Skip to main content
Version status: In force | Document consolidation status: No known changes
Version date: 18 September 2018 - onwards

Regulation 17 Security requirements in respect of operators of essential services

(1) An operator of essential services shall -

(a) take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of the network and information systems which it uses in its operations, and

(b) take appropriate measures to prevent and minimise the impact of incidents affecting the security of the network and information systems used by it for the provision of the essential services in respect of which it is designated as an operator of essential services with a view to ensuring the continuity of the provision by it of those services.

(2) The measures to be taken by an operator of essential services pursuant to paragraph (1) shall ensure, having regard to the state of the art, a level of security of network and information systems appropriate to the risks posed.