xmlns:atom="http://www.w3.org/2005/Atom" xmlns:atom="http://www.w3.org/2005/Atom"
Introductory Text
PART 1 Introduction
1.Citation, commencement, interpretation and application
PART 2 The National Framework
2.The NIS national strategy
3.Designation of national competent authorities
4.Designation of the single point of contact
5.Designation of computer security incident response team
6.Information sharing – enforcement authorities
7.Information sharing – Northern Ireland
PART 3 Operators of essential services
8.Identification of operators of essential services
8A.Nomination by an OES of a person to act on its behalf in the United Kingdom
9.Revocation
10.The security duties of operators of essential services
11.The duty to notify incidents
PART 4 Digital Services
12.Relevant digital service providers
13.Co-operation with the European Union
14.Registration with the Information Commissioner
14A.Representatives of digital service providers established outside the United Kingdom
PART 5 Enforcement and penalties
15.Information notices
16.Power of inspection
17.Enforcement notices for breach of duties
18.Penalties
19.Independent review of designation decisions and penalty decisions
19A.Appeal by an OES or RDSP to the First-tier Tribunal
19B.Decision of the First-tier Tribunal
A20.Enforcement by civil proceedings
20.Enforcement of penalty notices
PART 6 Miscellaneous
21.Fees
22.Proceeds of penalties
23.Enforcement action – general considerations
24.Service of documents
25.Review and report
Signature
SCHEDULE 1
Designated Competent Authorities
SCHEDULE 2
Essential Services and Threshold Requirements
1.The electricity subsector
2.The oil subsector
3.The gas subsector
4.The air transport subsector
5.The water transport subsector
6.The rail transport subsector
7.The road transport subsector
8.The healthcare subsector
9.The drinking water supply and distribution subsector
10.The digital infrastructure subsector
Explanatory Note