The EU Directive on the security of Network and Information Systems (NIS) was approved in August 2016, giving Member States 21 months to embed the Directive into their respective national laws. The government laid new regulations on the Security of Network and Information Systems in the Houses of Parliament on 20th April 2018, and the Directive comes into force on 10th May 2018.
All organisations deemed by the NIS Competent Authorities to be 'Operators of Essential Services' will be affected by the introduction of the Directive. The pages below are intended to assist the Competent Authorities and the OES to meet some of the Directive requirements.
You should work your way through the pages below in sequence. This will give you a picture of overall NIS Directive security requirements and also the best understanding of how to use our guidance. For definitive information on the role that our NIS guidance will play in your sector please consult your NIS Competent Authority.