UK explains how NIS Directive will apply to digital service providers
The NIS Directive sets out measures designed to ensure critical IT systems in critical sectors of the economy like banking, energy, health and transport are secure. It will apply to operators of such "essential services" and to "digital service providers (DSP)".
DSPs are defined as being online marketplaces, online search engines or cloud computing service providers that normally provide their service "for remuneration, at a distance, by electronic means and at the individual request of a recipient of services".
The Directive, which must be implemented into national law across the EU by 9 May 2018, sets out security requirements and incident notification rules for DSPs which are different from those that apply to operators of essential services
The UK government finalised its plans for implementing the NIS Directive in respect of the rules for operators of essential services earlier this year. It has now opened a "targeted consultation" with digital service providers (12-page / 159KB PDF) to explain how the new Directive will apply to them in the UK. The consultation is open until 29 April.