June 19, 2018

June 18, 2018

Subscribe to Latest Legal News and Analysis

UK Government Consults on Implementing Network and Information Security Directive

On August 8, the UK’s Department for Digital, Culture, Media & Sport (DCMS) published a consultation paper (CP) on implementing the EU’s Network and Information Security Directive (NIS Directive) (also known as the Cybersecurity Directive).

The DCMS explains that the NIS Directive will compel essential service operators to make sure they are taking the necessary action to protect their IT systems. In particular, operators will be required to develop a strategy and policies to understand and manage their risk, to implement security measures to prevent attacks or system failures, to report incidents as soon as they happen, and to have systems in place to ensure they can recover quickly after any event.

The CMS states that, in line with Article 1(7) of the NIS Directive, the banking and financial market infrastructures (FMIs) within the Directive’s scope will be exempt from aspects of the NIS Directive “where provisions at least equivalent to those specified in the [NIS] Directive will already exist by the time the [NIS] Directive comes into force.” It goes on to state that firms and FMIs within scope must continue to comply with the requirements and standards set by the Bank of England and the Financial Conduct Authority (FCA). (For more information on the FCA’s cyber resilience initiative, please see the June 23 Corporate Financial Weekly Digest).

As a result, as part of the consultation process, the DCMS is not carrying out the identification process for operators of essential services in the banking and FMI sectors, and competent authorities for these sectors are not being formally identified under the Directive.

The CP is available here.

©2018 Katten Muchin Rosenman LLP


About this Author

Neil Robson, private equity fund managers counselor, Katten Law Firm, London

Neil Robson, a regulatory and compliance partner with Katten Muchin Rosenman LLP, focuses his practice on counseling hedge and private equity fund managers and other investment advisers on operational, regulatory and compliance issues. He regularly addresses Financial Conduct Authority (FCA) and EU authorization and compliance under both the EU Alternative Investment Fund Managers Directive (AIFM Directive) and MiFID, cross-border issues in the financial services sector, market abuse, anti-money laundering and regulatory capital requirements, formations and buyouts of...