The speech included news of an updated Cyber Security Resilience Bill, a digital ID law, and was paired with the announcement of a Cyber Crime Risk Order.
On May 13th, 2026, King Charles III delivered his 2026 King’s Speech to Parliament. The speech, given to the House of Lords, largely centered on security, with King Charles saying “My Government will seek to reinforce the long-term energy, defence and economic security of the United Kingdom as an essential component of strength on the world stage.” Emphasizing a focus on security is likely a response to the ongoing war on Iran spearheaded by the United States and Israel - a war that now has some UK involvement, despite Prime Minister Sir Keir Starmer saying he would not support a US blockade of Iranian ports. The UK was also one of the first nations to issue a warning about the risk for cyberattacks following the US-Israel attacks, noting the sectors most likely to be targeted by hacktivists or Iran-linked groups.
Cybersecurity specifically appeared twice in the speech, with the special focus probably being influenced by the impactful hacks that UK retailers have weathered last year. The Jaguar Land Rover hack of 2025 forced the nation’s largest automobile manufacturer to shut down systems before they could discover a solution to the cyberattack, costing the UK economy an estimated £1.9 billion. The year also saw expensive ransomware attacks on UK retailer giants Marks & Spencer, Co-op Group, and Harrods, with the M&S attack leading to the company losing £700 million in stock market value, and the Co-op breach allegedly compromising the private information of 20 million people. These incidents have established a clear link between economic security and cybersecurity, setting the scene for the king’s first cybersecurity mention, a reference to the Cyber Security and Resilience Bill: “Ministers will also introduce legislation to improve the country’s defenses against cybersecurity threats”.
The Bill has been in the works for a while, and also received its last update on May 14th, 2026. The bill was first introduced to Parliament in November 2025, in order to “strengthen the UK’s cyber defences and ensure critical infrastructure and the digital services companies rely on are secure.” The bill serves as an important update to the country’s security since their departure from the European Union in 2016 precludes them from the numerous cybersecurity policy developments that have been developed by the European Commission over the past decade, like the Cyber Crisis proposal, the Cyber Resilience Act, and the Artificial Intelligence Act. The bill will update enforcement of penalties for serious breaches caused by poor cybersecurity practices, allow regulators to confirm that critical suppliers meet minimum security standards, and require more reporting around cyber attacks in order to inform the government, along with a host of new measures.
Following the announced updates for the Cyber Security Security and Resilience Bill, King Charles shared news of another cybersecurity law. He explained that his government “will also proceed with the introduction of Digital ID that will modernise how citizens interact with public services”, in reference to the Digital Access to Services Bill. The digital ID law, first proposed in September 2025, was created with the intention of preventing immigrants from working illegally. The proposal became the subject of controversy, due to concerns about privacy and government overreach. The idea of a mandatory digital ID in order to work was dropped in January 2025 due to the backlash. The King’s speech has again stirred up conversation about mass surveillance, with the Director of Big Brother Watch, Silkie Carlo, saying: “Access to public services we all pay for should never require a digital ID. This would inevitably be an intrusive, multi billion pound system no one wants, no one voted for, and that has no real purpose. Plans so far have indicated that the digital ID would be a cradle to grave system ripe for mass surveillance and more government control over people’s lives."
The UK also announced plans for a Cyber Crime Risk Order in the Parliament’s documents for the King’s Speech, a law “to place robust controls on the behaviours of cyber criminals, alongside new powers to search individuals believed to be concealing evidence on behalf of suspects.” The Order will be an update to the 1990 Computer Misuse Act, and is meant to allow cybersecurity personnel to better protect computer networks. The announcement has received positive feedback, with a spokesperson for the CyberUp Campaign calling the decision “a genuine turning point for cyber security in the UK”, since the 1990 Act “has left legitimate cyber security professionals researchers operating under unnecessary legal risk”.
The United Kingdom’s work to update the Cyber Security Resilience Bill, reintroducing a digital ID law, in company with the creation of the Cyber Crime Risk Order represents a bigger prioritization of cybersecurity for the country. Considering the high rates of cyber attacks that persist in UK firms, this step is one in the right direction.