Skip to content

The Network and Information Systems Regulations

Boosting cyber security for digital and essential services

Get in touch

An opportunity to boost cyber resilience

In our technology-driven world, the services we rely on need robust data, networks and systems. But as these are digital, they’re vulnerable to cyber-attack. To fight this threat to our essential services, the Network and Information Systems Regulations (NISR) demands heightened cyber security.

Following the NISR will be challenging. From securing the right cyber skills to taking responsibility for cyber security in third-party suppliers, the regulations ask operators of essential services to take a fresh look at their cyber security. But done properly, compliance will improve cyber resilience, creating benefits that far outweigh the cost.

What are the Network and Information Systems Regulations (NISR)?

The NISR aim to protect essential services like healthcare, drinking water, oil and gas, energy, transport and online marketplaces from cyber security issues. To do this, the regulations focus on four areas:

  1. Managing cyber security risk

    Operators of essential services need to have structures, policies and processes in place to understand, assess and manage cyber security risks.

  2. Protecting against cyber-attacks

    Operators of essential services must design, communicate and enforce proper security policies, processes and technologies to protect critical systems.

  3. Detecting cyber security events

    Operators of essential services should continuously check networks and systems to detect cyber security breaches in real-time.

  4. Minimising the impact of cyber security breaches

    Operators of essential services need defined and tested incident management processes to minimise the impact of breaches and restore services quickly. They also need to report certain incidents within 72 hours.

To find out more how we can help

Contact us

How we can help

Our diverse team combines in-depth knowledge from all sectors covered by the NISR with cyber security expertise to design and deploy effective cyber security management systems. Our five-step approach covers the whole journey, from identifying the essential services, assets and systems through to assuring your ability to meet the requirements of the NISR.


We examine which services you run in which countries, and the networks and systems needed to deliver them, to define the NISR’s applicability to your organisation.


We evaluate your current cyber security measures against the NISR requirements to find gaps and assess the risks.


We work with you to design and implement a programme that resolves any cyber security gaps we find to mitigate the risks and improve resilience.


We hone your ability to recognise breaches and report them by preparing for incidents, ensuring you can respond and testing your plans and people.


We run an internal and independent assurance exercise to show your management and board that you’re compliant with the NISR.

To find out more how we can help

Contact us

Related insights

Contact us

To find out more about how we can help you, get in touch with one of our experts today.

Justin Lowe

PA digital trust and cyber security expert