Share with your friends

Network and Information Systems Regulations 2018

Network and Information Systems Regulations 2018

As the Government launches the Network and Information Systems Regulations 2018, organisations need to ensure they’re ready to respond or run the risk of incurring non-compliance penalties of up to £17m.

Martijn Verbree - Partner in the KPMG UK Cyber security & Digital team

Partner, Cyber Security in Corporates

KPMG in the UK


Also on

Network and Information Systems Regulations 2018 - illustration of a laptop with a red warning screen

Governments around the world are responding to the increasing cyber threat with new legislation. Requirements of the new laws typically include compliance with security standards, establishing breach notification processes, being subject to regulatory audits and can also include significant penalties.

The EU launched the Network and Information Systems Directive in 2016 which requires all EU Member States to introduce cyber security legislation for the protection of critical national infrastructure. The UK Government has therefore launched the Network and Information Systems Regulations 2018 which come into force on 10 May 2018. Maximum penalties for non compliance are £17m.

This is the first time many UK industry sectors will formally be subject to cyber security regulation. Are you in scope and ready to respond?

KPMG team members have been involved in the NIS Regulations throughout the development and consultation process. KPMG is therefore here to provide you with practical support. For example:

• Defining and implementing an overall approach to addressing global legal and regulatory requirements to remove the disruptive element of multiple jurisdictions launching cyber legislation

• Supporting identification of whether you are an Operator of Essential Services as defined by the regulations

• Supporting you to identify which aspects of your business fall within the scope of the NIS Regulations

• Performing a gap analysis of in-scope systems and assets (IT and OT) against requirements including risk assessing how requirements are addressed

• Establishing strategy and roadmap of projects to close any identified gaps

If you want to work with a partner who will help you develop a practical approach to dealing with cyber security legislation please get in touch with your usual KPMG contact or use the links in the sidebar. 

You can download our full report: Are you ready to comply with the UK's Network & Information Systems (NIS) regulations? 

© 2021 KPMG LLP a UK limited liability partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organisation please visit

Connect with us


Want to do business with KPMG?


loading image Request for proposal

Save, Curate and Share

Save what resonates, curate a library of information, and share content with your network of contacts.

Sign up today