In July 2016 the European Commission agreed to a Directive that aimed to increase the security of Network and Information Systems (NIS) within the EU. The Directive focused on ensuring that UK operators in electricity, water, energy, transport, health and digital infrastructure were resilient to the growing number of cyber threats.
Despite the vote to leave the EU, the UK Government signalled its intent to support the aims of the Directive in order to secure the UK’s essential networks and services.
On Tuesday 8 August the Government published a consultation that sets out what the proposed implementation approach would be in the UK. It seeks views from industry, regulators and other interested parties on its plans to transpose the Directive into UK legislation, covering:
- The essential services the directive needs to cover
- The penalties for companies with inadequate security measures
- The competent authorities to regulate and audit specific sectors
- The security measures Government propose to impose
- Timelines for incident reporting
- How this affects Digital Service Providers
Commenting on the publication of the consultation Talal Rajab, techUK's Head of Programme for Cyber, said:
"techUK is looking forward to responding to the Government’s consultation on the implementation of the Network and Information Systems Directive.
"In order to protect the UK’s digital economy, we agree that operators of essential services need to be resilient to the growing cyber threat. This includes putting in place effective security measures, such as security monitoring and the training of staff, and developing policies to respond to a cyber incident.
"Questions remain, however, over the scope of “essential services” that the Directive should cover as well as the timelines with which companies should be expected to report an incident. techUK will be consulting with its membership, in particular, to see how these measures will affect Digital Service Providers and will be providing feedback to DCMS via workshops."
The workshop for techUK members will take place on Wednesday 6 September. Further details will be posted online shortly.
The consultation documents can be found here