- Y Diweddaraf sydd Ar Gael (Diwygiedig)
- Gwreiddiol (a wnaed Fel)
The Network and Information Systems (Amendment etc.) (EU Exit) Regulations 2019
You are here:
- Offerynnau Statudol y Deyrnas Unedig
- 2019 No. 653
- Whole Instrument
- Blaenorol
- Nesaf
Pa Fersiwn
Nodweddion Uwch
- Dangos Graddfa Ddaearyddol(e.e. Lloegr, Cymru, Yr Alban aca Gogledd Iwerddon)
- Dangos Llinell Amser Newidiadau
Rhagor o Adnoddau
Changes over time for: The Network and Information Systems (Amendment etc.) (EU Exit) Regulations 2019
Alternative versions:
Changes to legislation:
There are currently no known outstanding effects for The Network and Information Systems (Amendment etc.) (EU Exit) Regulations 2019.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
Statutory Instruments
2019 No. 653
Exiting The European Union
Electronic Communications
The Network and Information Systems (Amendment etc.) (EU Exit) Regulations 2019
Sift requirements satisfied
19th March 2019
Made
25th March 2019
Laid before Parliament
27th March 2019
Coming into force in accordance with regulation 1
The Secretary of State makes these Regulations in exercise of the powers conferred by section 8(1) of, and paragraph 21(b) of Schedule 7 to, the European Union (Withdrawal) Act 2018 M1.
The requirements of paragraph 3(2) of Schedule 7 to that Act (relating to the appropriate Parliamentary procedure for these Regulations) have been satisfied.
Marginal Citations
Citation, commencement and interpretationU.K.
1.—(1) These Regulations may be cited as the Network and Information Systems (Amendment etc.) (EU Exit) Regulations 2019.
(2) These Regulations come into force on the twentieth day after exit day.
(3) In these Regulations, “the NIS Regulations” means the Network and Information Systems Regulations 2018 M2.
Commencement Information
Marginal Citations
M2S.I. 2018/506. This instrument was amended by S.I. 2018/629.
Amendments of retained EU lawU.K.
2. In the Schedule—
(a)Part 1 amends domestic legislation (the NIS Regulations);
(b)Part 2 amends or revokes retained direct EU legislation.
Margot James
Minister for Digital and the Creative Industries
Department for Digital, Culture, Media and Sport
Regulation 2
SCHEDULEU.K.Amendments of retained EU law
PART 1 U.K.Domestic legislation
1. The NIS Regulations are amended as follows.U.K.
Commencement Information
I3Sch. para. 1 in force at 20.1.2021, see reg. 1(2)
2. In regulation 1, after the definition of “the Commission”, insert—U.K.
““EU Regulation 2018/151” means Commission Implementing Regulation (EU) 2018/151 of 30 January 2018 laying down rules for application of Directive (EU) 2016/1148 of the European Parliament and of the Council as regards further specification of the elements to be taken into account by digital service providers for managing the risks posed to the security of network and information systems and of the parameters for determining whether an incident has a substantial impact.”.
Commencement Information
I4Sch. para. 2 in force at 20.1.2021, see reg. 1(2)
3. In regulation 2—U.K.
(a)omit paragraph (6);
(b)in paragraph (7), omit “or communicating it to the Commission”.
Commencement Information
I5Sch. para. 3 in force at 20.1.2021, see reg. 1(2)
4. In regulation 3(3)—U.K.
(a)in subparagraph (c), omit “, including an indication of the importance of each operator in relation to the subsector in relation to which it provides an essential service”;
(b)omit subparagraph (g)(ii);
(c)after paragraph (3), insert—
“(3A) In relation to the subsector for which it is designated under paragraph (1), the competent authority may consult and co-operate with a public authority in the EU if it is in the interests of effective regulation of that subsector (whether inside or outside the United Kingdom).”.
Commencement Information
I6Sch. para. 4 in force at 20.1.2021, see reg. 1(2)
5. In regulation 4—U.K.
(a)for paragraph (2), substitute—
“(2) The SPOC may liaise with the relevant authorities in any Member State of the EU, the Cooperation Group and the CSIRTs network if it considers it appropriate.”;
(b)after paragraph (2), insert—
“(2A) The SPOC must—
(a)consult and co-operate, as it considers appropriate, with relevant law enforcement authorities;
(b)co-operate with the NIS enforcement authorities to enable the enforcement authorities to fulfil their obligations under these Regulations.”;
(c)in paragraph (3)—
(i)in words before sub-paragraph (a), for “must”, substitute “ may, if it considers it appropriate to do so ”;
(ii)in subparagraph (b), omit “, indicating their importance in relation to that sector”;
(d)omit paragraphs (4) and (5).
Commencement Information
I7Sch. para. 5 in force at 20.1.2021, see reg. 1(2)
6. In regulation 5—U.K.
(a)in paragraph (2), omit subparagraph (e);
(b)for paragraph (3) substitute—
“(3) The CSIRT may co-operate with or participate in international co-operation networks (including the CSIRTs network) if the CSIRT considers it appropriate to do so.”.
Commencement Information
I8Sch. para. 6 in force at 20.1.2021, see reg. 1(2)
7. In regulation 6—U.K.
(a)in paragraph (1), for “the Commission and the relevant authorities in other Member States”, substitute “ and public authorities in the EU ”;
(b)in paragraph (2), for “the Commission or the relevant authorities in other Member States” substitute “ a public authority in the EU ”.
Commencement Information
I9Sch. para. 7 in force at 20.1.2021, see reg. 1(2)
8. Omit regulation 8(7).U.K.
Commencement Information
I10Sch. para. 8 in force at 20.1.2021, see reg. 1(2)
9. Omit regulation 9(5).U.K.
Commencement Information
I11Sch. para. 9 in force at 20.1.2021, see reg. 1(2)
10. For regulation 11(6) substitute—U.K.
“(6) After receipt of the NIS incident information under paragraph (5)(b), and based on that information, the CSIRT may inform the relevant authorities in a Member State if the CSIRT considers that the incident has a significant impact on the continuity of an essential service provision in that Member State.”.
Commencement Information
I12Sch. para. 10 in force at 20.1.2021, see reg. 1(2)
11. In regulation 12—U.K.
(a)in paragraph (1), for “European Union” substitute “ United Kingdom ”;
(b)omit [F1paragraph (10)];
(c)in paragraph (11), for “paragraph (10)”, substitute “ these Regulations ”;
(d)in paragraph (14), in the opening words, for “another Member State” substitute “ a Member State of the EU ”;
(e)omit paragraph (17).
Textual Amendments
F1Words in Sch. para. 11(b) substituted (20.1.2021) by The Network and Information Systems (Amendment etc.) (EU Exit) (No. 2) Regulations 2019 (S.I. 2019/1444), regs. 1(2), 4; 2020 c. 1, Sch. 5 para. 1(1)
Commencement Information
I13Sch. para. 11 in force at 20.1.2021, see reg. 1(2)
12. For regulation 13 substitute—U.K.
Co-operation with the European Union
13. The Information Commissioner may give information and assistance to, and otherwise co-operate with, a public authority in the EU if the Information Commissioner considers that to do so would be in the interests of effective supervision of digital service providers (whether inside or outside the United Kingdom), including in the event of an incident notified under regulation 12(3).”.
Commencement Information
I14Sch. para. 12 in force at 20.1.2021, see reg. 1(2)
13. In regulation 25—U.K.
(a)in paragraph (1)(a), after “these Regulations” insert “ and in EU Regulation 2018/151 ”;
(b)omit paragraph (3).
Commencement Information
I15Sch. para. 13 in force at 20.1.2021, see reg. 1(2)
PART 2 U.K.Retained direct EU legislation
Commission Implementing Regulation (EU) 2018/151U.K.
14.—(1) Commission Implementing Regulation (EU) 2018/151 of 30 January 2018 laying down rules for application of Directive (EU) 2016/1148 of the European Parliament and of the Council as regards further specification of the elements to be taken into account by digital service providers for managing the risks posed to the security of network and information systems and of the parameters for determining whether an incident has a substantial impact is amended as follows.
(2) For “digital service provider”, in each place it occurs, substitute “ RDSP ”.
(3) For “digital service providers”, in each place it occurs, substitute “ RDSPs ”.
(4) After Article 1, insert—
“Article 1AU.K.
Interpretation
In this Regulation—
“NIS Regulations” means the Network and Information Systems Regulations 2018;
“RDSP” has the same meaning as in the NIS Regulations.”.
(5) In Article 2—
(a)In paragraph 1, for “point (a) of Article 16(1) of Directive (EU) 2016/1148” substitute “ regulation 12(2)(c)(i) of the NIS Regulations ”;
(b)in paragraph 2, for “point (b) of Article 16(1) of Directive (EU) 2016/1148” substitute “ regulation 12(2)(c)(ii) of the NIS Regulations ”;
(c)in paragraph 3, for “point (c) of Article 16(1) of Directive (EU) 2016/1148” substitute “ regulation 12(2)(c)(iii) of the NIS Regulations ”;
(d)in paragraph 4, for “point (d) of Article 16(1) of Directive (EU) 2016/1148” substitute “ regulation 12(2)(c)(iv) of the NIS Regulations ”;
(e)in paragraph 5, for “point (e) of Article 16(1) of Directive (EU) 2016/1148” substitute “ regulation 12(2)(c)(v) of the NIS Regulations ”.
(6) In Article 3—
(a)in paragraph 1, for “point (a) of Article 16(4) of Directive (EU) 2016/1148” substitute “ regulation 12(7)(a)(i) of the NIS Regulations ”;
(b)in paragraph 2, for “point (b) of Article 16(4) of Directive (EU) 2016/1148” substitute “ regulation 12(7)(a)(ii) of the NIS Regulations ”;
(c)in paragraph 3—
(i)for “point (c) of Article 16(4) of Directive (EU) 2016/1148” substitute “ regulation 12(7)(a)(iii) of the NIS Regulations ”;
(ii)after “Member States”, insert “ of the EU ”;
(d)in paragraph 4, for “point (d) of Article 16(4) of Directive (EU) 2016/1148” substitute “ regulation 12(7)(a)(iv) of the NIS Regulations ”;
(e)in paragraph 5, for “point (e) of Article 16(4) of Directive (EU) 2016/1148” substitute “ regulation 12(7)(a)(v) of the NIS Regulations ”.
(7) In Article 4—
(a)in paragraph 1—
(i)in point (a), before “Union” insert “ European ”;
(ii)in point (b), before “Union” insert “ European ”;
(iii)for point (d)—
(aa)before “Union” insert “ European ”;
(bb)for “EUR 1000 000” substitute “ £880,000 ”;
(b)omit paragraph 2.
(8) After Article 5, omit the words from “This Regulation” to “Member States.”.
Commencement Information
I16Sch. para. 14 in force at 20.1.2021, see reg. 1(2)
Regulation (EU) No 526/2013U.K.
15. Regulation (EU) No 526/2013 of the European Parliament and of the Council of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004 is revoked.
Commencement Information
I17Sch. para. 15 in force at 20.1.2021, see reg. 1(2)
Revocation of provision of EEA agreementU.K.
16. In Annex 11 of the EEA Agreement, so far as it forms part of domestic law on and after exit day by virtue of section 3(1) of the European Union (Withdrawal) Act 2018, point 5cp is revoked insofar as it is retained EU law.
Commencement Information
I18Sch. para. 16 in force at 20.1.2021, see reg. 1(2)
Explanatory Note
(This note is not part of the Regulations)
These Regulations are made in exercise of the powers conferred by section 8(1) of the European Union (Withdrawal) Act 2018 (c. 16) in order to address failures of retained EU law to operate effectively and other deficiencies (in particular under paragraphs (a), (b), (c), (d) and (g) of section 8(2)) which apply to this instrument arising from the withdrawal of the UK from the European Union.
Part 1 amends the Network and Information Systems Regulations 2018 (S.I. 2018/506) (the NIS Regulations) and Part 2 amends Commission Implementing Regulation (EU) 2018/151 (OJ No L 26, 31.1.2018, p. 48) as retained by the European Union (Withdrawal) Act 2018 (the Act) and revokes Regulation (EU) No 526/2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004 (the ENISA Regulation)(OJ L165, 18.6.2013, p.41) as retained by the Act.
The NIS Regulations place obligations on GCHQ and the NIS enforcement authorities (the Information Commissioner and the competent authorities which regulate the operators of essential services) to liaise, consult, co-operate and share information with certain EU bodies. The obligations derive from Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for a high common level of security of network and information systems across the Union (the NIS Directive)(OJ No L194, 19.7.2016, p.1). The UK will no longer be a Member State following the UK's withdrawal from the EU and it will therefore no longer be appropriate to require these bodies to carry out these functions. These Regulations therefore amend the NIS Regulations so as to remove those obligations whilst retaining the ability of these bodies to continue to exercise those functions if required. These amendments are necessary in order to remove these deficient provisions from the UK statute book.
Regulation 2 of the NIS Regulations is amended so as to remove the obligation on UK ministers to communicate the NIS national strategy to the Commission. These amendments are necessary in order to remove these deficient provisions from the UK statute book.
Commission Implementing Regulation (EU) 2018/151 is amended so as to remove references to EU based services providers and to convert from Euros into sterling. These amendments are necessary in order to remove these deficient provisions from the UK statute book.
The ENISA Regulation is being revoked because it establishes and confers functions upon the European Union Agency for Network and Information Security (ENISA), which is an EU body. The Regulation is retained by the Act and cannot operate to have any effect in UK law. It is therefore being revoked so as to remove it from the UK statute book.
A full impact assessment has not been produced for this instrument as no, or no significant, impact on the private or voluntary sector is foreseen.
An Explanatory Memorandum is published alongside the instrument at www.legislation.gov.uk.
The EU instruments referred to above are published at http://eur-lex.europa.eu.
Options/Cymorth
Print Options
PrintThe Whole Instrument
Mae deddfwriaeth ar gael mewn fersiynau gwahanol:
Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.
Gwreiddiol (Fel y’i Deddfwyd neu y’i Gwnaed): Mae'r wreiddiol fersiwn y ddeddfwriaeth fel ag yr oedd pan gafodd ei deddfu neu eu gwneud. Ni wnaed unrhyw newidiadau i’r testun.
Gweler y wybodaeth ychwanegol ochr yn ochr â’r cynnwys
Rhychwant ddaearyddol: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Dangos Llinell Amser Newidiadau: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Dewisiadau Agor
Dewisiadau gwahanol i agor deddfwriaeth er mwyn gweld rhagor o gynnwys ar y sgrin ar yr un pryd
Memorandwm Esboniadol
Mae Memoranda Esboniadol yn nodi datganiad byr o ddiben Offeryn Statudol ac yn rhoi gwybodaeth am ei amcan polisi a goblygiadau polisi. Maent yn ceisio gwneud yr Offeryn Statudol yn hygyrch i ddarllenwyr nad oes ganddynt gymhwyster cyfreithiol, ac maent yn cyd-fynd ag unrhyw Offeryn Statudol neu Offeryn Statudol Drafft a gyflwynwyd ger bron y Senedd o Fehefin 2004 ymlaen.
Rhagor o Adnoddau
Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:
- y PDF print gwreiddiol y fel deddfwyd fersiwn a ddefnyddiwyd am y copi print
- rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
- manylion rhoi grym a newid cyffredinol
- pob fformat o’r holl ddogfennau cysylltiedig
- slipiau cywiro
- dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Llinell Amser Newidiadau
This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.
Rhagor o Adnoddau
Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:
- y PDF print gwreiddiol y fel gwnaed fersiwn a ddefnyddiwyd am y copi print
- slipiau cywiro
liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys
- rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
- manylion rhoi grym a newid cyffredinol
- pob fformat o’r holl ddogfennau cysylltiedig
- dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Mae’r holl gynnwys ar gael dan Drwydded Llywodraeth Agored v3.0 ac eithrio ble nodir yn wahanol. Yn ychwanegol mae’r safle hwn â chynnwys sy’n deillio o EUR-Lex, a ailddefnyddiwyd dan delerau Penderfyniad y Comisiwn 2011/833/EU ar ailddefnyddio dogfennau o sefydliadau’r UE. Am ragor o wybodaeth gweler ddatganiad cyhoeddus Swyddfa Gyhoeddiadau’r UE ar ailddefnyddio.