The UK consults on its plans to implement EU Cybersecurity Directive

In August, the UK government launched a consultation on the implementation of the network and information systems (NIS) Directive – also knows as the Cybersecurity Directive), running until 30 September. EU member states have to implement the NIS directive into national law until 9 May 2018, before the end of the Brexit negotiations. Among other provisions, the NIS Directive imposes security and incident reporting obligations on key digital service providers – online marketplaces, search engines and cloud computing services – for which the UK government proposes definitions open to comments during the consultation. Following the Brexit referendum in June 2017, the consultation document mentions the ‘government’s intent that on exit from the European Union this legislation will continue to apply in the UK’.