The NIS Directive is an EU Directive that was enacted into UK law as The Network and Information Systems Regulations 2018 (NIS Regulation). The NIS focusses on the security of network and information systems and the digital data within them. This is the first piece of EU wide cyber security legislation and aims to create a higher common level of network and information system security across the EU’s critical infrastructure.
NIS & GDPR
The NIS came into force in May 2018, at the same time as the GDPR, but they are distinctly different. The key difference is that the GDPR affects the processing of Information which relates to an identified or identifiable natural person.... and the NIS concerns the security of network and information systems. Another dissimilarity is that GDPR applies to all organisations processing personal data and NIS applies to specific sectors and organisation sizes.
Who does the NIS apply to?
Each member state is responsible for defining the types of organisations that fall under the NIS, in the UK the NIS applies to:
Operators of Essential Services (OES):
Digital Service Providers (DSPs):
You are a RDSP if you:
Responsibilities for organisations under the NIS
OES and DSPs each have a different set of rules to adhere to however they both need to:
Under the NIS, organisations who operate in the UK but don’t have a head office located within the United Kingdom will need to appoint a representative.
The representative becomes the single point of contact for enforcement bodies and will:
The single point of contact will also submit reports to:
What about Brexit?
Global digital businesses that are neither based in the EU or the UK but offer services in both markets should appoint two representatives under the NIS following Brexit — one in a relevant EU Member State and one in the UK.
DPO Centre Representation Services
The DPO Centre provides EU & UK Representative Services to qualifying NIS organisations who do not have a physical presence in the UK or Europe but need to comply with the NIS Directive. With offices in both Europe and the UK we can provide full NIS Representative Services from any member state to ensure full compliance.
Please contact us for more information