The Network and Information Systems Regulations 2018
Jurisdiction | UK Non-devolved |
Citation | SI 2018/506 |
Year | 2018 |
(1) These Regulations may be cited as the Network and Information Systems Regulations 2018 and come into force on 10th May 2018.(2) In these Regulations—
- “cloud computing service” means a digital service that enables access to a scalable and elastic pool of shareable computing resources;
- “the Commission” means the Commission of the European Union;
- F210“EU Regulation 2018/151” means Commission Implementing Regulation (EU) 2018/151 of 30 January 2018 laying down rules for application of Directive (EU) 2016/1148 of the European Parliament and of the Council as regards further specification of the elements to be taken into account by digital service providers for managing the risks posed to the security of network and information systems and of the parameters for determining whether an incident has a substantial impact;
- “Cooperation Group” means the group established under Article 11(1) ;
- “CSIRTs network” means the network established under Article 12(1) ;
- “digital service” means a service within the meaning of point (b) of Article 1(1) of Directive 2015/1535 which is of any the following kinds—
- (a) online marketplace;
- (b) online search engine;
- (c) cloud computing service;
- “digital service provider” means any person who provides a digital service;
- “Directive 2013/11” means Directive 2013/11/EU of the European Parliament and of the Council on alternative dispute resolution for consumer disputes , and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC, as amended from time to time;
- “Directive 2015/1535” means Directive (EU) 2015/1535 of the European Parliament and of the Council laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services , as amended from time to time;
- “Directive 2016/1148” means Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for a high common level of security of network and information systems across the Union , as amended from time to time;
- “Drinking Water Quality Regulator for Scotland” means the person appointed by the Scottish Ministers under section 7(1) of the Water Industry (Scotland) Act 2002 ;
- “essential service” means a service which is essential for the maintenance of critical societal or economic activities;
- F87“First-tier Tribunal” has the meaning given by section 3(1) of the Tribunals, Courts and Enforcement Act 2007;
- “GCHQ” means the Government Communications Headquarters within the meaning of section 3 of the Intelligence Services Act 1994 ;
- “incident” means any event having an actual adverse effect on the security of network and information systems;
- “network and information system” (“NIS”) means—
- (a) an electronic communications network within the meaning of section 32(1) of the Communications Act 2003 ;
- (b) any device or group of interconnected or related devices, one or more of which, pursuant to a program, perform automatic processing of digital data; or
- (c) digital data stored, processed, retrieved or transmitted by elements covered under paragraph (a) or (b) for the purposes of their operation, use, protection and maintenance;
- F87“OES” (“operator of an essential service”) means a person who is deemed to be designated as an operator of an essential service under regulation 8(1) F238or (2A) or is designated as an operator of an essential service under regulation 8(3) ;
- “online marketplace” means a digital service that allows consumers and/or traders as respectively defined in point (a) and in point (b) of Article 4(1) of Directive 2013/11 to conclude online sales or service contracts with traders either on the online marketplace's website or on a trader's website that uses computing services provided by the online marketplace;
- “online search engine” means a digital service that allows users to perform searches of, in principle, all websites or websites in a particular language on the basis of a query on any subject in the form of a keyword, phrase or other input, and returns links in which information related to the requested content can be found; ...
- “relevant law-enforcement authority” has the meaning given in section 63A(1A) of the Police and Criminal Evidence Act 1984 ; and
- F211“representative” means any natural or legal person established in the United Kingdom who is able to act on behalf of a digital service provider established outside the United Kingdom with regard to its obligations under these Regulations; and
- “risk” means any reasonably identifiable circumstance or event having a potential adverse effect on the security of network and information systems.
To continue reading
Request your trial