Ofgem and cyber security

On 10 May 2018, the Network and Information Systems (‘NIS’) Directive was transposed into UK law as The Network and Information Systems Regulations 2018 (‘NIS Regulations’). It applies to the water, health, transportation, digital and energy sectors.

The NIS Regulations impose new duties on Operators of Essential Services (‘OES’) and give relevant Competent Authorities new powers and responsibilities to ensure OES are meeting those duties.

Ofgem has been designated in the NIS Regulations as joint CA with the Department for Business, Energy and Industrial Strategy (‘BEIS’) for the downstream gas and electricity sectors in Great Britain.

OES are those electricity and gas operators who are determined by thresholds defined in the NIS Regulations and BEIS.

Below you can view all information and publications we have issued to OES as the GB Competent Authority.

Publications and updates

  • Published: 30th Nov 2018
  • Guidance
  • 2 Associated documents
This guidance supports Operators of Essential Services with their cyber security provisions under the Network and Information Systems (‘NIS’) Directive and NIS Regulations 2018.