- Latest available (Revised)
- Original (As made)
The Network and Information Systems Regulations 2018
You are here:
- UK Statutory Instruments
- 2018 No. 506
- PART 5
- Regulation 16
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
Changes to legislation:
There are currently no known outstanding effects for the The Network and Information Systems Regulations 2018, Section 16.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
Power of inspectionU.K.
This section has no associated Explanatory Memorandum
16.—(1) [F1The designated competent authority for an OES may—]
(a)conduct [F2all or any part of] an inspection;
(b)appoint a person to conduct [F3all or any part of] an inspection on its behalf; F4...
(c)direct the OES to appoint a person who is approved by that authority to conduct [F5all or any part of] an inspection on its behalf,
F6....
(2) The Information Commissioner may—
(a)conduct [F7all or any part of] an inspection;
(b)appoint a person to conduct [F8all or any part of] an inspection on its behalf; F9...
(c)direct that a RDSP appoint a person who is approved by the Information Commissioner to conduct [F10all or any part of] an inspection on its behalf,
F11....
(3) For the purposes of carrying out the inspection under paragraph (1) or (2), the OES or RDSP (as the case may be) must—
(a)pay the reasonable costs of the inspection [F12if so required by the relevant competent authority or the Information Commissioner];
(b)co-operate with the [F13inspector];
(c)provide the inspector with F14... access to their premises [F15in accordance with paragraph (5)(a)];
[F16(d)allow the inspector to examine, print, copy or remove any document or information, and examine or remove any material or equipment, in accordance with paragraph (5)(d);]
(e)allow the inspector access to any person from whom the inspector seeks relevant information for the purposes of the inspection;
[F17(f)not intentionally obstruct an inspector performing their functions under these Regulations; and
(g)comply with any request made by, or requirement of, an inspector performing their functions under these Regulations.]
(4) The [F18relevant] competent authority or Information Commissioner may appoint a person to [F19conduct all or any part of] an inspection under paragraph (1)(b) or (2)(b) on its behalf on such terms and in such a manner as it considers appropriate.
[F20(5) An inspector may—
(a)at any reasonable time enter the premises of an OES or RDSP (except any premises used wholly or mainly as a private dwelling) if the inspector has reasonable grounds to believe that entry to those premises may be necessary or helpful for the purpose of the inspection;
(b)require an OES or RDSP to leave undisturbed and not to dispose of, render inaccessible or alter in any way any material, document, information, in whatever form and wherever it is held (including where it is held remotely), or equipment which is, or which the inspector considers to be, relevant for such period as is, or as the inspector considers to be, necessary for the purposes of the inspection;
(c)require an OES or RDSP to produce and provide the inspector with access, for the purposes of the inspection, to any such material, document, information or equipment which is, or which the inspector considers to be, relevant to the inspection, either immediately or within such period as the inspector may specify;
(d)examine, print, copy or remove any document or information, and examine or remove any material or equipment (including for the purposes of printing or copying any document or information) which is, or which the inspector considers to be, relevant for such period as is, or as the inspector considers to be, necessary for the purposes of the inspection;
(e)take a statement or statements from any person;
(f)conduct, or direct the OES or RDSP to conduct, tests;
(g)take any other action that the inspector considers appropriate and reasonably required for the purposes of the inspection.
(6) The inspector must—
(a)produce proof of the inspector’s identity if requested by any person present at the premises; and
(b)take appropriate and proportionate measures to ensure that any material, document, information or equipment removed in accordance with paragraph (5)(d) is kept secure from unauthorised access, interference and physical damage.
(7) Before exercising any power under paragraph (5)(b) to (d) or (g), the inspector—
(a)must take such measures as appear to the inspector appropriate and proportionate to ensure that the ability of the OES or RDSP, as the case may be, to comply with any duty set out in these Regulations will not be affected; and
(b)may consult such persons as appear to the inspector appropriate for the purpose of ascertaining the risks, if any, there may be in doing anything which the inspector proposes to do under that power.
(8) Where under paragraph (5)(d) an inspector removes any document, material or equipment, the inspector must provide, to the extent practicable, a notice giving—
(a)sufficient particulars of that document, material or equipment for it to be identifiable; and
(b)details of any procedures in relation to the handling or return of the document, material or equipment.
(9) In this regulation—
(a)a reference to a “test” is a reference to any process which is—
(i)employed to verify assertions about the security of a network or information system; and
(ii)based on interacting with that system, including components of that system,
and includes the exercising of any relevant security or resilience management process;
(b)“inspection” means any activity carried out (including any steps mentioned in paragraph (5)) for the purpose of—
(i)verifying compliance with the requirements of these Regulations; or
(ii)assessing or gathering evidence of potential or alleged failures to comply with the requirements of these Regulations,
including any necessary follow-up activity for either purpose;
(c)“inspector” means any person conducting all or any part of an inspection in accordance with paragraph (1) or (2).]
Textual Amendments
F1Words in reg. 16(1) substituted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(a)(i) (with reg. 21)
F2Words in reg. 16(1)(a) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(a)(ii) (with reg. 21)
F3Words in reg. 16(1)(b) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(a)(ii) (with reg. 21)
F4Word in reg. 16(1) omitted (31.12.2020) by virtue of The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(a)(iii) (with reg. 21)
F5Words in reg. 16(1)(c) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(a)(iv) (with reg. 21)
F6Words in reg. 16(1) omitted (31.12.2020) by virtue of The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(a)(v) (with reg. 21)
F7Words in reg. 16(2)(a) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(b)(i) (with reg. 21)
F8Words in reg. 16(2)(b) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(b)(i) (with reg. 21)
F9Word in reg. 16(2) omitted (31.12.2020) by virtue of The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(b)(ii) (with reg. 21)
F10Words in reg. 16(2)(c) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(b)(iii) (with reg. 21)
F11Words in reg. 16(2) omitted (31.12.2020) by virtue of The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(b)(iv) (with reg. 21)
F12Words in reg. 16(3)(a) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(c)(i) (with reg. 21)
F13Word in reg. 16(3)(b) substituted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(c)(ii) (with reg. 21)
F14Word in reg. 16(3)(c) omitted (31.12.2020) by virtue of The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(c)(iii)(aa) (with reg. 21)
F15Words in reg. 16(3)(c) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(c)(iii)(bb) (with reg. 21)
F16Reg. 16(3)(d) substituted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(c)(iv) (with reg. 21)
F17Reg. 16(3)(f)(g) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(c)(v) (with reg. 21)
F18Word in reg. 16(4) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(d)(i) (with reg. 21)
F19Words in reg. 16(4) substituted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(d)(ii) (with reg. 21)
F20Reg. 16(5)-(9) inserted (31.12.2020) by The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations 2020 (S.I. 2020/1245), regs. 1(1), 12(e) (with reg. 21)
Options/Help
Print Options
PrintThe Whole Instrument
PrintThe Whole Part
PrintThis Section only
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
Explanatory Memorandum
Explanatory Memorandum sets out a brief statement of the purpose of a Statutory Instrument and provides information about its policy objective and policy implications. They aim to make the Statutory Instrument accessible to readers who are not legally qualified and accompany any Statutory Instrument or Draft Statutory Instrument laid before Parliament from June 2004 onwards.
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as enacted version that was used for the print copy
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Impact Assessments
Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:
- Why the government is proposing to intervene;
- The main options the government is considering, and which one is preferred;
- How and to what extent new policies may impact on them; and,
- The estimated costs and benefits of proposed measures.
Timeline of Changes
This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as made version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.