Public Services > Central Government

Network and Information Systems directive to impact UK companies, despite Brexit

Published 09 August 2017

The UK government has announced its support for the directive and the setting up of a consultation to transpose the directive into UK legislation


The EU’s Security of Network and Information Systems Directive (NIS Directive) will have a significant impact on corporate security in Britain, despite the shadow of Brexit.

The directive is aimed at increasing the security of Network and Information Systems (NIS) within the European Union (EU).

The NIS directive provides a set of standards of cyber security across the EU for private and public operators of "Essential Services" and Digital Service Providers (“DSPs”).

As the NIS is an EU directive, not a regulation, EU member states are required to pass domestic laws to codify the directive into national legislation. Failing to transpose the directive would result in a set of sanctions against the non-compliant member state. Indeed, the EU Court of Justice, following the opening of an infringement procedure from the EC,  canimpose a daily penalty payment on non-compliant member states from the day of the judgement until the directive is in force in national law.

The new directive, coupled with the General Data Protection Regulation (GDPR) will come into full effect in May 2018.

Following the Brexit vote to leave the EU, there is some uncertainty about the application in the United Kingdom of new EU directives. Certainly, the UK's withdrawal from the EU will take at least two years; so, UK companies will be subject to EU regulations for several months, if not longer.

Even after that period, UK companies that store or process EU citizens’ personal data most likely will still be required to comply NIS regulations. Indeed, digital service providers that provide services in Europe are likely to be affected even if the services are provided from the UK, as the directive, like the GDPR, applies on an extraterritorial basis.

The Information Commissioner’s Office (ICO) said ,  “With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries, and that will continue to be the case." 

“Having clear laws with safeguards in place is more important than ever given the growing digital economy, and we will be speaking to government to present our view that reform of the UK law remains necessary," ICO added.


We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.