Government Introduces Measures to Protect Essential Services From Cyber Attack

The Department for Digital, Culture, Media and Sport (DCMS) has released its response to the Consultation on the Security of Network and Information Systems Directive.

The full response to the consultation can be viewed here. Guidance from the National Cyber Security Centre (NCSC) can also be viewed here.

There have been a number of minor changes made to the proposed framework for implementing the Directive, including:

  • The maximum fines for breaches have been capped at £17million;
  • The role of the NCSC is highlighted more clearly, with a clear technical advisory and support role with a separate role to competent authorities;
  • Confirmation of an approach with multiple Competent Authorities overseeing relevant sectors they are familiar with. The ICO will remain the Competent Authority for the digital sector;
  • Further clarity on the definitions of Digital Service Providers (DSPs), particularly in terms of cloud services; and
  • A clearer and more realistic approach to timescales for compliance, with guidance from Government that Competent Authorities should take into account organisations transitioning in the first year.

Talal Rajab, Head of Programme, Cyber and National Security, techUK comments:

‘“It is important that the UK’s critical infrastructure remains resilient to the growing cyber threat. That is why we welcome the robust plan put forward by the Government for the implementation of the Network and Information Systems Directive (NIS Directive).

“More work still needs to be done, particularly with the 10 May deadline looming large, including the need for further details on the resources being made available to the various Competent Authorities and their respective legislative powers. However, we are particularly pleased to see that detailed guidance has already been published by the NCSC on the security measures that organisations’ need to adopt in order to comply.

“Operators of essential services must act now and take heed of this guidance, ensuring that the essential services that we rely on are cyber resilient and secure.”

techUK will be providing a more detailed analysis in the coming days and will be engaging with its members and Government in the months leading up to May.


#techUKGreenWeek ends by examining what a zero carbon tech sector will look like - You can see all the blogs from t…
Take part in the discussion on whether or not the current public engagement on ethical issues is successful. Join u…
As @Sony join the RE 100 & commit to 100% renewable energy this blog explains why it is vital that businesses switc…
.@simsrecycling set out how firms can cut emissions from end of life tech #CleanGrowth #techUKgreenweek #GreenGB
Excellent Talanoa Dialogue w/ @beisgovuk & @WWF on #cleangrowth & climate action, highlighting how tech like IoT c…
How will the internet be powered in the future? @MjRohwer and @theberks from @BSRnews share insights into how they…
Sylvie Feindt from @EuropaInsights on how tech & ICT companies can meet the net zero emissions target #CleanGrowth
On the heels of the IPCC's stark report last week @gabrielle_giner from @BTGroup explains why more companies must m…
Have a read of our Cloud Week booklet, stemming from the success of our #whycloud campaign week:…