Review of the Network and Information Systems Regulations
A review of the Network and Information Systems Regulations which came into force in May 2018.
Documents
Details
The Network and Information Systems (NIS) Regulations are designed to raise security standards across various essential sectors of the economy, including transport, energy, water, health, digital infrastructure and digital services. Now these regulations have been in place for two years, this review assesses how effective they have been, how the regulations have been implemented and the costs and benefits incurred.
The evidence gathered for this review suggests that, while it is too early to judge the long term impact of the regulations, organisations are taking measures to ensure the security of their networks and information systems as a result of the Regulations being in place. We expect this action is leading to a reduction in the risks posed to essential services and important digital services which rely on networks and information systems.
The review comes at an important time for wider policy development in this area. Findings from this review will inform broader policy development on ensuring organisations are effectively managing their cyber security risk. This contributes to our overarching goal of ensuring businesses are able to prosper, citizens are protected, and the UK is the safest place in the world to live and work online.