Consultation outcome

NIS Regulations: Public Consultation on the NIS Directive

This consultation has concluded

Download the full outcome

Government Response

Detail of outcome

The main changes the Government proposes to make are clarifying:

  • the thresholds required to identify operators of essential services;
  • the role of the Competent Authority and how powers may be delegated to agencies;
  • that the role of the National Cyber Security Agency is limited to cyber security;
  • the expectations on operators within the first year or so; and
  • the definitions of Digital Service Providers.

The Government also intends to simplify:

  • the incident response regime, to separate incident response procedures from incident reporting procedures; and
  • the penalty regime slightly, to reduce the risk of fines in excess of £17m.

The Government believes these changes will provide further reassurance to industry. The Government again reiterates that our approach will remain reasonable, proportionate and appropriate and that the Government and Competent Authorities will work closely with industry to ensure that this legislation will be a success.

Read the full outcome in the Government response above.

Feedback received

Analysis of Responses

Detail of feedback received

The Government received 358 responses to this consultation. These responses showed there was broad support for the Government’s approach and that in the main, the Government’s proposals were thought to be appropriate and proportionate. Respondents also highlighted areas of concern and the Government has attempted to address these through changes to its approach.

More detailed analysis of the responses to the consultation can be found in the accompanying Analysis Paper.

Original consultation

Summary

The Government held a public consultation on its proposals to implement the Directive on the security of Network and Information Systems (NIS Directive).

This consultation ran from
to

Consultation description

The European Commission, in cooperation with Member States, agreed on a Directive with the aim of increasing the security of Network and Information Systems (NIS) within the European Union (EU). The Directive on the security of Network and Information Systems (NIS Directive) was adopted by the European Parliament on 6 July 2016. The Government supported the aims of the Directive and set out in this consultation the proposed implementation approach in the UK.

The NIS Directive provides legal measures to boost the overall level of security (both cyber and physical resilience) of network and information systems that are critical for the provision of digital services (online marketplaces, online search engines, cloud computing services) and essential services (transport, energy, water, health, and digital infrastructure services).

This consultation seeks views from industry, regulators and other interested parties on the Government’s plans to transpose the Directive into UK legislation. It sets out the Government’s proposed transposition approach and asks a series of questions on a range of detailed policy issues relating to transposition.

The consultation covers:

  • the essential essential services the directive needs to cover,
  • the penalties,
  • the competent authorities to regulate and audit specific sectors,
  • the security measures we propose to impose,
  • timelines for incident reporting, and
  • how this affects Digital Service Providers.

The consultation closed at 11:45pm on 30 September 2017.

Documents

NIS Directive: pre-consultation impact assessment

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email enquiries@culture.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

NIS Directive Consultation

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email enquiries@culture.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Published 8 August 2017
Last updated 31 August 2018 + show all updates
  1. Added the Government response to the targeted Digital Service Providers consultation.

  2. Added additional information for a further, targeted consultation on Digital Service Providers.

  3. Government response published.

  4. First published.