Consultation on the Security of Network and Information Systems Directive

The European Commission, in cooperation with Member States, have agreed a Directive with the aim of increasing the security of Network and Information Systems (NIS) within the European Union (EU). The Government supports the aims of the Directive and sets out in this consultation the proposed implementation approach in the UK.

The NIS Directive will help make sure UK operators in electricity, transport, water, energy, transport, health and digital infrastructure are prepared to deal with the increasing numbers of cyber threats. It will also cover other threats affecting IT, such as power failures, hardware failures and environmental hazards.

This consultation seeks views from industry, regulators and other interested parties on the Government’s plans to transpose the Directive into UK legislation. It sets out the Government’s proposed transposition approach and asks a series of questions on a range of detailed policy issues relating to transposition.

The consultation covers:

• The essential essential services the directive needs to cover
• The penalties
• The competent authorities to regulate and audit specific sectors
• The security measures we propose to impose
• Timelines for incident reporting
• How this affects Digital Service Providers