Ian Williamson, head of digital and privacy law and Cavan Fabris, senior manager, cyber and data law at EY, bring you the latest on the NIS.
As Europe grappled with the EU General Data Protection Regulation (GDPR) in May 2018, the Networks and Information Systems (NIS) directive quietly came into UK law that same month.
Whereas GDPR deals with the security of personal data, the NIS directive requires digital service providers, covering online search engines, cloud computing services and online marketplaces to register by 1 November 2018 with the Information Commissioner’s Office (ICO) and implement a common level of network and information systems security or face hefty fines of up to £17m.
NIS guidelines have also been set out for operators of essential services which include energy, transport, water, healthcare and digital infrastructure....