Statement: Ofcom's changes to the NIS Guidance on incident reporting thresholds for the digital infrastructure subsector

Gwasanaethau rhyngrwyd Diogelwch rhwydweithiau Ymgynghoriadau a datganiadau

Cyhoeddwyd: 1 Tachwedd 2022

Ymgynghori yn cau: 31 Ionawr 2023

Statws: Ar gau (cyhoeddwyd y datganiad)

Statement published 31 May 2023

Ofcom’s updated guidance for the Network and Information Systems Regulations published on 31 May 2023 replaces the previous guidance (NIS 2021 Guidance) which sets out our views on how an Operator of Essential Service (OES) in the digital infrastructure subsector could meet their obligations under these regulations.

We have updated our NIS Guidance for the digital infrastructure subsector focusing on the Incident Reporting Thresholds which have been lowered, and updated the section about enforcement with a link referencing our Regulatory Enforcement Guidelines which was published in December 2022. It sets out how we normally would expect to approach our functions under the NIS Regulations and how the OES can fulfil their duties in ensuring the security of their network and information systems.

We are also providing general guidance about which security compromises we would normally expect providers to report to Ofcom and the process for reporting them.