Statement: Ofcom's changes to the NIS Guidance on incident reporting thresholds for the digital infrastructure subsector

Published: 1 November 2022
Consultation closes: 31 January 2023
Status: Closed (statement published)

Statement published 31 May 2023

Ofcom’s updated guidance for the Network and Information Systems Regulations published on 31 May 2023 replaces the previous guidance (NIS 2021 Guidance) which sets out our views on how an Operator of Essential Service (OES) in the digital infrastructure subsector could meet their obligations under these regulations.

We have updated our NIS Guidance for the digital infrastructure subsector focusing on the Incident Reporting Thresholds which have been lowered, and updated the section about enforcement with a link referencing our Regulatory Enforcement Guidelines which was published in December 2022. It sets out how we normally would expect to approach our functions under the NIS Regulations and how the OES can fulfil their duties in ensuring the security of their network and information systems.

We are also providing general guidance about which security compromises we would normally expect providers to report to Ofcom and the process for reporting them.

Contact Information

NIS Consultation
Network Security Team
Riverside House
2A Southwark Bridge Road
London SE1 9HA
Back to top