I think this is an overly cynical read on the whole thing, at least after skimming the main points from the bill.
A lot of it is about designating critical suppliers + providers and their security obligations.
Central government would typically be a customer, that uses other suppliers and providers to achieve its goals, not a supplier or a provider itself.
So in that sense it doesn't seem so strange to see it omitted, or at least for first set of legislation etc.? Get the first party suppliers in shape first, then legislate the net result of government function using those suppliers etc.
What you're describing would see the government fall outside the purview of the law naturally, without the need for an exemption. This is a true case of an exception that proves the rule — the fact that they made the exemption is itself proof that they would've been otherwise subject to the law.
This is a wrong assumption, it's not that they aren't customers as they'll deal with hundreds of vendors/partners and will benefit from these changes regardless but national cyber & supporting IT agencies (including the UK) are often providers themselves to both other government agencies and private organizations in the country.
This can be anything from running their SOC functions to specialized consulting services to intelligence sharing so the bill is definitely relevant and the exclusion of the govt. doesn't seem to serve a purpose other than saving the budget to implement/maintain their own rules.
So there are legitimate reasons for doing this, such as avoiding having to write reports and request authorizations from oneself, not having to disclose certain sensitive information, etc.
The right way to do this is to draft a framework law and a few decrees along the lines of “administrations XXX and YYY will apply NIS2 with the following exceptions and adaptations ....”
This avoids creating overly broad exemptions, ensuring that there is a reference framework, and preventing each administration from developing its own system.
This is very common in the arms and nuclear sectors, where many civil norms and standards clearly state “not applicable to nuclear” and the nuclear standard states “apply civil standard XXX, with the following specific provisions, the competent authority is the ONR.”
Declaring an overly broad exemption from the outset is not the right way to go about it.
Why is the UK so authoritarian on cyber security? I feel like they're consistently on HN with this type of "rules for thee, not for me" attitude regarding computer law.
This article is about the Cyber Security and Resilience Bill, which aims to increase the security of critical assets, and to strengthen breach reporting requirements.
It's puzzling to hear those steps described as "authoritarian." What makes you feel that way?
The UK is in a strange position, where it must have regulations that are fairly similar to those of the European Union in order to benefit from cross-recognition and not hinder trade with its main partner. In this case, NIS2.
But at the same time, they don't want to admit it and are rewriting these standards in a very specific way so that only British engineering firms and consultants can draft regulatory documents or ensure compliance.
It ensures a monopoly for these engineering firms and consultants.
This is such a poor understanding of what happened in Rotherham, not least of all nobody has ever claimed the UK government itself was the one running the trafficking ring, it borders on fantasy. I’m guessing from your spelling you’re not from the UK, so I’d question where you’re getting your information on this, and your understanding of how the UK public sector and government is structured.
The corruption in South Yorkshire Police and Rotherham council (neither of which are part of HMG) in the 1990s and early 2000s also has absolutely nothing to do with UK Government cyber security policy in 2026.
Liz Truss was barely in long enough for people to conduct a poll!
Thatcher was controversial but had ardent supporters. Where are Starmer's supporters? There aren't many even within the Labour Party.
No idea whether someone like Pitt the Younger or Canning back over a century ago were less popular. Really the onus should be on people to disprove this. I have not encountered a single live Starmer supporter in the wild but anyway...
"New polling reveals Sir Keir is the least popular prime minister on record, with a net satisfaction rating of -66, lower than previous lows for Rishi Sunak and John Major."
"Keir Starmer is the least popular prime minister on record, less than 18 months after being elected. In this sense, he is making history. Few, if any, mainstream political commentators anticipated this situation before the 2024 election. Of course, many on the radical left predicted it several years ago, but who listens to us?"
Popularity is a poor measure of performance in UK politics. The British public are regularly shown to be fickle and easily led in their judgements.
Results are a bit meh so far with Labour but at least they're not Trussesque dangerous. And positive achievements rarely get a mention in our press. Can't think why.
Brit here. UK Government's position "we will hold ourselves to equivalent standards via the Cyber Action Plan, just without legal obligations" -is institutionally equivalent to "trust the PDF." Fast forward to the non-repudiable era, please.
Where does Socialism fit into this exactly? As a counter-example, the US is currently in the process of implementing an extraordinary amount of censorship across the board, and rolling out massive state surveillance apparatus, but you don't see anyone accusing the current autocratic regime there of spooky "Socialism"
That account's history is almost entirely left bashing or giving praise to Elon Musk. I'd guess the comment above is part of his ongoing effort to destabilise the British political norms.
If somebody pisses on your shoe every day, do you just try to reason with them from scratch on the 10th day? Would you introduce yourself first, and inquire as to the reason why they are assuming the position?
I don't understand this perception that it is sacrilegious to look at somebody's posting history to discern any patterns in their behaviour.
No one appears to be pissing on shoes, but a public urination analogy may be fitting here. Should the alleged offender be reprimanded for their obvious behavior, or have their past bladder expressions deeply scrutinized first?
Because we live in a world where people are paid to spread FUD and disinformation especially related to political topics. Meanwhile one only has so much time to address arbitrary arguments. If it looks like the argument is being made for disingenuous purposes then engaging with it is probably a waste of your time.
The front page of the BBC right now, at the very top, is a large photo of protests in Iran. The headline reports that hospitals are overwhelmed by the regime cracking down on protestors.
The article focuses on first-hand accounts from medics inside Iran, describing the crackdown and casualties. It also contains statements from the Iranian opposition, the UN, US and French presidents and British PM, all critical of Khamenei, with just two mentions of the regime’s official statements.
Also, I just switched to the BBC News TV broadcast. The Iran protests are the lead story: a special report with a focus on the protestors, showing videos shared by them.
You’re welcome to your own opinions but some of your arguments here are trivial to debunk.
Literally the first article on the BBC News homepage is an about Iran with accounts from doctors and others critical of the regime.
This is the exact opposite of what you claimed we’d find.
My recommendation here is: if your research is this sloppy for your most trivial to check argument, then maybe you should spend a little time reviewing your other assumptions and whether you believe them out of faith or through research.
BREAKING NEWS: conservative blames "socialism" for the ills caused by conservatism
People thinking that New Labour is left wing is both frustrating and amusing. There's constant in-fighting in the Labour party for a reason. Thatcher supposedly thought one of her greatest achievements was making the Labour Party agree on the economy. Labour is increasingly socially regressive. Mrs. Snooper's Charter herself became Prime Minister as leader of the Conservative Party and brought in a ton of state surveillance and new terrorism laws. I'm genuinely baffled as to what you think "socialism" even is or what you think it's to blame for here.
You will find that written constitutions are about as effective as unwritten ones; if the people in power choose to disregard them, and have popular support, they tend to get away with it for long enough to do damage.
Fun fact: The UK has the Magna Carta, the original bill of rights signed in 1215. Did you know that's 561 years before the US declared its independence from the UK? To put it another way, 561 years is more than double the length of time the US has been a country.
Second fun fact: UK Prime Ministers aren't elected. Their party is elected, and tends to command a majority in the House of Commons, but if they don't, they get to trade horses with other parties to see which coalition can command a majority, and thus win a confidence vote. The party selects a leader through their own internal processes. Doesn't even have to be an elected MP. Then they tell the king, who rubberstamps the decision. They can do this at any time, not just after an election. Provided the leader can command a majority in Parliament, they get to continue. If enough of your own party dislikes you as leader, they will vote against a confidence motion and drop themselves and you out of power; your job is to not let it get to that.
The House of Lords is a secondary chamber, which scrutinises what the House of Commons passes and suggests rewordings and rewrites. (There's a whole other layer of scrutiny at the committee stage, for costing, etc.) They can send back bad bills, but can't send them back indefinitely, if the government had that in its election manifesto, so appointed or not, they can't defy the "will of the people".
The king doesn't rock the boat, not because he fears for his life, but because he'd trigger a constitutional crisis which will inevitably resolve in the form of a republican UK.
This isn’t an accurate interpretation. The UK is a _constitutional_ monarchy, not an absolute monarchy, meaning that the monarchy exists and acts in accordance with the constitution.
In the case of the UK, some of the rituals (such as the one you’re referring to with the prime minister) are based on longstanding traditions, because humans are weird and we like those sorts of things, but the requirement to do that stems from the constitution, not from the King deciding if he likes the PM or not.
And to be clear, the UK constitution is really the combined law passed over centuries (including the Magna Carts). There is no single, “sacred” document as in the US (which isn’t really sacred in practice - we can amend it or let SCOTUS re-interpret it).
The biggest difference between the UK and other constitutional countries is that parliament power is pretty much absolute and it is not bound by any document or pre-existing law.
In theory at least. In practice the courts have hinted that there are limits even for the parliament, and if it were to overstep some unwritten rules, it would cause a constitutional crisis.
This may have been the case historically, but these days the king's role is largely ceremonial.
As to the House of Lords, around 11% of its members are hereditary peers. A bill [1] is in progress to reduce that to zero:
> The bill would remove membership from 89 hereditary peers who currently sit in the House. Their membership would end at the conclusion of the current parliamentary session.
So, in summary, the UK is a democracy with its own set of historical quirks, much like many other democracies (Electoral College, anyone?).
We recently had a significant test of this. Boris Johnson asked the late Queen to prorogue (shut down) parliament in order to prevent debate on the Brexit negotiations between the UK and the European Union.
In theory he was asking permission from the Queen. But in practice, everyone knew that the Queen was powerless to reject his request. Even for something as plainly anti-democratic.
The Supreme Court eventually ruled that the prorogation was not lawful.
Lots of people were hoping that the Queen would stand up for the people. It was a complicated moment when she didn't!
This kind of stuff is fascinating because it's the state interacting with itself. The Queen was powerless to reject his request, he being the leader of the government who governed in her name, whose prorogation was overturned by judges she appointed. She ultimately did not need to act because she had an army of people who acted on her behalf. This is not to say that every misuse of power is always caught, but rather that the Monarch gets to maintain a facade of impartiality because all the partiality is being done by their institutions instead.
> The proposed Dissolution and Calling of Parliament Bill emphasised the non-justiciability of the revived prerogative powers, prevented courts from making certain rulings in relation to a Government's power to dissolve Parliament. It received royal assent over two years later, on 24 March 2022.
As some have said before, it effectively means in future the Supreme Court can't undo or interfere with prorogation like what Boris Johnson did in 2019. The Labour party have said they won't cancel this law, so Kier Starmer can now do same as Boris and courts can't stop him.
>which is akin to if we handed a bunch of decendants of the mayflower and rich industrialists and priests their own house of Congress.
The House of Lords does need reform, but this is not in any way an accurate picture of it since at least 1999 (https://en.wikipedia.org/wiki/House_of_Lords_Act_1999). When you strip away the historical baggage, the House of Lords is just an appointed second chamber. I'm fully in favor of removing the last vestiges of the hereditary principle in government, but hereditary peers do not have a significant amount of power in the current system.
>And when they "elect" a prime minister
Elections really do happen in the UK and really do determine who is Prime Minister. No need for the scare quotes here.
> so basically, there's this constant ritual of pretending they're a democracy when really it's only like that because the king current feels like it.
I'll resist the temptation to point out which country is more pertinently and accurately described this way in the present situation.
> Elections really do happen in the UK and really do determine who is Prime Minister.
Different person, but while this is true, it's also true that the Prime Minister is not elected: they [ordinarily] emerge as being the leader of whichever party commands a majority in Parliament. It's how we've had so much Prime-Minister turnover since the Brexit referendum: those didn't happen because the electorate "determined" it.
Yes sure, it’s a simplification to say that elections always directly determine who the Prime Minister is, and I probably should have been clearer on that point. However, this difference between a parliamentary system and a presidential one has nothing to do with rogue Kings going mad with power.
Even ignoring your flawed understanding of the UK's government, what is your glorious bill of rights worth at the end of the day? Your president just does whatever the hell he wants, ignoring any checks and balances as he sees fit. Freedom of speech? Well, as long as you don't criticise a certain deceased extremist, that is. Freedom of religion? Well, as long as you're a Christian. Freedom of the Press? As long as you're a right-wing influencer. Freedom of assembly? As long as you're not a Democrat. Right to petition the government? You might get shot by ICE agents for following their orders.
>Even ignoring your flawed understanding of the UK's government, what is your glorious bill of rights worth at the end of the day? Your president just does whatever the hell he wants, ignoring any checks and balances as he sees fit.
Are you talking about Bush, or Trump? Because the logic goes both ways -- when Blair bent over over when Bush wanted to go gallivanting into Iraq, we were set upon this path, one that started before I was old enough to vote... so maybe don't show up at the finish line to tut after literal decades of inaction?
A lot of it is about designating critical suppliers + providers and their security obligations.
Central government would typically be a customer, that uses other suppliers and providers to achieve its goals, not a supplier or a provider itself.
So in that sense it doesn't seem so strange to see it omitted, or at least for first set of legislation etc.? Get the first party suppliers in shape first, then legislate the net result of government function using those suppliers etc.
This is a wrong assumption, it's not that they aren't customers as they'll deal with hundreds of vendors/partners and will benefit from these changes regardless but national cyber & supporting IT agencies (including the UK) are often providers themselves to both other government agencies and private organizations in the country.
This can be anything from running their SOC functions to specialized consulting services to intelligence sharing so the bill is definitely relevant and the exclusion of the govt. doesn't seem to serve a purpose other than saving the budget to implement/maintain their own rules.
This matches the article's point that the UK CSR bill may be a first step that helps to phase in bespoke legislation to improve UK national security.
For me this is professional because my work involves UK software engineering for medical information.
Coordinated vulnerability disclosure: https://github.com/joelparkerhenderson/coordinated-vulnerabi...
src: worked construction in state data centers
¿What asbestos, qué?
The right way to do this is to draft a framework law and a few decrees along the lines of “administrations XXX and YYY will apply NIS2 with the following exceptions and adaptations ....”
This avoids creating overly broad exemptions, ensuring that there is a reference framework, and preventing each administration from developing its own system.
This is very common in the arms and nuclear sectors, where many civil norms and standards clearly state “not applicable to nuclear” and the nuclear standard states “apply civil standard XXX, with the following specific provisions, the competent authority is the ONR.”
Declaring an overly broad exemption from the outset is not the right way to go about it.
It's puzzling to hear those steps described as "authoritarian." What makes you feel that way?
My money’s on Twitter being the source.
But at the same time, they don't want to admit it and are rewriting these standards in a very specific way so that only British engineering firms and consultants can draft regulatory documents or ensure compliance.
It ensures a monopoly for these engineering firms and consultants.
The corruption in South Yorkshire Police and Rotherham council (neither of which are part of HMG) in the 1990s and early 2000s also has absolutely nothing to do with UK Government cyber security policy in 2026.
Starmer is indeed very unpopular, but “least popular ever” is not a claim which even has an agreed-upon measure.
Remember Liz Truss lasted lasted less time in office than it took for a lettuce to rot.
Thatcher was controversial but had ardent supporters. Where are Starmer's supporters? There aren't many even within the Labour Party.
No idea whether someone like Pitt the Younger or Canning back over a century ago were less popular. Really the onus should be on people to disprove this. I have not encountered a single live Starmer supporter in the wild but anyway...
https://www.independent.co.uk/bulletin/news/starmer-labour-c...
"New polling reveals Sir Keir is the least popular prime minister on record, with a net satisfaction rating of -66, lower than previous lows for Rishi Sunak and John Major."
https://www.telegraph.co.uk/politics/2025/09/27/starmer-leas... "Starmer is least popular PM on record, poll finds Only 13 per cent of voters are satisfied with Prime Minister, the fewest of any leader since 1970s."
I suppose you will complain about the Telegraph, but it isn't a tabloid.
https://www.newstatesman.com/politics/uk-politics/2025/12/wh...
"Keir Starmer is the least popular prime minister on record, less than 18 months after being elected. In this sense, he is making history. Few, if any, mainstream political commentators anticipated this situation before the 2024 election. Of course, many on the radical left predicted it several years ago, but who listens to us?"
Results are a bit meh so far with Labour but at least they're not Trussesque dangerous. And positive achievements rarely get a mention in our press. Can't think why.
He got in because people were sick of the last lot. Jeremy Corbyn got more votes overall as well.
The UK is a crumbling museum compared to every leading G7 economy that has growth.
I don't understand this perception that it is sacrilegious to look at somebody's posting history to discern any patterns in their behaviour.
Left bashing is one thing, but someone gicing praise to Elon Musk in 2026 is just mind-blowing to me
The article focuses on first-hand accounts from medics inside Iran, describing the crackdown and casualties. It also contains statements from the Iranian opposition, the UN, US and French presidents and British PM, all critical of Khamenei, with just two mentions of the regime’s official statements.
Also, I just switched to the BBC News TV broadcast. The Iran protests are the lead story: a special report with a focus on the protestors, showing videos shared by them.
Source: https://www.bbc.co.uk/news/articles/cj9rengvnp9o
Literally the first article on the BBC News homepage is an about Iran with accounts from doctors and others critical of the regime.
This is the exact opposite of what you claimed we’d find.
My recommendation here is: if your research is this sloppy for your most trivial to check argument, then maybe you should spend a little time reviewing your other assumptions and whether you believe them out of faith or through research.
People thinking that New Labour is left wing is both frustrating and amusing. There's constant in-fighting in the Labour party for a reason. Thatcher supposedly thought one of her greatest achievements was making the Labour Party agree on the economy. Labour is increasingly socially regressive. Mrs. Snooper's Charter herself became Prime Minister as leader of the Conservative Party and brought in a ton of state surveillance and new terrorism laws. I'm genuinely baffled as to what you think "socialism" even is or what you think it's to blame for here.
Fun fact: The UK has the Magna Carta, the original bill of rights signed in 1215. Did you know that's 561 years before the US declared its independence from the UK? To put it another way, 561 years is more than double the length of time the US has been a country.
Second fun fact: UK Prime Ministers aren't elected. Their party is elected, and tends to command a majority in the House of Commons, but if they don't, they get to trade horses with other parties to see which coalition can command a majority, and thus win a confidence vote. The party selects a leader through their own internal processes. Doesn't even have to be an elected MP. Then they tell the king, who rubberstamps the decision. They can do this at any time, not just after an election. Provided the leader can command a majority in Parliament, they get to continue. If enough of your own party dislikes you as leader, they will vote against a confidence motion and drop themselves and you out of power; your job is to not let it get to that.
The House of Lords is a secondary chamber, which scrutinises what the House of Commons passes and suggests rewordings and rewrites. (There's a whole other layer of scrutiny at the committee stage, for costing, etc.) They can send back bad bills, but can't send them back indefinitely, if the government had that in its election manifesto, so appointed or not, they can't defy the "will of the people".
The king doesn't rock the boat, not because he fears for his life, but because he'd trigger a constitutional crisis which will inevitably resolve in the form of a republican UK.
In the case of the UK, some of the rituals (such as the one you’re referring to with the prime minister) are based on longstanding traditions, because humans are weird and we like those sorts of things, but the requirement to do that stems from the constitution, not from the King deciding if he likes the PM or not.
In theory at least. In practice the courts have hinted that there are limits even for the parliament, and if it were to overstep some unwritten rules, it would cause a constitutional crisis.
What rules are those?
As to the House of Lords, around 11% of its members are hereditary peers. A bill [1] is in progress to reduce that to zero:
> The bill would remove membership from 89 hereditary peers who currently sit in the House. Their membership would end at the conclusion of the current parliamentary session.
So, in summary, the UK is a democracy with its own set of historical quirks, much like many other democracies (Electoral College, anyone?).
[1]: https://lordslibrary.parliament.uk/hereditary-peers-in-the-h...
In theory he was asking permission from the Queen. But in practice, everyone knew that the Queen was powerless to reject his request. Even for something as plainly anti-democratic.
The Supreme Court eventually ruled that the prorogation was not lawful.
Lots of people were hoping that the Queen would stand up for the people. It was a complicated moment when she didn't!
https://en.wikipedia.org/wiki/2019_United_Kingdom_prorogatio...
> The proposed Dissolution and Calling of Parliament Bill emphasised the non-justiciability of the revived prerogative powers, prevented courts from making certain rulings in relation to a Government's power to dissolve Parliament. It received royal assent over two years later, on 24 March 2022.
As some have said before, it effectively means in future the Supreme Court can't undo or interfere with prorogation like what Boris Johnson did in 2019. The Labour party have said they won't cancel this law, so Kier Starmer can now do same as Boris and courts can't stop him.
And, err, in England: https://en.wikipedia.org/wiki/Execution_of_Charles_I
>there is no "bill of rights"
There very literally is a bill of rights: https://en.wikipedia.org/wiki/Bill_of_Rights_1689
>which is akin to if we handed a bunch of decendants of the mayflower and rich industrialists and priests their own house of Congress.
The House of Lords does need reform, but this is not in any way an accurate picture of it since at least 1999 (https://en.wikipedia.org/wiki/House_of_Lords_Act_1999). When you strip away the historical baggage, the House of Lords is just an appointed second chamber. I'm fully in favor of removing the last vestiges of the hereditary principle in government, but hereditary peers do not have a significant amount of power in the current system.
>And when they "elect" a prime minister
Elections really do happen in the UK and really do determine who is Prime Minister. No need for the scare quotes here.
> so basically, there's this constant ritual of pretending they're a democracy when really it's only like that because the king current feels like it.
I'll resist the temptation to point out which country is more pertinently and accurately described this way in the present situation.
Different person, but while this is true, it's also true that the Prime Minister is not elected: they [ordinarily] emerge as being the leader of whichever party commands a majority in Parliament. It's how we've had so much Prime-Minister turnover since the Brexit referendum: those didn't happen because the electorate "determined" it.
Are you talking about Bush, or Trump? Because the logic goes both ways -- when Blair bent over over when Bush wanted to go gallivanting into Iraq, we were set upon this path, one that started before I was old enough to vote... so maybe don't show up at the finish line to tut after literal decades of inaction?