NIS Directive and NIS Regulations 2018

The Security of Network & Information Systems Regulations ("NIS Regulations") place legal obligations on providers to protect UK critical services by improving cyber-security.

As our reliance on technology grows, the impact of failure in those systems and the opportunities for those who would seek to compromise our systems and data increase. Responding to this threat and ensuring the safety and security of cyberspace is an essential requirement for a prosperous UK economy. We need to secure our technology, data and networks in order to keep our businesses, citizens and public services protected.

The Government therefore laid new regulations on the Security of Network and Information Systems in the Houses of Parliament on 20 April 2018. You can read the regulations here.

The regulations will help make sure UK operators in electricity, transport, water, energy, transport, health and digital infrastructure are prepared to deal with the increasing numbers of cyber threats. The regulations also cover other threats affecting IT, such as power failures, hardware failures and environmental hazards.

This work is part of the Government’s £1.9 billion National Cyber Security Strategy to protect the UK in cyber space and make the UK the safest place to live and work online.

Guidance for Competent Authorities

The NIS Regulations establish a number of Competent Authorities which will provide appropriate oversight and an enforcement regime for the regulations. The Government has published guidance for the Competent Authorities to help them carry out this function. The guidance can be found here.

Impact Assessment

An assessment detailing the expected impact of the new regulations was published on 20 April 2018. You can read the impact assessment here.

Public Consultation

A consultation on the directive was held between August and September 2017 and the outcome and Government response can be found here.

Published 20 April 2018