Does this section apply to us?

You should read this section if you are a relevant digital service provider (i.e. a provider of search engines, cloud computing services and online marketplaces) established in the UK or if you have designated a representative in the UK.

If you are not a search engine provider, a cloud computing service or an online marketplace, or if you are such a digital service provider but are a micro or small enterprise, this section does not apply to you.

See our Guide to NIS for more information.

What are the key points?

The NIS Regulations bring into UK law the EU Security of Network and Information Systems Directive. The Directive contains requirements to help ensure the reliability and security of networks and information systems across the EU. It also sets out cooperation arrangements between EU member states. 

How can we prepare?

UK-based digital service providers offering services in the UK only

The NIS Regulations will continue to apply to you and no specific preparations are needed for exit date.

UK-based digital service providers offering services in the EU

On exit date, in order to maintain access to EU markets, you may need to appoint a representative in one of the EU member states in which you offer services. You will need to comply with the domestic legislation implementing the NIS Directive in that member state.

You should appoint your representative in writing, which should provide that your representative will act on your behalf with regard to your obligations under the NIS Directive, including incident reporting.

If you also offer services in the UK, you will need to continue to comply with the NIS Regulations regarding your UK services and will need to inform the ICO if your main establishment is in an EU state, if you have designated a representative in the EU, and if your network and information systems are located in one or more other member states.