Statutory Instruments
2019 No. 1444
Exiting The European Union
Electronic Communications
The Network and Information Systems (Amendment etc.) (EU Exit) (No. 2) Regulations 2019
Sift requirements satisfied
30th October 2019
Made
31st October 2019
Laid before Parliament
4th November 2019
Coming into force in accordance with regulation 1
The Secretary of State makes these Regulations in exercise of the powers conferred by section 8(1) of, and paragraph 21(b) of Schedule 7 to, the European Union (Withdrawal) Act 2018( 1 ).
The requirements of paragraph 3(2) of Schedule 7 to that Act (relating to the appropriate Parliamentary procedure for these Regulations) have been satisfied.
Citation, commencement and interpretation
1. —(1) These Regulations may be cited as the Network and Information Systems (Amendment etc.) (EU Exit) (No. 2) Regulations 2019.
(2) These Regulations come into force on the twentieth day after exit day.
(3) In these Regulations—
(a) “the NIS Regulations” means the Network and Information Systems Regulations 2018( 2 );
(b) “the 2019 Regulations” means the Network and Information Systems (Amendment etc.) (EU Exit) Regulations 2019( 3 ).
PART 1 Amendments to retained EU law
Amendments of the NIS Regulations
2. —(1) The NIS Regulations are amended as follows.
(2) In regulation 1(2), after “relevant law-enforcement authority” insert—
“ “representative” means any natural or legal person established in the United Kingdom who is able to act on behalf of a digital service provider established outside the United Kingdom with regard to its obligations under these Regulations; and ” .
(3) After regulation 14 insert—
“ Representatives of digital service providers established outside the United Kingdom
14A. —(1) This regulation applies to any digital service provider which—
(a) has its head office outside the United Kingdom, but which offers digital services within the United Kingdom; and
(b) is not a small or micro enterprise as defined in Commission Recommendation 2003/361/EC ( 4 ) .
(2) The digital service provider must—
(a) nominate in writing a representative in the United Kingdom; and
(b) notify the Information Commissioner of the name and contact details of that representative.
(3) The digital service provider must comply with paragraph (2)—
(a) in the case of a provider which is offering digital services within the United Kingdom on the coming into force date of these regulations, within three months of the date on which these regulations come into force; or
(b) in any other case, within three months of the provider first offering digital services in the United Kingdom.
(4) The Information Commissioner or GCHQ may contact the representative instead of or in addition to the digital service provider for the purposes of ensuring compliance with these Regulations.
(5) A nomination under paragraph (1) is without prejudice to any legal action which could be initiated against the nominating digital service provider. ”
Revocation of Regulation (EU) 2019/881
3. Regulation (EU) 2019/881 of the European Parliament and of the Council of 17th April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) is revoked.
PART 2 Amendment of the 2019 Regulations
Amendment of the 2019 Regulations
4. In the Schedule to the 2019 Regulations, in paragraph 11(b), for “paragraphs (10) and (11)” substitute “paragraph (10)”.
Matt Warman
Minister for Digital and Broadband
Department for Digital, Culture, Media and Sport
31st October 2019
S.I. 2018/506 . This instrument was amended by S.I. 2018/629 .
Commission Recommendation concerning the definition of micro, small and medium-sized enterprises (OJ No. L 124, 20.5.2003, p. 36).