The Network and Information Systems Regulations 2018 (NIS Regulations) came into force in May 2018. They help to secure the UK’s critical network and information systems and keep UK businesses, citizens and public services protected.

The Government has carried out a second post-implementation review to assess how effective the Regulations have been in achieving their original objectives and whether those objectives remain appropriate for the UK, four years after implementation.

The review finds the Regulations are largely working successfully in achieving the objective “to prevent (where possible) and improve the levels of protection against network and information systems incidents”. It is recommended that the legislation be retained. The review also sets out some areas for improvement. To access the Review, click here.