Statement: Ofcom's changes to the NIS Guidance on incident reporting thresholds for the digital infrastructure subsector

  • Start: 01 November 2022
  • Status: Statement published
  • End: 31 January 2023

Statement published 31 May 2023

Ofcom’s updated guidance for the Network and Information Systems Regulations published on 31 May 2023 replaces the previous guidance (NIS 2021 Guidance) which sets out our views on how an Operator of Essential Service (OES) in the digital infrastructure subsector could meet their obligations under these regulations.

We have updated our NIS Guidance for the digital infrastructure subsector focusing on the Incident Reporting Thresholds which have been lowered, and updated the section about enforcement with a link referencing our Regulatory Enforcement Guidelines which was published in December 2022. It sets out how we normally would expect to approach our functions under the NIS Regulations and how the OES can fulfil their duties in ensuring the security of their network and information systems.

We are also providing general guidance about which security compromises we would normally expect providers to report to Ofcom and the process for reporting them.

Main documents

Supporting documents

loading icon


Responder name Type
Citizens Advice Scotland (PDF File, 112.6 KB) Organisation
LINX (PDF File, 250.3 KB) Organisation
Nominet (PDF File, 101.9 KB) Organisation