NIS Regulations: Public Consultation on the NIS Directive

The European Commission, in cooperation with Member States, agreed on a Directive with the aim of increasing the security of Network and Information Systems (NIS) within the European Union (EU). The Directive on the security of Network and Information Systems (NIS Directive) was adopted by the European Parliament on 6 July 2016. The Government supported the aims of the Directive and set out in this consultation the proposed implementation approach in the UK.

The NIS Directive provides legal measures to boost the overall level of security (both cyber and physical resilience) of network and information systems that are critical for the provision of digital services (online marketplaces, online search engines, cloud computing services) and essential services (transport, energy, water, health, and digital infrastructure services).

This consultation seeks views from industry, regulators and other interested parties on the Government’s plans to transpose the Directive into UK legislation. It sets out the Government’s proposed transposition approach and asks a series of questions on a range of detailed policy issues relating to transposition.

The consultation covers:

• the essential essential services the directive needs to cover,
• the penalties,
• the competent authorities to regulate and audit specific sectors,
• the security measures we propose to impose,
• timelines for incident reporting, and
• how this affects Digital Service Providers.

The consultation closed at 11:45pm on 30 September 2017.