Public Services > Central Government

Government launches consultation on European network security directive

David Bicknell Published 08 August 2017

Consultation will consider how the European Union’s Network and Information Systems directive will be implemented from May 2018


The Department for Digital, Culture, Media & Sport (DCMS) has opened a consultation on a European Commission directive which has the goal of increasing the security of network and information systems with the European Union.

The government has said it supports the aims of the  Network and Information Systems (NIS) Directive and is now consulting on how the directive should be implemented in the UK from May 2018.

Organisations who fail to implement effective cyber security measures could be fined as much as £17m or 4 per cent of global turnover, as part of plans to make the UK’s essential networks and infrastructure more resilient against the risk of future cyber attacks.

Fines, however, would be a last resort, the government said, and would not apply to operators that have assessed the risks adequately, taken appropriate security measures, and engaged with competent authorities but still suffered an attack.

The EU NIS Directive relates to loss of service rather than loss of data, which falls under the General Data Protection Regulations (GDPR), referenced yesterday in the government’s announcement that it was going to bring in new data protection legislation.

The government believes the new network security directive, when implemented, will help ensure UK operators in electricity, transport, water, energy, transport, health and digital infrastructure are prepared to deal increasing numbers of cyber threats.

The consultation will cover:

  • The essential services the directive needs to cover
  • The penalties 
  • The competent authorities to regulate and audit specific sectors
  • The security measures the government proposes to impose
  • Timelines for incident reporting;
  • How this affects Digital Service Providers

Minister for Digital Matt Hancock stressed the need for essential services and infrastructure to be prepared for the increasing risk of cyber attack and be more resilient against other threats such as power failures and environmental hazards.

“The NIS Directive is an important part of this work and I encourage all public and private organisations in those sectors to take part in this consultation so together we can achieve this aim,” he said.

The NIS Directive, once it is implemented, will become part of the government’s National Cyber Security Strategy and will compel essential service operators to make sure they are taking the necessary action to protect their IT systems.

As part of its approach, the government is proposing a number of security measures in line with existing cyber security standards.

Operators will be required to develop a strategy and policies to understand and manage their risk; to implement security measures to prevent attacks or system failures, including measures to detect attacks, develop security monitoring, and to raise staff awareness and training; to report incidents as soon as they happen; and to have systems in place to ensure that they can recover quickly after any event, with the capability to respond and restore systems.

National Cyber Security Centre chief executive Ciaran Martin said, “We welcome this consultation and agree that many organisations need to do more to increase their cyber security.

 “Everyone has a part to play and that’s why we since our launch we have been offering organisations expert advice on our website and the Government’s Cyber Essentials Scheme.”

The consultation proposes similar penalties for flaws in network and information systems as those coming for data protection with the General Data Protection Regulation, due to be in force by May 2018.

The government said it will shortly hold workshops with operators so they can provide feedback on the proposals.




We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.