The NIS Regulations (Network and Information Systems Regulations 2018) is the new UK cyber security law that came into force on 10 May 2018. This law transposes the EU-wide NIS Directive (Directive on security of network and information systems) into UK law.
The Regulations apply to organisations that provide services essential to society, which are broken down into two classifications: OES (operators of essential services) and DSPs (digital service providers).
IT Governance has launched a survey to assess the readiness of organisations that are expected to comply with the NIS Regulations. You could win a voucher worth £300 that can be used against any product or service purchased through IT Governance by taking part in this survey.
Is it essential to comply with the NIS Regulations?
In short, yes – it’s UK law and organisations that fail to comply could face fines of up to £17 million.
This law means that organisations that are essential to society must be significantly more prepared to quickly respond to and recover from disruptive incidents such as cyber attacks.
MPs have serious fears about the UK’s cyber defences, with a large number believing there is a serious risk of critical national infrastructure being compromised. Last year’s NotPetya and WannaCry attacks demonstrate the devasting effects cyber attacks can have on nations’ critical infrastructure.
OES and DSPs compliance requirements
OES and DSPs have differing compliance requirements under the NIS Regulations.
OES face a comprehensive set of requirements in the form of the 14 principles defined by the NCSC (National Cyber Security Centre). From these principles, the CAF (Cyber Assessment Framework) has been produced that OES can be assessed against during audits to ensure they are meeting all NIS Regulations requirements.
As DSPs often operate across borders, they face a uniform approach for compliance across the EU in the form of an Implementing Regulation from the European Commission. ENISA has also published further guidance for DSPs for complying with the Implementing Regulation’s and NIS Directive’s requirements.
Take part in the NIS Regulations readiness survey
This survey explores the compliance awareness and readiness of organisations within the scope of the NIS Regulations.
To go into the draw to win a £300 voucher that can be used against products or services purchased through IT Governance, take part in the survey now >>