Policy paper

Second Post-Implementation Review of the Network and Information Systems Regulations 2018

This review assesses the effectiveness of the NIS Regulations, which were introduced in 2018 to improve the security & resilience of essential & digital services.

This was published under the 2019 to 2022 Johnson Conservative government

Documents

Details

The Network and Information Systems Regulations 2018 (NIS Regulations) came into force in May 2018. They help to secure our critical network and information systems and keep our businesses, citizens and public services protected.

The government has carried out a second post-implementation review to assess how effective the regulations have been in achieving their original objectives and whether those objectives remain appropriate for the UK, four years after implementation.

The review finds the regulations are largely working successfully in achieving the objective “to prevent (where possible) and improve the levels of protection against network and information systems incidents”. It is recommended that the legislation be retained. The review also sets out some areas for improvement.

Read more in the written ministerial statement.

This review builds on the first review of the regulations in May 2020, which was carried out two years after implementation. It also complements the government’s recent proposal for legislation to improve the UK’s cyber resilience.

For more information on the regulations, please see the NIS Regulations Collection page.

This work is part of the government’s £2.6 billion National Cyber Strategy to protect and promote the UK in a rapidly evolving online world.

Updates to this page

Published 4 July 2022
Last updated 27 July 2022 + show all updates
  1. Made PDF web accessible.

  2. First published.

Sign up for emails or print this page