programmes were built around managing human identities and traditional service accounts. AI agents disrupt that model because they behave more like autonomous actors than passive software components.

Many organisations are now deploying AI agents with:

• access to internal documentation
• integration into SaaS platforms
• permissions to execute workflows
• API access to sensitive systems
• delegated authority to make operational decisions

The problem is not simply access. It is scale and autonomy.

Industry forecasts suggest AI agent identities may soon outnumber human identities dramatically inside enterprise environments.

That creates several immediate challenges:

• identity sprawl
• excessive permissions
• unmanaged API tokens
• poor lifecycle governance
• invisible machine-to-machine trust relationships
• difficulty attributing actions and accountability

In many environments, organisations already struggle to maintain accurate inventories of privileged accounts or SaaS integrations. AI agents accelerate that problem significantly.

The result is a growing gap between operational reality and governance visibility.

AI Agents Create a New Attack Surface

The security industry often focuses heavily on model risks such as prompt injection or data poisoning. Those are important, but they are only part of the picture.

The bigger issue is that AI agents operate across interconnected runtime environments.

Modern agents may:

• consume external data
• invoke plugins and APIs
• interact with cloud services
• maintain persistent memory
• chain multiple actions together
• collaborate with other agents
• execute operational workflows automatically

That creates an entirely new form of runtime attack surface.

Recent research highlights risks including:

• memory poisoning
• malicious tool invocation
• indirect prompt injection
• AI supply chain compromise
• runtime dependency manipulation
• self-propagating agent loops
• excessive agency and unauthorised action execution

The important point is this:

Many of these attacks do not exploit traditional software vulnerabilities. They exploit trust, autonomy, orchestration, and context.

That makes detection and governance significantly harder.

Why Existing Security Controls Are Struggling

One of the most dangerous assumptions organisations can make is believing existing security tooling automatically extends to AI agents.

In many cases it does not.

Traditional controls were largely designed for:

• deterministic systems
• predictable workflows
• static permissions
• human-driven actions
• relatively stable software behaviour

AI agents are fundamentally different.

They are probabilistic, adaptive, and capable of unexpected behaviour under changing context conditions.

This creates several assurance problems:

• inventories quickly become outdated
• permissions drift continuously
• actions may not be fully explainable
• logging lacks meaningful context
• governance ownership becomes unclear
• accountability boundaries blur

The challenge is not merely technical. It is operational.

Security teams increasingly face environments where AI functionality appears inside:

• SaaS products
• collaboration platforms
• development tooling
• cloud management interfaces
• workflow automation systems
• productivity platforms

Often these capabilities are enabled by default or adopted informally by business teams before governance frameworks exist.

This is rapidly becoming one of the largest forms of Shadow IT the industry has seen.

The Real Risk Is Governance Lag

The most significant AI security risk in many organisations is not the AI itself.

It is governance lag.

Technology deployment is moving faster than:

• control validation
• identity governance
• operational assurance
• policy adaptation
• board understanding
• security architecture redesign

This creates a dangerous illusion of control.

Dashboards may still appear green while autonomous systems quietly accumulate:

• privileges
• integrations
• external dependencies
• sensitive data access
• operational authority

Without strong governance, organisations risk repeating familiar mistakes:

• deploying first
• governing later
• discovering exposure during incidents

The difference now is speed.

AI systems compress timelines dramatically.

What Security Leaders Should Do Next

The organisations responding most effectively are not trying to ban AI agents entirely. They are focusing on visibility, containment, and evidence-driven governance.

Several priorities are emerging:

1. Build an AI Asset Inventory

Most organisations cannot currently answer:

• which AI agents exist
• what systems they access
• what permissions they hold
• what data they process
• who owns them

That must change quickly.

AI agents should be treated as managed operational assets with clear ownership and lifecycle governance.

2. Apply Least Privilege Aggressively

Many AI deployments currently operate with excessive permissions for convenience.

That is unsustainable.

AI agents should operate with:

• constrained access scopes
• segmented permissions
• time-limited credentials
• monitored API activity
• restricted tool invocation

The principle of least privilege matters even more in autonomous environments.

3. Treat AI Runtime Behaviour as an Assurance Problem

The industry increasingly needs continuous validation rather than static approval models.

Security teams should focus on:

• runtime monitoring
• behavioural drift detection
• evidence freshness
• control verification
• anomalous workflow analysis

This aligns closely with broader Continuous Control Monitoring (CCM) approaches already emerging across cybersecurity assurance programmes.

4. Update Governance Frameworks

Most governance structures were not designed for autonomous operational actors.

Boards, risk committees, and security leadership teams need clearer accountability models around:

• AI deployment ownership
• operational risk tolerance
• human override mechanisms
• auditability
• resilience testing
• third-party AI exposure

The governance gap is becoming as important as the technical gap.

Final Thought

AI agents are not simply another cybersecurity trend. They represent a structural change in how digital systems operate.

The organisations that succeed will not necessarily be those deploying AI fastest.

They will be the organisations that can answer:

• what their AI systems are doing
• what authority they possess
• how they are governed
• how they are monitored
• whether their controls still work under real operational conditions

That is ultimately the real challenge of AI security in 2026.

Not visibility alone.

But provable assurance.

Sources and further reading:

• International AI Safety Report 2026
• State of AI Cybersecurity 2026
• Agentic AI security research papers
• Industry reporting on AI agent attack surfaces and governance risks

Mythos AI: What Security Leaders Should Do Next

The recent discussion around Anthropic’s Claude Mythos Preview and Project Glasswing has caught the attention of the cybersecurity industry for good reason.

Mythos is not just another AI announcement. It is being positioned as a frontier model with advanced cybersecurity capability, particularly around finding and exploiting software vulnerabilities. Anthropic has stated that Project Glasswing is intended to give selected defenders early access to this capability to help secure critical software, rather than releasing the model broadly.

Cisco has also published guidance following its work with Mythos, explaining that it is changing its near-term threat modelling of AI-enabled attackers and issuing defensive recommendations for customers. That is the important point.

Whether Mythos itself remains tightly controlled or not, the direction of travel is clear. AI-enabled vulnerability discovery and exploitation capability is improving quickly. Security teams need to prepare for a world where attackers can find, chain and act on weaknesses faster than many organisations can currently respond.

Why Mythos Matters

The concern is not that every attacker suddenly has access to Mythos today.

The concern is that Mythos shows what is becoming possible.

If AI can accelerate vulnerability discovery, exploit development and attack path analysis, then the defensive timeline changes. Security teams cannot rely on slow review cycles, stale evidence or manual-only response models when the speed of threat discovery is increasing.

This does not mean the fundamentals no longer matter.

It means they matter more.

Cisco’s guidance focuses heavily on strengthening fundamentals such as phishing-resistant MFA, Zero Trust, least privilege for AI agents, disciplined patch management and full asset visibility. It also highlights removing end-of-life systems, automating detection and containment, embedding active defences and using AI defensively for threat hunting, validation and testing.

That is where the practical response needs to start.

The Risk Is Speed

Many organisations still manage cyber risk through processes designed for a slower environment.

• Monthly reporting.
• Quarterly reviews.
• Annual testing.
• Periodic evidence collection.
• Manual triage.
• Long remediation cycles.

Those activities still have a place, but they are not enough on their own.

AI-enabled attackers will not wait for the next governance cycle. They will look for exposed systems, weak identity controls, unpatched vulnerabilities, misconfigured cloud services and overlooked legacy platforms.

The key question becomes:

Can we identify and reduce exposure quickly enough?

That is a very different question from simply asking whether a control exists.

What Security Leaders Should Focus On

The response to Mythos should not be panic, hype or rushing to buy more AI tooling.

It should be disciplined improvement in the areas that matter most.

1. Strengthen Security Fundamentals

Start with the controls that reduce the most likely paths of attack:

• Phishing-resistant MFA.
• Least privilege.
• Complete asset visibility.
• Disciplined patch management.
• Removal of end-of-life systems.
• Secure configuration.
• Segmentation.
• Logging and monitoring.
• Tested incident response.

These are not new ideas. The challenge is proving they are actually working across the environment.

2. Reduce Structural Risk

End-of-life platforms, unsupported systems and brittle legacy dependencies become more dangerous when attackers can find and chain weaknesses faster.

This is not just a technology hygiene issue.

It is a resilience issue.

Organisations should be clear on where structural risk exists, who owns it, what compensating controls are in place and by when the risk will be reduced.

3. Automate Where Speed Matters

Manual response will always have a role, especially where decisions affect operations. But manual-only models will struggle against AI-driven attack velocity.

Security teams should look at where automation can safely support:

• Detection.
• Enrichment.
• Prioritisation.
• Containment.
• Evidence collection.
• Control validation.

The aim is not blind automation.

The aim is controlled speed.

4. Apply Least Privilege to AI Agents

One important point in the Cisco guidance is that least privilege must also apply to AI agents.

That is a point worth taking seriously.

AI agents may interact with systems, APIs, data, workflows and security tooling. If they are not properly governed, they can become powerful operational pathways.

Security teams should be asking:

• What can the agent access?
• What actions can it take?
• Who approved that access?
• How is activity logged?
• How is behaviour reviewed?
• How is access removed when no longer needed?

AI agents should not sit outside normal identity, access and change control disciplines.

5. Improve Control Assurance

This is where Mythos becomes especially relevant.

It is not enough to say controls exist.

Security leaders need confidence that key controls are operating effectively and that the evidence behind them is current.

For example, if patch compliance is reported as high, are internet-facing assets included? Are exceptions approved? Are unsupported systems visible? Does asset inventory match the patching data?

If MFA is reported as complete, are privileged users covered? Are break-glass accounts monitored? Are service accounts excluded? Are temporary bypasses reviewed?

If endpoint protection is deployed, are agents active, current and reporting from all in-scope assets?

This is the practical value of control assurance. It challenges assumptions before attackers do.

What Boards Should Ask

The Mythos discussion should also sharpen board-level cyber questions.

Instead of only asking:

Are we secure?

Boards should increasingly ask:

• How quickly can we identify exposure?
• How fresh is our control evidence?
• Which critical systems still rely on unsupported technology?
• Where are we dependent on manual response?
• Are AI agents governed through least privilege?
• Can we prove key controls are operating effectively?

These are practical questions. They move the conversation away from confidence statements and towards evidence.

Using AI Defensively

AI should not only be seen as an attacker advantage.

Defenders should also use AI where it improves speed, analysis and prioritisation. That might include threat hunting, vulnerability analysis, configuration review, testing, simulation and control validation.

But AI-generated outputs still need challenge.

AI can support assurance, but it should not replace evidence.

Final Thoughts

Mythos matters because it signals where cybersecurity is heading.

AI-enabled capability is likely to make vulnerability discovery, exploit chaining and attack planning faster. That increases pressure on organisations still relying on slow remediation, incomplete visibility and periodic assurance.

The answer is not fear.

The answer is preparation.

Strengthen the fundamentals. Reduce structural risk. Improve visibility. Automate carefully. Govern AI agents. Validate controls with current evidence.

At Cybersecurity Expert UK, I am continuing to explore these themes around practical cyber resilience, assurance and measurable control effectiveness.

I have also been developing AI Labs tools to help security leaders think through exposure, control assurance and operational resilience in a more practical way, including:

• Threat Exposure Analysis.
• Control Assurance Validation.
• Operational Resilience Mapping.
• Cyber Control Failure Simulation.

You can explore the AI Labs tools here:

AI Labs – Provable Cyber Resilience Tools

The core message is simple.

In an AI-accelerated threat environment, assumptions will not be enough.

Security leaders need evidence they can trust.

Adaptive Security Leadership in an Expanding Threat Surface

Last week I joined fellow security leaders at CISO Inspire Summit North for a panel discussion on The Expanding Threat Surface: Adaptive Security Leadership for 2026 and Beyond.

It was a timely discussion, because the challenge facing security leaders today is not simply more threats. It is more connections, more dependencies, and more complexity. Suppliers, SaaS, identities, automation and distributed ways of working have all expanded the attack surface in ways that traditional control models often struggle to keep pace with.

One theme I returned to during the discussion was that many cyber risks are not new. They are often familiar control failures appearing at greater scale and speed.

That matters, because it shifts the focus from chasing every emerging technology risk to strengthening fundamentals.

Security fundamentals still matter most
Identity, ownership, visibility and resilience remain foundational.

As organisations scale, risk often hides where ownership is unclear, where no one truly owns a critical service, a supplier dependency, or a privileged access path.

Adaptive security leadership is not simply about adding more controls. It is about making sure the right controls are owned, evidenced, validated and able to hold under pressure.

Visibility alone is not assurance
Another discussion point was the danger of equating visibility with confidence.

Dashboards can inform. They do not, on their own, assure.

Confidence should come not just from seeing controls, but from evidence they work in practice.

That distinction matters even more as regulatory expectations increase and boards ask harder questions about resilience, not merely compliance.

Complexity is becoming a risk in itself
One point raised during the panel was that we may sometimes over-engineer controls while under-investing in fundamentals.

Complexity can create blind spots.

Adaptive leadership often means simplifying security, making the secure path the default, and reducing friction rather than adding layers that become difficult to sustain.

In many cases resilience improves not through more complexity, but through clearer ownership, stronger validation and simpler control design.

Zero Trust is a direction, not a destination
We also touched on Zero Trust, which is often discussed as an architectural ambition.

I tend to see it more practically.

Strong identity, least privilege, continuous validation and measurable progress matter far more than treating Zero Trust as a finished state.

It is less a destination than a discipline.

One practical takeaway
If there was one practical action I would emphasise, it would be this:

• Make ownership explicit for critical services, then test one real failure end-to-end.
• That often reveals more about operational resilience than many reporting packs ever will.
• Turning assumptions into proven resilience remains one of the most important shifts organisations can make.

Final reflection
A strong message from the session was that adaptive security leadership today is increasingly about judgement, accountability and evidence.

Not just technology.

Not just compliance.

But proving controls hold when conditions are less than perfect.

That is where confidence is built.

Thanks again to the organisers, moderator and fellow panellists for a thoughtful discussion.

AI Agents, Security Culture and a Conversation at Abbey Road Studios

I recently joined a panel at the iconic Abbey Road Studios to discuss a provocative theme: Your AI agent doesn’t care about your security culture. 

HotTopics Studio: Abbey Road Studios Event

It captures an important truth. AI will often scale the quality of the environment it is given, whether that environment is built on strong governance and effective controls, or weak assumptions and poor oversight.

One of the themes explored was accountability. As organisations move from experimenting with AI to operationalising it, the challenge is not only what AI can do, but who governs it, how outcomes are verified, and how control effectiveness keeps pace.

My own takeaway was simple: AI does not compensate for weak controls. It can amplify them.

A fitting discussion in an iconic setting.

What the UK Cyber Security & Resilience Bill Means for Security Practitioners

The UK Cyber Security & Resilience Bill is progressing through Parliament Royal Assent expected later in 2026.

The UK's Cyber Security and Resilience Bill is working its way through Parliament, and if you haven't started paying serious attention yet, now is the time. Introduced to the House of Commons in November 2025, the Bill represents the most significant overhaul of UK cyber regulation since the NIS Regulations in 2018, and its implications for security practitioners are immediate and practical.

What's Actually Changing
At its core, the Bill expands the existing Network and Information Systems regulatory framework. It brings more organisations into scope, imposes stricter incident notification requirements, and hands regulators substantially more enforcement power. Secondary legislation and statutory Codes of Practice will follow, but the primary architecture of what you'll be working within is already taking shape.

One of the most significant shifts for practitioners working in or alongside managed services is the creation of a new regulated entity category: the Relevant Managed Service Provider (RMSP). For the first time, MSPs providing services to in-scope sectors face direct regulatory obligations. If your organisation is an MSP, or relies heavily on one, your compliance exposure has materially changed.

⚠ Key Point - Incident Reporting Timelines

 The Bill introduces two-stage incident reporting: an initial notification within 24 hours and a full report within 72 hours, with copies sent to the NCSC. Your detection, triage, and escalation workflows need to meet these timelines under real pressure, not just on paper.

Penalties That Command Attention

The financial exposure for non-compliance is substantial and should feature prominently in any board-level conversation about investment in cyber controls.

Maximum Penalty Structure

• Standard maximum penalty - £10m or 2% of global turnover
• Higher maximum (serious breaches) - £17m or 4% of worldwide turnover
• Continuing contraventions (daily) - Up to £100,000 per day
• Extended ceiling (exceptional cases) - Up to 10% of worldwide turnover

These are not hypothetical. Regulators will also gain cost recovery powers, able to levy periodic fees to fund their oversight activities. Expect more active enforcement, not passive monitoring.

UK vs NIS2: Don't Assume Alignment
If your organisation already operates under the EU's NIS2 framework, a critical warning: the UK Bill and NIS2 share objectives but diverge in material ways. Reporting thresholds differ, customer notification requirements differ, and the sectors in scope are structured differently. A NIS2-aligned incident response playbook will not automatically satisfy UK obligations.

Practitioners managing cross-border environments will need jurisdiction-specific runbooks. A single process attempting to satisfy both simultaneously risks failing both under pressure.
Supply Chain Risk Is Now Statutory

The Bill introduces the concept of designated "critical suppliers" organisations whose compromise could cause major disruption to the economy or wider society, even if they are not themselves regulated entities. These suppliers will receive formal written notice and will have the right to make representations or appeal.

Secondary legislation will likely impose specific supply chain security obligations on regulated entities potentially including contractual requirements, security assessments, and continuity planning mandates. The era of passing a questionnaire and considering supply chain risk managed is ending.

🔗 Supply Chain Reality Check

Without consolidated visibility across cloud platforms, SaaS providers, and outsourced partners, your compliance posture is built on assumptions, not evidence. The Bill will expose that gap when regulators come calling.

What Practitioners Should Do Now
The Bill has passed its Report Stage in the Commons and is heading to the House of Lords. Royal Assent is expected later in 2026. Waiting for the final text before acting is not a defensible position.

• Determine whether your organisation or key MSPs fall into newly in-scope categories, including data centres with Rated IT Load above 1 MW
• Review incident detection and escalation workflows against the 24-hour initial notification requirement
• Map divergence between your current NIS/NIS2 compliance posture and what the UK Bill will require
• Audit your supplier assurance programme, move beyond annual questionnaires towards continuous oversight
• Engage legal, compliance, and operational teams together; this cannot be owned by security alone
• Monitor the Bill's progress and watch for secondary legislation, which will contain the operational detail

The regulatory environment for UK cyber security is shifting substantially. The organisations best placed when the Bill receives Royal Assent will be those treating this as a live operational project, not a future compliance task.

Track the Bill's progress via the UK Parliament Bills tracker and the House of Commons Library briefing.