Bird & Bird's Cathal Flynn outlines the key findings of Ofcom's recently published UK interim guidance for essential operators in the digital infrastructure subsector being impacted by National Information Systems Directive (NISD).
Last week marked the adoption by each Member State of the European Union of an important piece of EU legislation, the Network and Information Systems Directive (NISD). To find out more about NISD and how it impacts you, please refer to our summary article, series of videos and handy NISD tracker highlighting the differences between various EU jurisdictions.
NISD affects, amongst others, operators of essential services (OESs) that rely on network and information systems, including providers of providers of digital infrastructure, and Ofcom has been designated as the competent UK authority for that subsector. One of Ofcom's duties is the preparation and publication of guidance; and on 8 May 2018, it published interim guidance for OESs in the digital infrastructure subsector. This is expected to evolve as it gains a better understanding of the sector, and will receive regular review.
In summary, the guidance:
- clarifies the status of digital infrastructure providers as OESs for the purposes of NISD
- describes the three categories of essential services provided by digital infrastructure providers
- clarifies notification duties: any digital infrastructure providers as at May 10, 2018 are obliged to notify Ofcom of OES status no later than August 9, 2018
- outlines the security and incident reporting duties of digital infrastructure providers, noting that the measures taken must ensure a level of security appropriate to the risk presented.
Ofcom recommends that all essential operators (OESs) in the digital infrastructure space seek independent legal advice. To read the full article, click here. To find out more about how Bird & Bird can help get in touch with Cathal Flynn at Cathal.Flynn@twobirds.com.
About the Bird & Bird Cyber team:
The long established multidisciplinary Cyber team at Bird & Bird is tracking developments in the adoption of NISD and the guidance that is issued and anticipated from the Government, NCSC and Competent Authorities. We are on hand to assist in any aspect of support that may be needed in respect of cyber-security, from gap analyses and the establishment of resilience programmes to regulatory compliance and incident response. If you would like to know more on the obligations that will come with the NIS Regulations - and how you may be affected - we are here to help.