188体育

As our reliance on technology grows, the failure of network and information systems has a bigger impact, and there are more opportunities to compromise those systems. Responding to this threat is an essential requirement for a prosperous UK economy. We need to secure critical network and information systems in order to keep our businesses, citizens and public services protected.

The government therefore laid the Network and Information Systems Regulations 2018 (NIS Regulations) in the Houses of Parliament on 20 April 2018. The NIS Regulations came into force on 10 May 2018, you can .

The NIS Regulations provides legal measures to boost the overall level of security (both cyber and physical resilience) of network and information systems that are critical for the provision of digital services (online marketplaces, online search engines, cloud computing services) and essential services (transport, energy, water, health, and digital infrastructure services).

This work is part of the government鈥檚 拢2.6 billion National Cyber Strategy to protect and promote the UK online.

Recent proposals to update the NIS regulations (Dec 2022)

Following a consultation in 2022 the government announced its intention to update the NIS regulations to improve the UK鈥檚 cyber resilience. The changes include:

• bringing managed service providers (MSPs) into scope of the regulations to keep digital supply chains secure
• improving cyber incident reporting to regulators
• establishing a cost recovery system for enforcing the NIS regulations
• giving the government the power to amend the NIS regulations in future to ensure they remain effective
• enabling the Information Commissioner to take a more risk-based approach to regulating digital services.

These updates to the NIS regulations will be made as soon as parliamentary time allows.

EU Exit Guidance for Digital Service Providers Established in the UK (Dec 2020)

When the UK departs the EU, digital service providers established in the UK that offer services in another EU Member State must designate a representative in an EU Member State where they offer services. The Government has published guidance explaining how relevant digital service providers can prepare for this eventuality. The guidance can be found here.

Call for views on amendments to the regulations (Sept 2020)

The regulations were reviewed in May 2020, two years after their implementation.

Following this review, the government considered amendments to the NIS Regulations in order to implement many of the recommendations of the review. The full details were set out in a call for views which was held in September 2020.

Review of the NIS Regulations (May 2020)

The Government has conducted a Post-Implementation Review of the Network & Information Systems Regulations, two years after their implementation in May 2018.

The Review suggests that, while it is too early to judge the long term impact of the regulations, organisations are taking measures to ensure the security of their networks and information systems as a result of the Regulations being in place. We expect this action is leading to a reduction in the risks posed to essential services and important digital services which rely on networks and information systems. You can read the full Review here.

Digital Service Providers (Brexit) Consultation (July 2019)

Following the UK鈥檚 departure from the EU, the UK proposes to introduce a requirement in the NIS Regulations for non-UK based Digital Service Providers (DSPs) operating in the UK to designate a representative in this country, and be subject to the regulatory authority of the ICO. A call for views was open from March 2019 to June 2019 to seek views on the Government鈥檚 intention to include this new requirement in the NIS Regulations. The to the call for views was published on 24 July 2019. All relevant information on this consultation can be found here.

Targeted Consultation on Digital Service Providers (Aug 2018)

Subsequent to the Government鈥檚 response, the Implementing Act was published in the Official Journal of the European Union on 30 January 2018 and can be found on the . In March 2018, the Government published a on the implementation of the NIS Directive and its associated Implementing Act for digital service providers. The to the targeted consultation was published on 31 August 2018. All relevant information on the targeted consultation can be found here.

Guidance for Competent Authorities (April 2018)

The NIS Regulations establish multiple competent authorities which are responsible for the oversight and enforcement of the NIS Regulations in each sector or region covered by the NIS Regulations. The Government has published guidance for the Competent Authorities to help them carry out their functions under the NIS Regulations. The guidance can be found here.

Impact Assessment (April 2018)

An assessment detailing the expected impact of the NIS Regulations was published on 20 April 2018. You can read the impact assessment here.

Public Consultation on the NIS Directive (Jan 2018)

The Government held a from August to September 2017 on its proposals to implement the NIS Directive. The to the public consultation was published on 29 January 2018. All relevant information on the public consultation can be found here.