View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 30, 2022

UK cybersecurity rules enhanced to protect critical national infrastructure

The regulations designed to protect key services from cyberattacks are being beefed up as the number of threats rises.

By Claudia Glover

Cybersecurity regulations that protect critical national infrastructure and providers of important online services are to be tightened up, the Department for Digital, Culture, Media and Sport (DCMS) announced today.

UK cybersecurity regulator
The DCMS will be releasing amendments to current NIS regulations that will increase cyber protections for critical UK services. (Photo by

The Network and Information Systems (NIS) regulations will be strengthened following a public consultation held earlier this year. By tweaking the rules, the government hopes to offer increased protection to the UK’s critical national infrastructure, such as energy providers and the NHS, as well as key digital services like cloud computing.

What are the UK NIS regulations?

The NIS regulations were introduced in 2018 to ensure companies providing critical services could be protected from cyberattacks. 

They provide legal measures to boost the overall level of cybersecurity for networks and physical equipment belonging to infrastructure providers, as well as important digital platforms such online marketplaces, search engines and cloud providers. Non-compliance with the rules can result in fines of up to £17m.

These regulations are now being enhanced as part of the government’s £2.6bn National Cyber Strategy, and will be implemented “as soon as parliamentary time allows,” DCMS says.

DCMS minister Julia Lopez said: “We are strengthening the UK’s cyber laws against digital threats. This will better protect our essential and digital services and the outsourced IT providers that keep them running. 

“The services we rely on for healthcare, water, energy and computing must not be bought to a standstill by criminals and hostile states.” 

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

How the government is changing NIS regulations

As a result of the changes, managed service providers (MSPs), which run IT networks for many organisations, will be subject to more controls to protect their clients from supply chain attacks. Recent years have seen a number high profile breaches around, such as the SolarWinds attack, stemming from criminals targeting MSPs.

Regulators will be provided with increased powers to ensure that businesses are complying with the rules. A wider range of cyber incidents will be included in the scope of the rules, meaning Ofcom, Ofgem and the ICO will need to be notified of potential problems “even if they don’t immediately cause disruption”, DCMS says.

The government will be able to add new technologies to the list of those that fall under the umbrella of NIS rules as they become indispensable to UK infrastructure.

A recovery system will also be implemented so that the taxpayer does not end up being liable for costs related to investigating companies not complying with regulations. The fining process will be more transparent and will take into account factors like wider regulatory burdens and company size.

The changes were welcomed by Paul Maddinson, director of national resilience and strategy at the National Cyber Security Centre. “These measures will increase the resilience of the country’s essential services and their managed service provides, on which we all rely,” he said. “I welcome the opportunity to strengthen NIS regulations and the impact they will have on boosting the UK’s overall cyber resilience.”

Read more: Does the UK need a cybersecurity regulator?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.