The NIS Guidance Collection

Created:  28 Jan 2018
Updated:  28 Jan 2018


The EU Directive on the security of network and information systems (NIS) was approved in August 2016, giving Member States 21 months to embed the Directive into their respective national laws. The Directive becomes UK law in May 2018.

All organisations deemed 'Operators of Essential Services' must comply from this date. The pages below will help you to implement the Directive.

You should should work your way through the pages below in sequence. This will give you the clearest picture of what you need to achieve for NIS compliance and also the best understanding of how to use our guidance as part of this process. 

NIS Guidance

  1. Introduction to the NIS Directive

    Details on who is affected, the role of the NCSC, and how to comply. Start here if you are in any doubt.

  2. NIS Directive: Top-level objectives

    Statements of the NIS objectives, with links to associated principles and guidance.

  3. Table view of principles and related guidance

    A tabular breakdown of the Objectives, principles and underlying guidance.

  4. Cyber Assessment Framework (CAF)

    The first iteration of the CAF will be available, via this website, by the end of April 2018.

Was this guidance helpful?

We need your feedback to improve this content.

Yes No