Cyber Security Practitioner
Back to Contents

Volume: 4 Issue: 4
(April 2018)

uk consults nis directive applies dsps uk governments department digital culture media sport (‘dcms launched ‘security network

UK Europe EU

Share This Page

The UK consults on the NIS Directive as it applies to DSPs

The UK Government’s Department for Digital, Culture, Media & Sport (‘DCMS’) launched the ‘Security of Network and Information Systems Targeted consultation on Digital Service Providers’ on 27 March 2018 seeking feedback on how the Government intends to implement the Security of Network and Information Systems Directive (‘NIS Directive’) as it applies to digital service providers (‘DSPs’) following the publication of the European Commission’s Implementing Act for DSPs. The DCMS consultation is limited to how the UK proposes to implement and carry out the requirements of the Implementing Act, which comes into force on 10 May 2018.

The consultation, which lists questions that the Government would like feedback on, sets out the Government’s approach to applying the Implementing Act and the activities to be carried out by the UK’s Competent Authority, the Information Commissioner’s Office, to regulate DSPs in accordance with the NIS Directive and provide further guidance for DSPs in order for them to understand their obligations. The five questions that the DCMS is seeking feedback on from DSPs are: (1) Are you readily able to identify yourself from the descriptions provided?, (2) If No, please provide alternative descriptions that would improve the definitions, (3) Are the security requirements set out understandable to you?, (4) If No, please provide examples of specific areas so that further guidance on the security requirements can provide clarification?, and (5) Are there any areas of implementation of the NIS Directive that remain unclear, which the ICO in its capacity as Competent Authority can make clear in its guidance?

“I expect a very limited amount of feedback because of the expectation that this will miss people’s radars,” said Simon Shooter, Partner at Bird & Bird. “I fear many DSPs will still be ignorant of the NIS Directive. I see the principal purpose of the consultation being an attempt to raise awareness of NIS which has been all but lost in the blaring publicity given to the GDPR.” The consultation, whilst listing the articles of the Implementing Act applicable to DSPs, acknowledges that regarding the security requirements the Implementing Act does not specify how DSPs must implement them. The consultation states that the ICO will publish further guidance to assist DSPs in understanding their security obligations under the NIS Directive and may publish additional guidance for DSPs on incident reporting, although the consultation states that the incident reporting impact parameters set out by the Commission are specific and the UK is bound by them.

The consultation emphasises that the Government’s approach to implementing the NIS Directive as it applies to DSPs is based on ensuring consistency across Europe. “The Government says it is committed to an implementation in keeping with the Single Market,” adds Mark Surguy, Partner at Weightmans. “It will ensure that its implementation follows that of other EU Member States even post-Brexit. This mirrors the approach taken to data protection.” The consultation states that in order to assist DSPs to recognise when they are in scope of the NIS Directive, the ICO will produce guidance based on the Government’s proposed clarifications in its response to its consultation on the implementation of the NIS Directive. “Defining DSPs has been a difficulty so far,” said Surguy. “Not everyone is clear yet to what extent the NIS Directive applies to them. There may be more feedback on these aspects, consequently feedback may be more about whether the Directive applies, and less about what the standards should be where the Directive clearly does apply.”

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed