Network and Information Systems Regulations

E224086

The Network and Information Systems Regulations are UK cybersecurity laws that impose security and incident-reporting requirements on operators of essential services and certain digital service providers to improve the resilience of critical network and information systems.

All labels observed (1)

Label Occurrences
Network and Information Systems Regulations canonical 1

How this entity was disambiguated

Statements (43)

Predicate Object
instanceOf UK statutory instrument
cybersecurity regulation
information security law
aimsToProtect availability of essential services
security of network and information systems supporting essential services
appliesTo operators of essential services
relevant digital service providers
basedOn Directive (EU) 2016/1148 (NIS Directive)
complements data protection and privacy legislation in the UK
containsConcept incident having a substantial impact
operator of essential services
relevant digital service provider
country United Kingdom
enforcedBy Information Commissioner’s Office
surface form: Information Commissioner’s Office (for relevant digital service providers)

competent authorities designated for each sector
goal to enhance national and EU-wide cyber resilience of critical services
jurisdiction United Kingdom
legalBasis European Communities Act 1972
surface form: European Communities Act 1972 (for original transposition)
objective to ensure continuity of essential services
to manage risks to network and information systems used for essential services
policyArea critical infrastructure protection
cybersecurity
providesFor administrative fines for non-compliance
inspection and audit powers for competent authorities
purpose to impose cybersecurity and incident-reporting obligations
to improve the security and resilience of network and information systems
regulates incident reporting by operators of essential services
incident reporting by relevant digital service providers
security of network and information systems used to provide essential services
relatedTo Directive (EU) 2016/1148 (NIS Directive)
surface form: NIS Directive

UK National Cyber Security Strategy
requires appropriate and proportionate technical and organisational security measures
cooperation with competent authorities and CSIRTs in incident handling
notification of incidents having a substantial impact on the provision of essential services
risk management practices for network and information systems
scope online marketplaces, online search engines and cloud computing services (as digital service providers)
public and private entities operating essential services in specified sectors
sectorCoverage digital infrastructure
digital service providers
drinking water supply and distribution
energy
health
transport

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

Information Commissioner’s Office appliesStatutoryRegulation Network and Information Systems Regulations