The DCMS NIS Regulations Review

The DCMS NIS Regulations Review

The Department for Digital, Culture, Media, and Sport (DCMS) has released a post-implementation review (PIR) of the Network and Information Systems (NIS) Regulations 2018 [1]. It is now two years since the NIS Regulations became law.

The aim of the NIS Regulations is to protect and manage cyber risks to Operators of Essential Services (OES) and Relevant Digital Services Providers (RDSP) [2].

The PIR reviews the following:

  • Effectiveness so far
  • Achievement of aims
  • Future of the NIS Regulations


Key findings from the report

Unfortunately, the long-term effects are not yet clear. In the two years since the regulations were published, organisations have taken measures to secure networks and data. These steps have been taken not only to meet the regulations but also to meet the organisational objectives. With this in mind, it is assessed that the UK’s critical national infrastructure (CNI) is now more secure.

It is clear from the PIR that further action is needed. Organisational security and the nation’s security are potentially at stake. The recent cyber attack on Elexon stands as evidence for this [3].

The threat to our CNI is described as ‘significant’ – this should not be taken lightly.

Whilst security is likely to have improved since 2018, more effort is required from OES and RDSP’s to ensure they meet the NIS Regulations. The PIR confirms that bolstering our national cyber defences will take a firm and ongoing effort. In the words of the PIR, “there is still room for further improvement.”

To view the full review, click here.


How Arcanum can help

Arcanum is certified by the National Cyber Security Centre (NCSC) for Risk Assessment and Risk Management. We have provided expert security advice for over 10 years and support OES to comply with the NIS Regulations.  Arcanum has experience of carrying out assessments using The Cyber Assessment Framework (CAF). We can guide you through the process from start to finish.

Arcanum an expert at assisting organisations to prioritise and manage security risks. All of our cyber security consultants are highly experienced professionals and hold security clearances.

Read more about the NIS Regulations.

Get in touch today by calling 01558 669140, alternatively, you can email:


[1] UK Government Publishing Service – NIS Regulations PIR

[2] The NIS Regulations 2018

[3] – Elexon Cyber Attack