xmlns:atom="http://www.w3.org/2005/Atom"
  1. Introductory Text

  2. PART 1 Introduction

    1. 1.Citation, commencement, interpretation and application

  3. PART 2 The National Framework

    1. 2.The NIS national strategy

    2. 3.Designation of national competent authorities

    3. 4.Designation of the single point of contact

    4. 5.Designation of computer security incident response team

    5. 6.Information sharing – enforcement authorities

    6. 7.Information sharing – Northern Ireland

  4. PART 3 Operators of essential services

    1. 8.Identification of operators of essential services

    2. 9.Revocation

    3. 10.The security duties of operators of essential services

    4. 11.The duty to notify incidents

  5. PART 4 Digital Services

    1. 12.Relevant digital service providers

    2. 13.Co-operation and action across Member State boundaries

    3. 14.Registration with the Information Commissioner

  6. PART 5 Enforcement and penalties

    1. 15.Information notices

    2. 16.Power of inspection

    3. 17.Enforcement for breach of duties

    4. 18.Penalties

    5. 19.Independent review of designation decisions and penalty decisions

    6. 20.Enforcement of penalty notices

  7. PART 6 Miscellaneous

    1. 21.Fees

    2. 22.Proceeds of penalties

    3. 23.Enforcement action – general considerations

    4. 24.Service of documents

    5. 25.Review and report

  8. Signature

    1. SCHEDULE 1

      Designated Competent Authorities

    2. SCHEDULE 2

      Essential Services and Threshold Requirements

      1. 1.The electricity subsector

      2. 2.The oil subsector

      3. 3.The gas subsector

      4. 4.The air transport subsector

      5. 5.The water transport subsector

      6. 6.The rail transport subsector

      7. 7.The road transport subsector

      8. 8.The healthcare subsector

      9. 9.The drinking water supply and distribution subsector

      10. 10.The digital infrastructure subsector

  9. Explanatory Note