The EU NIS Directive and UK NIS Regulations—timeline

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • The EU NIS Directive and UK NIS Regulations—timeline
  • Key developments

The EU NIS Directive and UK NIS Regulations—timeline

This timeline sets out key dates and information relating to:

  1. the EU’s Network and Information Systems Directive (NIS Directive), Directive (EU) 2016/1148—also known as the ‘Cybersecurity Directive’ or ‘Network and Information Security Directive’

  2. the UK’s Network and Information Systems Regulations 2018 (NIS Regulations), SI 2018/506

It includes strategy documents, consultations, progress reports as well as opinions and guidance issued by a range of organisations on the development of the NIS Directive and NIS Regulations.

For more information, see Practice Notes:

  1. The Network and Information Systems Regulations 2018

  2. Cybersecurity breach notification requirements

Key developments

DateInstitutionSummary
31 December 2020EU and UKEnd of the Brexit implementation (or ‘transition’) period: the Cybersecurity Directive ceases to apply in the UK. NIS Regulations continue to apply in the UK (as amended by Brexit legislation). See Practice Note: Brexit—cybersecurity.

Other reforms to NIS Regulations: the Network and Information Systems (Amendment and Transitional Provision etc) Regulations 2020, SI 2020/1245 also come into force.
17 December 2020European CommissionCommission publishes proposals for reform of the NIS Directive (see: LNB News 17/12/2020 73) and a Cybersecurity Strategy (see: LNB News 17/12/2020 91).
10 November 2020ParliamentThe Network and Information Systems (Amendment and Transitional Provision etc) Regulations 2020, SI 2020/1245 laid before Parliament. They come into force on 31 December 2020.
10 November 2020Department for Digital, Culture, Media & Sport

Popular documents