EU NIS Representative

EU NIS Representative

The NIS Directive (Directive on the security of network and information systems) was introduced to ensure a high level of network and information systems security across critical infrastructure organisations in the EU, making sure that essential services remain available in all but the most severe circumstances.

You need to consider appointing a NIS Directive representative if you are an OES (operator of essential services) or a DSP (digital service provider). Both OES and DSPs are subject to reporting obligations under the NIS Directive. This service helps organisations meet those obligations.

Enquire today
Price: £0.00
Excluding VAT

Who needs a representative?

OES (operators of essential services)

These are critical infrastructure organisations in the energy, transport, banking, financial market infrastructures, healthcare, water and digital infrastructure sectors.

DSPs (digital service providers)

DSPs provide specific types of digital services, operating as an online marketplace, online search engine and/or Cloud computing service.

Note that DSPs with fewer than 50 employees and an annual turnover of less than €10 million are exempt.

Appointing a NIS Directive representative

OES and DSPs that are not established in the EU but provide services within the EU that fall within the scope of the Directive must appoint a NIS Directive representative. The representative must be based in an EU member state in which the OES or DSP offers those services.

Our EU NIS Representative service is delivered by our sister company IT Governance Europe Ltd based in the Republic of Ireland.

As your NIS Directive representative, we will:

  • Register as your representative with the appropriate competent authority;
  • Act as your point of contact with your competent authority;
  • Act on your behalf as liaison for incident reporting to your competent authority for up to three incidents per annum;
  • Act as the initial point of contact for communications received from a competent authority regarding data privacy incidents or other NIS Directive-related enquiries;
  • Act as the initial point of contact for communications received from individuals regarding a specific security incident or other NIS Directive-related enquiries; and
  • Assist with the wording of informative communications with customers, clients and other stakeholders regarding any notifiable security incidents.

Download the service description.

Service pricing

How much does our service cost?


up to 250





£3,000 fixed annual fee

£4,000 fixed annual fee

£6,000 fixed annual fee

We also offer UK NIS Representative services. Depending on where your organisation operates, you may be required to appoint both an EU NIS Directive and a UK NIS Regulations representative.


Single-entity organisations with 1–500 employees are eligible for this service. As your NIS Directive representative, we will assist you with reporting up to three incidents per annum. Assistance with additional reporting can be provided at £200 per hour.

Why choose us?

We have an in-depth understanding of the NIS Directive requirements and how they should be met.

Our specialist team of experienced data protection officers and lawyers has extensive data protection and information security management expertise, both in the EU and globally.

Buy now, pay later

Enjoy the benefits of paying by purchase order with an GRCI Law corporate account. Apply online today or call our service centre team on +44 (0)333 900 5555

Learn more

Stay in touch

Stay up to date with the latest industry news on our blog.

Visit our blog

Follow us on social media


Speak to an expert

If you have any queries or you’re unsure of how to progress, please get in touch with our team of experts who will be able to assist with your enquiry and provide guidance options.

Enquire today