icon-grid
Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Network and Information Systems Regulations 2018 [SI 2018 No. 506]Introductory TextPart 1 Introduction (reg. 1)Regulation 1 Citation, commencement, interpretation and applicationPart 2 The National Framework (regs. 2-7)Regulation 2 The NIS national strategyRegulation 3 Designation of national competent authoritiesRegulation 4 Designation of the single point of contactRegulation 5 Designation of computer security incident response teamRegulation 6 Information sharing - enforcement authoritiesRegulation 7 Information sharing - Northern IrelandPart 3 Operators of essential services (regs. 8-11)Regulation 8 Identification of operators of essential servicesRegulation 8A Nomination by an OES of a person to act on its behalf in the United KingdomRegulation 9 RevocationRegulation 10 The security duties of operators of essential servicesRegulation 11 The duty to notify incidentsPart 4 Digital Services (regs. 12-14A)Regulation 12 Relevant digital service providersRegulation 13 Co-operation with the European UnionRegulation 14 Registration with the Information CommissionerRegulation 14A Representatives of digital service providers established outside the United KingdomPart 5 Enforcement and penalties (regs. 15-20)Regulation 15 Information noticesRegulation 16 Power of inspectionRegulation 17 Enforcement notices for breach of dutiesRegulation 18 PenaltiesRegulation 19 Independent review of designation decisions and penalty decisionsRegulation 19A Appeal by an OES or RDSP to the First-tier TribunalRegulation 19B Decision of the First-tier TribunalRegulation A20 Enforcement by civil proceedingsRegulation 20 Enforcement of penalty noticesPart 6 Miscellaneous (regs. 21-25)Regulation 21 FeesRegulation 22 Proceeds of penaltiesRegulation 23 Enforcement action - general considerationsRegulation 24 Service of documentsRegulation 25 Review and reportSchedule 1 Designated Competent AuthoritiesSchedule 2 Essential Services and Threshold RequirementsSignatureExplanatory NoteExplanatory MemorandumImpact Assessments
Page Overview
Document Overview
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Coming soon: Any documents - Any document vs Another document at any date
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 25th January 2025
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application
PreviousNext
Version status: In force | Document consolidation status: Updated to reflect all known changes
Version date: 31 December 2020 - onwards
Version 4 of 4

Regulation 15 Information notices

(1) In order to assess whether a person should be an OES, a designated competent authority may serve an information notice in writing upon any person requiring that person to provide it with all such information as it reasonably requires to establish whether -

(a) a threshold requirement described in Schedule 2 is met; or

(b) the conditions mentioned in regulation 8(3) are met.

(2) A designated competent authority may serve an information notice in writing upon an OES requiring the OES to provide it with all such information as it reasonably requires for one or more of the following purposes -

(a) to assess the security of the OES's network and information systems;

(b) to establish whether there have been any events that the authority has reasonable grounds to believe have had, or could have, an adverse effect on the security of network and information systems and the nature and impact of those events;

(c) to identify any failure of the OES to comply with any duty set out in these Regulations;

PreviousNext