Network and Information Systems Enforcement Guidelines and Penalty Policy


Publication date

As part of Ofgem’s duty to regulate the way in which businesses in the energy sector behave, it is important that we can act swiftly and decisively to put things right if businesses fail to meet their duties, including where they demonstrate poor behaviours or conduct. By doing so, Ofgem can send strong deterrent messages to all the relevant businesses operating in the energy sector.

The aim of the Network and Information Systems Regulations 2018 (NIS) is to drive improvement in the protection of the network and information systems that are critical for the delivery of the UK’s essential services. Designated operators of essential services (OES) must comply with a number of duties set out in NIS.

The NIS Guidelines and Penalty Policy describes how we may use our enforcement powers and tools in situations relating to breaches and infringements under NIS, how our decision-making process works and how contraventions will be addressed and deterred.

The guidelines also set out a number of enforcement tools we may use as an alternative to exercising our statutory enforcement powers.

The aim of these guidelines is to provide greater clarity, consistency and transparency to our enforcement policies and processes and to describe the framework we have in place to maximise the impact and efficiency of our work.