The NIS Guidance Collection

Created:  28 Jan 2018
Updated:  31 Oct 2018
VERSION 1.1.0 (31 October 2018) Changelog


The EU Directive on the security of Network and Information Systems (NIS) was approved in August 2016, giving Member States 21 months to embed the Directive into their respective national laws. The government laid new regulations on the Security of Network and Information Systems in the Houses of Parliament on 20th April 2018, and the Directive comes into force on 10th May 2018.

All organisations deemed by the NIS Competent Authorities to be 'Operators of Essential Services' will be affected by the introduction of the Directive. The pages below are intended to assist the Competent Authorities and the OES to meet some of the Directive requirements.

You should work your way through the pages below in sequence. This will give you a picture of overall NIS Directive security requirements and also the best understanding of how to use our guidance. For definitive information on the role that our NIS guidance will play in your sector please consult your NIS Competent Authority.

Notice on NIS Guidance

The National Cyber Security Centre (the NCSC), as the United Kingdom’s national technical authority for information assurance which provides advice and assistance on cyber security in accordance with its functions under the Intelligence Services Act 1994, has provided the cyber security guidance which is set out in the parts of the NCSC website linked from this page. Please contact the NCSC at for more information about this guidance.

The Department of Culture Media and Sport (DCMS) has provided the non-cyber elements of guidance for principles A2, B5 and D1 incorporated into NCSC NIS guidance webpages. Please contact for more information about the non-cyber guidance provided for these principles.

All NIS guidance is subject to the general terms and conditions of the NCSC website.

NIS Guidance

  1. Introduction to the NIS Directive

    Details on who is affected, the role of the NCSC, and how to comply. Start here if you are in any doubt.

  2. NIS Directive: Top-level objectives

    Statements of the NIS objectives, with links to associated principles and guidance.

  3. Table view of principles and related guidance

    A tabular breakdown of the Objectives, principles and underlying guidance.

  4. NIS Directive - Cyber Assessment Framework

    The CAF consists of a collection of Indicators of Good Practice

Was this guidance helpful?

We need your feedback to improve this content.

Yes No