UK airlines, utility firms and the NHS could all face big fines if IT blunders or cyber-hacks lead to service failures.
Ministers said private firms or public agencies providing “essential services” will all be forced to up their game by a new EU law which comes into force next year.
Ministers say IT meltdowns like that suffered by BA earlier this year, or the WannaCry hack attack on the NHS, could lead to fines “as a last resort” if services fail and bosses are found to have been at fault.
The new rules will come into force next May and are set to be embedded into British law after Britain leaves the EU the following year.
Launching a consultation on the plan, Digital Minister Matt Hancock said: “We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber attack and more resilient against other threats such as power failures and environmental hazards.
“The directive is an important part of this work – and I encourage all public and private organisations in those sectors to take part in this consultation so together we can achieve this aim.”
The new rules will cover both private and public sector services in electricity, transport, water, energy, transport, health and digital infrastructure.
The consultation proposes similar penalties for flaws in IT systems as those planned for data protection.
Failure to implement effective security could see penalties as large £17 million, or 4% of a firm’s global turnover.