UK Business and Trade Committee proposal on software provider liability
Regulatory/Legal (General)
Summary
Hide ▲
Show ▼
The UK’s Business and Trade Committee has proposed legislation to make software providers legally responsible for insecure products, a shift that could raise compliance burdens and penalties across the UK software market. The move would turn the voluntary Software Security Code of Practice into an enforceable baseline and target firms that ship exploitable flaws. It matters because the committee wants liability to move from victims to vendors after 2025 cyber incidents showed the cost of insecure software.
Related Happenings
OpenSSF flags CRA readiness gap
Regulatory/Legal (General)
H score21
First: 08.06.2026 12:00
Last: 08.06.2026 12:00
Sources 1
About this happening:
OpenSSF warned that **global manufacturers, developers, and open source stakeholders** remain materially unprepared for **Cyber Resilience Act (CRA)** compliance ahead of the **De...
OpenSSF flags CRA readiness gap
Regulatory/Legal (General)About this happening: OpenSSF warned that **global manufacturers, developers, and open source stakeholders** remain materially unprepared for **Cyber Resilience Act (CRA)** compliance ahead of the **De...
CRA readiness gaps persist across global open source and manufacturing stakeholders
Trend
H score22
First: 08.06.2026 12:00
Last: 08.06.2026 12:00
Sources 1
About this happening:
**OpenSSF** found **stagnating CRA readiness** across **global manufacturers, developers, and open source stakeholders**, leaving a large share of the ecosystem exposed to **Decem...
CRA readiness gaps persist across global open source and manufacturing stakeholders
TrendAbout this happening: **OpenSSF** found **stagnating CRA readiness** across **global manufacturers, developers, and open source stakeholders**, leaving a large share of the ecosystem exposed to **Decem...
UK Cyber Resilience Pledge pushes board-level security and supply-chain hardening
Defensive Guidance
H score33
First: 13.05.2026 12:05
Last: 13.05.2026 12:05
Sources 1
About this happening:
The **UK government's Cyber Resilience Pledge** will launch later this year, giving organizations a concrete set of steps to strengthen defenses and reduce supply-chain risk. It a...
UK Cyber Resilience Pledge pushes board-level security and supply-chain hardening
Defensive GuidanceAbout this happening: The **UK government's Cyber Resilience Pledge** will launch later this year, giving organizations a concrete set of steps to strengthen defenses and reduce supply-chain risk. It a...
UK government cyber resilience funding and pledge
Public Sector Action
H score25
First: 22.04.2026 17:10
Last: 22.04.2026 17:10
Sources 1
About this happening:
**UK government** announced **£90m ($120m)** in cybersecurity funding and a new **Cyber Resilience Pledge**, aiming to strengthen **national cyber resilience**. The initiative was...
UK government cyber resilience funding and pledge
Public Sector ActionAbout this happening: **UK government** announced **£90m ($120m)** in cybersecurity funding and a new **Cyber Resilience Pledge**, aiming to strengthen **national cyber resilience**. The initiative was...
2025 Automotive carmakers ransomware surge
Trend
H score34
First: 16.04.2026 11:35
Last: 16.04.2026 11:35
Sources 1
About this happening:
In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...
2025 Automotive carmakers ransomware surge
TrendAbout this happening: In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...
Timeline
-
26.11.2025 17:00 2 articles · 7mo ago
UK committee report proposes enforceable software liability
Legal Policy Action UpdateThe UK’s Business and Trade Committee issued a report proposing legislation that would make software providers legally responsible for insecure products, require compliance with secure-by-design principles, and empower enforcement bodies to monitor adherence and issue penalties. The committee said the current voluntary Software Security Code of Practice leaves developers without penalties for releasing products with exploitable flaws and argued that 2025 cyber incidents affecting Co-op, M&S and Jaguar Land Rover showed the financial and operational costs of insecure software.
Show sources
- UK Report Proposes Liability For Software Provider Insecurity — www.infosecurity-magazine.com — 26.11.2025 17:00
- UK Report Proposes Liability For Software Provider Insecurity — www.infosecurity-magazine.com — 26.11.2025 17:00