Insights Government publishes Call for views on amending incident reporting framework for digital service providers within the Network & Information Systems Regulations 2018

The Government has published a policy paper setting out its approach to rectify an EU-Exit related deficiency in the NIS legislation surrounding incident reporting thresholds for digital service providers. These thresholds are enshrined in the NIS Regulations and the European Commission Implementing Regulation (151/2018/EU), which together set out the rules for the application of the NIS Regulations in regard to digital service providers.

This call for views seeks feedback on the Government’s proposal to move incident reporting thresholds from legislation to Information Commissioner’s Office guidance. The proposals would allow the Information Commissioner’s Office, as the Competent Authority for digital service providers, to set the thresholds at a more appropriate level. The ICO has agreed to subject the new thresholds that it would propose to further consultation with relevant digital service providers.

The Government says that having the incident reporting thresholds in guidance is consistent with the approach taken by other NIS competent authorities in the UK and would allow the ICO to develop thresholds that are appropriate and proportionate to the UK.

Respondents are invited to provide answers to questions using the Government’s online feedback survey tool, with supporting evidence submitted directly. The call for views closes on 27 August 2021. To access the policy paper and for details on how to submit feedback, click here.