What is NIS Directive and NIS Regulations (2018) ?
The EU NIS Directive became UK law as the Network and Information Systems Regulations (2018). It is a security regulation designed to protect network and information systems in our critical infrastructure. In the UK, non compliant organisations can be fined up to £17m.
Who does NIS Directive apply to?
Operators of Essential Services (OES) and Digital Service Providers (DSPs) operating and offering service to EU persons need to be aware of the Directive on Information and information systems. This includes, water, energy health, transport, digital infrastructure.
Security Duties of OES and DSPs
- Take appropriate and proportionate technical and organisational measures to manage risks posed to the security of the network and information systems on which their essential service relies.
- Take appropriate and proportionate measures to prevent and minimise the impact of incidents affecting the security of the network and information systems used for the provision of an essential service, with a view to ensuring the continuity of those services.
- Measure taken must take into account the latest state of the art, ensure a level of security of network and information systems appropriate to the risk posed.
- Must use guidance issued by the competent authorities when carrying these measures out
- An OES must also notify the competent authority in the event of any security incident that has a significant impact on the continuity of their service without undue delay (no later than 72 hours)