The Westminster lensArchive · §02 Speeches · 620 contributions

Speeches by Griffiths.

Every Hansard contribution by Alison Griffiths this parliament, most recent first. Back to the MP page for the headline figures and analysed positions.

Showing 121140 of 620 contributions · most-recent first

← PreviousPage 7 of 31Next →
DateDebate & contributionWords
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Sixth sitting)

My question relates to clause 29 but also clause 30. As the Minister says, the powers are deliberately wide. The Institution of Engineering and Technology noted in evidence that predictability matters more than compliance. Will the Minister explain exactly how the Government will judge when risks require new statutory

defenceeconomy-jobsutilities
61
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Sixth sitting)

I thank the Minister for his patience. He mentions a specific example of where he will ensure that the NCSC is resourced up. Do we have specific examples that have happened already of those powers having been put in place successfully? From conversations with the NCSC, I understand that it is reliant on its accredited

defenceeconomy-jobsutilities
97
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Fifth sitting)

New clauses 6 and 7 sit together and are linked by the same practical concern regarding clarity and workability when an incident is unfolding. I will start with new clause 6. Ransomware is no longer an occasional or unusual cyber-event; it is now one of the most common and disruptive threats facing essential services,

economy-jobsdefenceother
460
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Fifth sitting)

I want to use new clause 1 as a lens to view a wider question that sits underneath clause 24, rather than as a verdict on the clause itself. That question is how we decide, in a disciplined and credible way, which activities are sufficiently critical to be brought into the scope of the regime, and how that judgment is

economy-jobsdefenceother
581
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Sixth sitting)

Having worked in business, I know that the words we use to ensure that the capabilities are there are easy to say but not always easy to deliver. How will the Minister ensure that when we have a multi-sector issue, which could easily come up—particularly, as we have already discussed, around OT and the use of IEDs acro

defenceeconomy-jobsutilities
102
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Sixth sitting)

Further to that point of order, Mr Stringer. Genuinely, I simply need the Minister to speak slowly and clearly. Yes, I am wearing hearing aids; I am sure that others wear them too. I am doing my very best to make sure that I can lip-read, but that is almost impossible given the speed the Minister is speaking at. One ca

defenceeconomy-jobsutilities
72
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Sixth sitting)

Could the Minister repeat that?

defenceeconomy-jobsutilities
5
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Sixth sitting)

As we heard in written evidence from the ABI, clarity about roles really matters. Can the Minister confirm that the statement of strategic priorities is not intended to operate as indirect instruction, and that regulators will retain clear discretion where sector evidence points in a different direction?

defenceeconomy-jobsutilities
47
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Sixth sitting)

These procedures are standard, but the powers they apply to are significant. Where regulations under part 3 would materially expand duties or bring new actors into scope, have the Government considered whether those should receive deeper scrutiny in practice, even if the formal procedure remains the usual one?

defenceeconomy-jobsutilities
48
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Sixth sitting)

We heard from the Information Systems Audit and Control Association that codes work best when they reflect operational reality. Given their evidential status, can the Minister reassure the Committee that codes will remain practical and iterative and not quietly harden into rigid compliance rules?

defenceeconomy-jobsutilities
44
10 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Sixth sitting)

As the Minister is saying, clause 28 is meant to help Parliament understand how regulators are responding to the statement of strategic priorities. Can he say a little about how substantive that reporting will be, and whether it will genuinely allow Parliament to assess how those duties are being exercised in practice?

defenceeconomy-jobsutilities
52
5 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Third sitting)

Clause 7 is definition-heavy, and rightly so; these terms decide who is regulated and who is not. My only observation is that cloud models are, as the Minister knows, evolving quickly because of the AI revolution. Definitions that track architecture too closely will age fast, so the Committee should be alert to whether

technologydefenceeconomy-jobs
67
5 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Third sitting)

My hon. Friend is making a very good point, which also applies to improving board awareness and ensuring that the enforcement of the regulations incentivises boards to take the issue seriously and make sure that they are equipped to understand the commercial reality of cyber-security for their businesses. Enforcement i

technologydefenceeconomy-jobs
55
5 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Third sitting)

Clause 4 relies heavily on capacity as the trigger for regulation. I understand why that is attractive: it is measurable. But capacity is not the same as criticality, and a high-capacity facility used for redundancy can present less systemic risk than a smaller, highly concentrated one. I simply put on record that the

technologydefenceeconomy-jobs
67
5 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Third sitting)

Does my hon. Friend agree that, although we support the intent behind the Bill, clause 2 does a lot of framing work but does not necessarily consider the extensive perimeter that is coming through and how proportionality will be applied in practice? I suggest that the Committee keep that in mind as we move through the

technologydefenceeconomy-jobs
57
5 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Fourth sitting)

Bringing MSPs into scope is the right direction of travel, and MSPs sit at points of concentrated risk, but they are not all the same and the real risk is not size alone but the level of privileged access and cross-customer dependency. Proportionality will be critical under these provisions if we want better security,

technologyeconomy-jobsdefence
57
5 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Fourth sitting)

On my hon. Friend’s point about the lack of clarity in the Bill, there is a real possibility that firms will find that an MSP has one view of an issue while their client has another. Unless there is sufficient clarity in the wording of the Bill, we will have issues.

technologyeconomy-jobsdefence
51
5 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Fourth sitting)

I think my hon. Friend is about to reference the commercial impacts on MSPs. We have already referenced the fact that they are of many different sizes. One of the concerns the Committee will need to consider is whether new contracts will need to be written. The level of uncertainty being created may render the existing

technologyeconomy-jobsdefence
62
5 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Fourth sitting)

The clause is drafted broadly, which is understandable, but in practice many of the supply chains, as my hon. Friend has ably demonstrated, involve several layers of providers and sub-providers. I would welcome clarity on how regulators are expected to approach designation in these cases, so that responsibility is clea

technologyeconomy-jobsdefence
61
5 Feb 2026Cyber Security and Resilience (Network and Information Systems) Bill (Fourth sitting)

The clause merits close scrutiny, because it is the point in the Bill where risk is supposed to be addressed beyond the individual operator and into the supply chain. In plain terms, clause 12 will allow the regulator to designate a supplier as critical where disruption to that supplier would have a significant impact

technologyeconomy-jobsdefence
470
← PreviousPage 7 of 31 · click a debate to open the transcript with this MP’s speeches highlightedNext →
Sources
SourceHansard · official report
MethodEach row is one contribution (intervention or speech). Word count from the official text.