This Navigator translates the Cyber Security and Resilience (Network and Information Systems) Bill into practical actions for security, ops, and leadership teams — and for MSPs who want to attach a SOC to their managed services.

Who it’s for

Track A — IT Managers / CTOs (all industries)

If you run IT/security operations and need a repeatable first-24-hours incident process that aligns to the Bill’s incident notification and customer notification requirements.

• Initial + full incident notifications include 24/72-hour windows for regulated persons (OES/RDSP/RMSP/critical suppliers).

Track B — MSP Owners / Directors Selling a MDR, SOC

If you deliver managed services and need a SOC attach playbook that helps you operationalise:

• Risk management duties for relevant managed service providers (RMSPs)
• Incident notification + customer notification flows

What you’ll get

• A plain-English view of what the Bill changes (scope, duties, reporting, enforcement) grounded in the Bill text.
• A practical incident lane aligned to 24/72-hour notification requirements for regulated persons.
• A copy/paste evidence pack aligned to: what incident notifications must contain
• and the Bill’s information-gathering powers
• MSP-ready SOC attach packaging + talk tracks mapped to Bill-driven operational outcomes (speed, certainty, evidence).

Why now?

The Bill signals a move toward more entities in scope + faster structured incident notifications + stronger enforcement toolsets:

• Scope expands to include, among other things: