1. Home
  2. Compliance
  3. NIS Directive

What are the NIS Directive and the NIS Regulations?

The Network and Information Systems Directive has been designed to improve the cybersecurity and resilience of network and information systems across the EU. It was transposed into UK law through the Network and Information Systems Regulations 2018 and was amended in 2021 to reflect the UK’s status as a non-EU country. The NIS regulations require certain organisations take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of their network and information systems, and to report significant incidents to the NCSC in the UK.

Who is obligated to comply with the regulations?

The regulations apply to operators of essential services (OES) and digital service providers (DSPs) that are based in the UK.

The NCSC defines OES as entities that are essential for the maintenance of critical societal and/or economic activities that rely heavily on network and information systems. They can include organisations in energy, transport, health, banking, and digital infrastructure. For DSPs, the NCSC guidance defines a digital service provider as ‘an organisation providing cloud computing services, online marketplaces, and search engines.’

In the event of a breach, or non-compliance with the regulations, the NCSC has the power to investigate and take enforcement action against the offending organisation. The NCSC may choose to issue enforcement notices requiring an organisation to take specific actions to remedy any breach of the regulations or levy financial penalties of up to £17m, or 4% of global turnover, as well as publicly naming and shaming those organisations that breach the regulations.
What are the requirements?

The specific requirements set out by the NCSC for complying with the directive include:

  • Security measures
  • Incident reporting
  • Identification of critical systems
  • Risk management
  • Cooperation with the NCSC
  • Record-keeping

Our NIS Directive support service at a glance…

Gap Analysis

We’ll identify where you do and don’t comply with the directive, and provide you with easy to follow remediation tasks.

Remediation

We can offer hands-on technical and governance support in remediating to comply with the NIS Directive.

Support Documents

We have a range of support documentation including Policies and Procedures which we can tailor to your organisation’s needs.

Support with Key Policies and Procedures

Development of key IT and IG policies and procedures that meet the requirements of the standard.


Talk to a specialist now – call 01748 905 002.

CTO, UK Marketing Agency

“Given our size, the vDPO service just made sense, as we couldn’t hire this role internally for several years to come”

CTO, UK Marketing Agency

Head of Operations, European Financial Services.

“Having Evolve North support our board meetings really supported the work we are doing to safeguard our staff and customers”

Head of Operations, European Financial Services.

Operations Director, UK Non-Profit

“Cyber Essentials Plus was essential for us to attain, and the Evolve North team made it possible”

Operations Director, UK Non-Profit

Programme Director, UK Hotel Chain

“We’ve partnered with Evolve North for PCI DSS & ISO7001 support and they’ve always been there when we’ve needed them”

Programme Director, UK Hotel Chain

Digital & Change Lead, UK NHS Trust

“They provided clarity across our M365 data and compliance services, our chaotic Microsoft licencing and our complex NHS environment”

Digital & Change Lead, UK NHS Trust

CTO, UK Housing Association

“After pushing through our Cyber Essentials and ISO27001, their quarterly Penetration Testing & Vulnerability scanning just made sense”

CTO, UK Housing Association

IT Manager, UK Law Firm

“Quick and easy method to get Cyber Essentials. Lots of support when needed”

IT Manager, UK Law Firm

Director of Tech, UK Hospitality Organisation

“Just having the annual support days in place, meant we could tackle incidents and third-party onboarding easily”

Director of Tech, UK Hospitality Organisation

Industries

Evolve North works across a wide range of differing industries throughout the UK and Europe in both public, private and voluntary sectors.