Diving into the new EU network and information systems directive

Can you imagine life without clean water or power? We consume both every day, and they provide a vital function to so many things, from our devices and homes to life itself.
Now, thanks to new rules from the European Union’s Network and Information (NIS) directive, we can add cloud computing, search engines and other internet services to that ‘vital infrastructure’ list.

Cloud computing, according to the government, “enables access to a scalable and elastic pool of shareable physical or virtual resources, which can include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).” Areas not included are most online gaming, entertainment or VoIP services. The key difference in those cases is that the resources available to the user aren’t scalable.

Per the NIS, organisations providing essential services must ensure their security is strong enough to protect their network and information systems from attackers. They must also notify authorities of significant incidents. A straightforward reporting system will be created so companies can easily report cyber breaches and IT failures, prompting a quick response to attacks.

These regulations are a major recognition for cloud computing and digital services. Once thought of as risky endeavours, they’re now considered ‘essentials’ in our daily lives. Some examples of businesses this will affect:

• Airlines, airports, air traffic control
• Local and national rail networks
• Road transport organisations
• Healthcare companies
• Suppliers and distributors of drinking water, electricity, gas
• Oil refineries and producers

If organisations decide not to embrace these rules, the penalties are steep. Fines could rise as high as £17 million – about $24 million – for businesses that don’t comply. These fines are a last resort, and according to regulations, “will not apply to operators which have assessed the risks adequately, taken appropriate security measures and engaged with regulators but still suffered an attack”.

In addition, the NIS directive also covers online marketplaces, search engines and cloud computing services providers. Though the inclusion of SaaS providers has been met with some resistance, the government says these providers play “an important role in the UK’s economy,” adding that “it is right that they are held responsible for ensuring the security of their network and information systems.”

The NIS directive will become part of UK law in May, alongside the updated GDPR regulations, and is part of a five-year £1.9 billion government cyber-protection programme. It’s a strong message that network and information systems provide critical support to daily activities, and organisations should treat them with the utmost care and guidance.
Living and working online has become ubiquitous – now organisations must ensure users can be as safe as possible when accessing this vital infrastructure of our daily lives.

Find out how Rackspace helped People HR® to protect critical customer data, and approach GDPR compliance processes.

Previous articleAnswers to Your Most Common Private Cloud Questions
Next articleThe Augmented Reality Cloud and the Future of Information
Tony serves as Regional Marketing Director for Rackspace in the EMEA region, after holding a similar position at Datapipe, which he joined in 2015. An experienced IT and telecoms executive with a successful career in marketing, product management and sales, Tony has held senior positions for companies including Verizon, BT and Cable & Wireless. He has extensive knowledge of cloud, network, security and advanced communication products, technologies and managed services, and has worked in both direct and indirect channels to market. He also writes regularly about the ever-evolving cloud industry, and was named a top cloud computing blogger in 2017. Tony is a sports fanatic and for his sins, a passionate supporter of his hometown club, Everton FC. He lives in Sevenoaks, just outside London, with his wife and occasionally his son (when he’s not hard at work at University).


Please enter your comment!
Please enter your name here