Second Post-Implementation Review of the Network and Information Systems Regulations 2018
UIN: HCWS173 Today I am publishing the statutory post-implementation review of the Network and Information Systems Regulations 2018 on the Government’s website. This is the second review of the Regulations since their implementation.The Regulations came into force in ...
Written statements - Written questions, answers and statements - UK Parliament
Skip to main content
UK Parliament
Business
Written questions, answers and statements
Find written statements
HCWS173
Second Post-Implementation Review of the Network and Information Systems Regulations 2018
Statement made on 4 July 2022
Statement UIN HCWS173
Statement made by
Julia Lopez
Minister for Media, Data, and Digital Infrastructure
Conservative
Hornchurch and Upminster
Commons
Statement
Today I am publishing the statutory
post-implementation review of the Network and Information Systems Regulations 2018
on the Government’s website. This is the second review of the Regulations since their implementation.
The Regulations came into force in May 2018. The objective of the Regulations is to improve the security of network and information systems which are critical to the provision of essential services and digital services which, if disrupted, could cause significant economic and social harm to people, businesses, and critical national infrastructure.
The Department for Digital, Culture, Media & Sport has assessed the impact, costs and benefits of the Regulations, how effective the Regulations have been in achieving the original objectives, and whether those objectives remain appropriate for the UK four years on.
The review is clear that the Regulations have acted as an accelerator for improvements to the security of regulated organisations. Regulated organisations have shown an increase in the prioritisation of cyber security at senior level, increased investment in cyber security from boards, the introduction or improvement of cyber security policies, improved incident response management, and a greater awareness of aggregate risks.
The review concludes that the Regulations are an effective tool to drive good cyber security behaviours. As such, it recommends that the Government retain the Regulations to continue to incentivise organisations in scope to make security improvements.
The report also makes recommendations for changes to strengthen and future-proof the regulatory framework, so that it can adapt effectively to the rapidly evolving landscape. These changes were included in my department’s public consultation on proposals for cyber security-related legislation in January this year. The outcomes of this consultation will be published later this year.
The next statutory Post-Implementation Review of the Regulations will be carried out in the next five years.
Statement from
Department for Digital, Culture, Media and Sport
Linked statements
This statement has also been made in the House of Lords
Department for Digital, Culture, Media and Sport
Second Post-Implementation Review of the Network and Information Systems Regulations 2018
Lord Parkinson of Whitley Bay
Minister for Arts
Conservative, Life peer
Statement made 4 July 2022
HLWS168
Lords