Introduction The 2016-2021 National Cyber Security Strategy committed the Government to ensuring the right regulatory framework is in place for cyber risk to be properly managed across the economy, including within organizations which provide our most important services.
The Network and Information Systems (NIS) Regulations represent a cornerstone of this approach, as the first cross-cutting piece of cyber security focused regulation. The Regulations are designed to raise security standards across multiple critical sectors through outcomes-based regulation which enables the approach to consistently adapt in a rapidly evolving environment.
This post-implementation review (PIR) of the NIS Regulations aims to determine how effective the Regulations have been in achieving the original objectives to date, whether those objectives remain appropriate two years on, as well as looking at how the Regulations have been implemented and the costs and benefits incurred. The review comes at an important time for wider policy development in this area. Findings from this PIR will help to inform broader policy development on the key challenges which remain in ensuring organizations are effectively managing their cyber security risk. This contributes to our overarching goal of ensuring businesses are able to prosper, citizens are protected, and the UK is the safest place in the world to be online.