Network and information systems (NIS) regulations 2018: health sector guide
A guide for designated operators of essential services for healthcare in England explaining the practical impact of the NIS Regulations.
Applies to England
Documents
Details
The Network and Information Systems (NIS) Regulations 2018 seek to ensure that organisations providing essential services that we all rely on have the right measures in place to manage risks and protect the network and information systems that support those services. To achieve this, the NIS Regulations place security and reporting duties on operators of essential services.
Healthcare services are an essential service under the NIS Regulations, with NHS trusts and foundation trusts, integrated care boards and certain independent providers of healthcare currently designated operators of essential services for healthcare services. The Secretary of State for Health and Social Care, acting through the Department of Health and Social Care (DHSC) is responsible for overseeing the operation of the NIS Regulations as they relate to the health sector in England.
This guide sets out what this means in practice and provides information for operators of essential services on fulfilling the security and incident reporting duties and the department’s oversight and enforcement approach. Operators of essential services must have regard to this guidance when carrying out their security and incident reporting duties under the NIS Regulations.
Updates to this page
Last updated 27 September 2023 + show all updates
-
Updated to provide further information for operators of essential services on fulfilling the security and incident reporting duties and the department’s oversight and enforcement approach, and to reflect changes to the NIS Regulations since this guidance was first published (see the list of key changes in the sections ‘Who this guide is for’ and ‘Updates to the NIS Regulations since 2018’).
-
First published.