Designation of the single point of contact
4.—(1) GCHQ is designated as the SPOC on the security of network and information systems for the United Kingdom.
(2) The SPOC must—
(a)liaise with the relevant authorities in other Member States, the Cooperation Group and the CSIRTs network to ensure cross-border co-operation;
(b)consult and co-operate, as it considers appropriate, with relevant law-enforcement authorities; and
(c)co-operate with the NIS enforcement authorities to enable the enforcement authorities to fulfil their obligations under these Regulations.
(3) The SPOC must submit reports to—
(a)the Cooperation Group based on the incident reports it received under regulation 11(9) and 12(15), including the number of notifications and the nature of notified incidents; and
(b)the Commission identifying the number of operators of essential services for each subsector listed in Schedule 2, indicating their importance in relation to that sector.
(4) The first report mentioned in paragraph (3)(a) must be submitted on or before 9th August 2018 and subsequent reports must be submitted at annual intervals.
(5) The first report mentioned in paragraph (3)(b) must be submitted on or before 9th November 2018 and subsequent reports must be submitted at biennial intervals.