Guidance for Operators of Essential Services under the Network and Information Systems Regulations 2018

08 May 2018

This document provides Ofcom’s interim guidance in relation to the so-called digital infrastructure subsector for which Ofcom has been designated as the competent authority for the United Kingdom under regulation 3(1) of the Network and Information Systems Regulations 2018 (S.I. 2018/506) (the “NIS Regulations").

This interim guidance is mainly directed to so-called operators of essential services (the “OES”) providing essential services in relation to the digital infrastructure subsector.

In brief summary, this interim guidance:

  • gives a high-level introduction to the NIS Regulations;
  • sets our initial views on the immediate steps we expect the OES in the digital infrastructure subsector to take, as a minimum, to meet their obligations under the NIS Regulations;
  • provides information about which types of operators on which duties have been imposed under the NIS Regulations;
  • sets out the process and thresholds for reporting relevant security incidents that such operators must initially follow; and
  • introduces our intended initial enforcement approach.

Interim guidance for OES in the digital infrastructure subsector under the NIS Regulations (PDF, 331.4 KB)

NIS incident report form (RTF, 718.5 KB)

Contact the Ofcom NIS Directive team

For general enquiries: nis@ofcom.org.uk

For incident reports: incident@ofcom.org.uk