UK NIS Representative

Who needs a representative?

You need to consider appointing a NIS Regulations representative if you are an OES (operator of essential services) or a DSP (digital service provider). Both OES and DSPs are subject to reporting obligations under the NIS Regulations. This service helps organisations meet those obligations.

OES (operators of essential services)

These are critical infrastructure organisations in the energy, transport, healthcare, water and digital infrastructure sectors.

DSPs (digital service providers)

DSPs provide specific types of digital services, operating as an online marketplace, online search engine and/or Cloud computing service.

Note that DSPs with fewer than 50 employees and an annual turnover of less than €10 million (about £8.6 million) are exempt.

Appointing a NIS Regulations representative

OES and DSPs that are not established in the UK but provide services within the UK that fall within the scope of the Regulations must appoint a UK-based NIS Regulations representative. The deadline for appointing a representative was 31 March 2021.

GRCI Law can operate as your NIS Regulations representative for a fixed annual fee. As your UK NIS Regulations representative, we will:

•  Register as your representative with the appropriate competent authority (which varies depending on your sector);
•  Act as your point of contact with your competent authority;
•  Act on your behalf as liaison for incident reporting to the relevant competent authority for up to three incidents per annum;
•  Act as the initial point of contact for communications received from a competent authority regarding data privacy incidents or other NIS Regulations-related enquiries;
•  Act as the initial point of contact for communications received from individuals regarding a specific security incident or other NIS Regulations-related enquiries; and
•  Assist with the wording of informative communications with customers, clients and other stakeholders regarding any notifiable security incidents.

 Download the service description.

We also offer an EU NIS Directive Representative service. Depending on where your organisation operates, you may be required to appoint both a UK NIS Regulations and an EU NIS Directive representative.

Conditions

Single-entity organisations with 1–500 employees are eligible for this service. As your NIS Regulations representative, we will assist you with reporting up to three incidents per annum. Assistance with additional reporting will be provided at £200 per hour.