Guidance

Implementation of the Network and Information Systems Regulations 2018 for the energy sector in Great Britain

High level policy principles for compliance with the Network and Information Systems (NIS) Regulations 2018, for operators in energy sector.

• From: Department for Energy Security and Net Zero and Department for Business, Energy & Industrial Strategy
• Published: 2 July 2018
• Last updated: 19 October 2023 — See all updates

Documents

Policy guidance for the implementation of the Network and Information Systems Regulations for the energy sector in Great Britain

PDF, 506 KB, 56 pages

Details

This guidance is to help designated Operators of Essential Service (OES), and yet-to-be-designated persons in the energy sector in Great Britain in complying with the Network and Information Systems (NIS) Regulations 2018.

It sets out:

• the background to the NIS Regulations
• the implementation in the energy sector
• requirements on Operators of Essential Services (OES)
• the competent Authority Approach

See our 2021 consultation and government response on updates to this guidance.

In addition see the guidance from our joint Competent Authority, Ofgem:

• NIS Directive and NIS Regulations 2018: Ofgem guidance for Operators of Essential Services

Published 2 July 2018
Last updated 19 October 2023 + show all updates

1. 19 October 2023

   We have updated the guidance: where an existing Operator of Essential Service (OES) has critical national infrastructure assets that they don't think are in scope of the NIS regulations (for example if they don't consider them to be critical network and info systems that Ofgem will assess them on), those assets should still be included.

2. 9 August 2022

   Guidance updated based on consultation feedback.

3. 2 July 2018

   First published.