DCMS Publishes Consultation on Network and Information Systems Directive

8 Aug 2017 01:25 PM

Consultation document proposes large fines for operators of essential services that have inadequate cyber security protection.

In July 2016 the European Commission agreed to a Directive that aimed to increase the security of Network and Information Systems (NIS) within the EU. The Directive focused on ensuring that UK operators in electricity, water, energy, transport, health and digital infrastructure were resilient to the growing number of cyber threats.

Despite the vote to leave the EU, the UK Government signalled its intent to support the aims of the Directive in order to secure the UK’s essential networks and services.

Today the Government published a consultation that sets out what the proposed implementation approach would be in the UK. It seeks views from industry, regulators and other interested parties on its plans to transpose the Directive into UK legislation, covering:

Commenting on the publication of the consultation Talal Rajab, techUK's Head of Programme for Cyber, said:

"techUK is looking forward to responding to the Government’s consultation on the implementation of the Network and Information Systems Directive.

"In order to protect the UK’s digital economy, we agree that operators of essential services need to be resilient to the growing cyber threat. This includes putting in place effective security measures, such as security monitoring and the training of staff, and developing policies to respond to a cyber incident.

"Questions remain, however, over the scope of “essential services” that the Directive should cover as well as the timelines with which companies should be expected to report an incident. techUK will be consulting with its membership, in particular, to see how these measures will affect Digital Service Providers and will be providing feedback to DCMS via workshops."

Click here for full press release