The Network and Information Systems (NIS) Regulations have confirmed there will be a strengthening of laws to protect everyday essential services from cyber related incidents.
In 2018, the NIS came into force to improve the security of those providing essential national services, such as water, energy, and transport. As a result of high-profile attacks over the past few years, the need for more robust and increased security laws are crucial to protect sensitive personal data.
Since the UK’s leave of the EU in 2021, the UK GDPR 2021 and NIS regulations are now able to be updated and amended to be better suited to the UK’s cyber security requirements.
Going forward, the NIS Regulations include:
- Managed Service Providers (MSPs) will be brought into scope of regulations to keep digital supply chains secure.
- Essential and digital services to improve cyber incident reporting to regulators such as Ofcom, Ofgem, and the ICO.
- The Information Commissioner will be able to take a more risk-based approach to regulating digital services under the updated cyber laws.
Cyber Minister, Julia Lopez, states: “The services we rely on for healthcare, water, energy, and computing must not be brought to a standstill by criminals and hostile states . . . We are strengthening the UK’s cyber laws against digital threats. This will better protect our essential and digital services and the outsourced IT providers which keep them running.”
These updates are part of the UK’s £2.6b project, the National Cyber Strategy, with the aim to improve the nation’s cyber resilience and security.
Paul Maddinson, NCSC Director of National Resilience and Strategy, states: “I welcome the opportunity to strengthen NIS regulations and the impact they will have on boosting the UK’s overall cyber security . . . these measures will increase the resilience of the country’s essential services – and their managed service providers – on which we all rely.”
