Brexit—cybersecurity
Brexit—cybersecurity

The following IP guidance note provides comprehensive and up to date legal information covering:

  • Brexit—cybersecurity
  • Overview of cybersecurity regulation in the UK
  • Background to the NIS Directive and UK implementation
  • General impact of Brexit on UK implementation of the NIS Directive
  • Impact of the end of the implementation period on RDSPs
  • Impact of the end of the implementation period on UK cybersecurity co-operation with the EU

This Practice Note explores the effect of Brexit on UK cybersecurity with a particular focus on the network and information systems legislation. It covers:

  1. overview of cybersecurity regulation in the UK

  2. background to Directive (EU) 2016/1148, the Network and Information Systems Directive (the NIS Directive) and UK implementation

  3. general impact of Brexit on UK implementation of the NIS Directive

  4. impact of the end of the transition period on relevant digital service providers (RDSPs)

  5. impact of the end of the transition period on UK cybersecurity co-operation with the EU

The significance of cybersecurity has been highlighted in recent years by high-profile attacks affecting businesses and public services. These involved a diverse range of attack methods, motivations and targets as explored further in Cybersecurity, threats and risk management—overview. The EU’s recognition of the importance of ensuring Member States’ cybersecurity preparedness and capabilities led to the adoption of, Directive (EU) 2016/1148, the NIS Directive. It is the effect of Brexit on the implementation of the NIS Directive in the UK, in particular in relation to the impact on RDSPs and obligations affecting EU level co-operation, which forms the focus of this Practice Note.

Overview of cybersecurity regulation in the UK

A matrix of laws and regulations govern the security of network and information systems and infrastructure in the UK. Key legislation includes:

  1. the NIS