Security of Network and Information Systems Directive If your organisation provides water, upstream or downstream energy, digital services, transport or healthcare in the EU, the NIS Directive1 affects you. Providers of the essential services that allow a country to function make highly attractive targets for cyber attack.
In May 2018 the UK and other EU nations adopted the EU Network and Information Services Directive (NIS)2 for infrastructure providers to defend against and report attacks.
Request more information
To comply with the Directive - which became UK law in May 2018 - the UK government is encouraging providers3 of essential services and infrastructure to:
  • Adopt 14 high level security principles ranging from governance, through to supply chain and pro-active security monitoring
  • Maintain an incident response regime to separate reporting procedures to relevant authorities of breaches and incidents
  • Be aware of a penalty regime that can administer fines of up to £17m in the most serious cases
The UK Government has confirmed that any exit from the EU will not affect this legislation and regulatory regime.

How we help - Security of Network and Information Systems Directive:


Mobilising your NIS security programme

The NIS Cyber Assessment Framework was released in Spring 2018, with the high level principles being published before this. Proactive organisations should review their current position against these new requirements.
Competent Authorities appointed as a result of the Directive will be able to issue penalties from May where significant compliance problems have been found and it is clear the organisation is not making active efforts to address the problem.
BAE Systems can help you understand where you are in relation to the Framework’s principles, and build a programme to ensure your organisation is in the best possible position to ensure compliance and demonstrate progress with the full framework, published in April 2018.


Security Monitoring

BAE Systems Managed Security Services (MSS) helps you meet the Security Monitoring and Proactive Security Event Discovery requirements of the new NIS Directive framework. We enhance and develop our customers’ security operations in line with their particular challenges and security objectives. Our security monitoring services include:
  • Intelligence led and threat focused detection and response
  • Proactive threat hunting for insider and external threats
  • Industry leading detection analytics
  • Accuracy and speed of response through machine accelerated human decisions
  • Complete infrastructure coverage from endpoint to cloud
  • Access to The latest technology techniques and processes, all supported by our experienced staff
All services are delivered by dedicated 24x7 UK-based Security Operations Centre. We’ve defended the networks, data and devices of governments and commercial customers for 40 years – find out how our Managed Security Services can bring that scale, knowledge and capability to your defence.
View Managed Security Services

Incident Response

When a successful cyber attack hits your network and business processes, we are here to support you. Our cyber incident response teams will help you meet the requirements for Response and Recovery Planning, and has deep technical expertise so that root causes are identified and appropriate remediating action is taken. We help organisations with:
  • Board-level cyber exercises
  • Cyber incident response planning
  • Retained, service-level backed, Incident Response services
Find out more about our NCSC-certified Incident Response service.
View Cyber Technical Services


Supply Chain Assurance

The legislation will require you to understand and manage security risks within your supply chain that may harm the essential services you provide.

Our Supply Chain Assurance services help you identify your critical suppliers, conduct a proportionate level of assessment, and manage and remedial activities on your behalf in an manner that focuses on outcomes. Understand your supply chain and risk exposure.
View Supply Chain Assurance


Ready to talk? Get in touch today to speak to our experts and discuss how we can help your organisation.

Contact us

Stay informed

Please tick the boxes below to opt-in to receive our latest email updates.
Thank you for your subscription.
Further information on the NIS Directive:
1National Cyber Security Centre website: Introduction to the NIS Directive
2European Commission website: The Directive on Security of Network and Information Systems (NIS Directive)
3UK Government website: Government acts to protect essential services from cyber attack

Contact our Experts

A member of our sales team can help you today. Email:

Americas Sales: +1 720 696 9830   |   Europe Sales: +44 (0) 330 158 3627   |   Middle East Sales: +44 (0) 330 158 3627
Australia Sales: +61 290 539 330   |   Malaysia Sales: +60 327 309 390   |   Singapore Sales: +65 6951 2440