Insights Ofcom proposes revisions to Network and Information Systems Guidance


Ofcom has proposed revisions to the incident reporting thresholds set out in its Network and Information Systems (NIS) Guidance.

First published in May 2018, the NIS Guidance sets out Ofcom’s view of how Operators of Essential Services, i.e. organisations in the digital infrastructure sector that provide critical services to the economy, can meet their obligations under the NIS Regulations.

Under the Regulations, operators are required to notify Ofcom of any incident, such as an outage, that has a significant impact on the continuity of the essential service they provide. The NIS Guidance sets out thresholds of what Ofcom considers to be a significant impact and therefore when it expects operators to report incidents.

As a result of several outages that have occurred since 2020, which were not reported to Ofcom, the regulator is proposing to lower the incident reporting thresholds in the NIS Guidance. These outages fell below the existing reporting thresholds, but Ofcom believes that they could have had a significant impact on the continuity of essential services.

Ofcom is inviting responses to its proposals by 13 January 2023 and, subject to feedback, expects to publish its decision and revised guidance in spring 2023. To access the proposals, click here.