Cyber update: what will Brexit mean for NIS and Digital Service Providers?
3 min to read

Cyber update: what will Brexit mean for NIS and Digital Service Providers?

Date
26 November 2019

As the UK moves glacially towards some form of Brexit, attention shifts towards EU cyber security regulations and the potential impact of Brexit on regulatory compliance of UK headquartered businesses.

What follows is based on information provided as part of the No Deal Brexit preparations by the UK Government. In the event of the new withdrawal agreement being fully ratified before Brexit, the UK will continue to operate as if still part of the EU during the implementation period, so the current arrangements will continue. It is also worth noting that the political declaration setting out the broad parameters for the future UK/EU relationship states in clauses 108-111 that it is intended that the UK will continue to participate in the EU institutions relevant to the Network and Information Systems (NIS) Directive. This may not go so far as to allow Digital Services Providers (DSPs) to avoid having a representative in either the UK or the EU if they do not have their business registered there. It also raises the consideration that the proposed new arrangements for Northern Ireland – to be implemented if the new UK/EU future relationship is insufficiently close to avoid a hard or any customs border – may raise the possibility that registration in Northern Ireland may satisfy the requirements of both the EU and the UK as described below.

In early October the Information Commissioner’s Office (ICO) issued letters to all registered relevant digital service providers (RDSP). These letters alerted those RDSPs to the fact that the NIS Directive require DSPs who offer qualifying services within the Union to have a registered representative in a Member State. With the UK leaving the Union their current registrations at the ICO will no longer be adequate for NIS compliance and so RDSPs are encouraged, if they wish to offer digital services in the Union after Brexit, to designate a representative in an alternative Member State.

On the other hand, on 25 October the UK Government issued guidance to organisations based in the EU who offer digital services to the UK. Brexit will mean that non-UK DSPs wishing to continue to provide digital services to UK users must appoint a representative in the UK and must register with the ICO. As an aside, whilst the UK Government guidance is focused on EU-based DSPs, we presume that the core message should apply to any non-UK based DSPs offering a qualifying digital service in the UK.

To read more on what happens next and where to look for assistance click here.

First published on twobirds.com.

Share
Written by
Simon Shooter
Simon Shooter
United Kingdom
I am the head of the firm's International Commercial Group, and I established the cyber-security team here in 2010. I am a commercial lawyer engaged in providing a full spectrum of legal support to clients for their day to day business.
View profile
Stephanie Lopes
Stephanie Lopes
Stephanie is a senior associate in Bird & Bird's Commercial practice in London where she advises clients on a wide range of commercial matters with a focus on IT, technology and data protection.
Related articles
Smart Contracts – Recognising and Addressing the Risks
4 min to read
29 December 2021
Smart Contracts – Recognising and Addressing the Risks
Smart contracts, where some or all of the contractual obligations are defined in and/or performed automatically by a computer program, are expected to have a significant impact on the way business is...
Technology Projects: Managing the Risks of Innovation and Change Part 3: Contract Reset and Dispute Resolution
Technology Projects: Managing the Risks of Innovation and Change Part 3: Contract Reset and Dispute Resolution
Customers in long-term technology projects can find that while they have been working towards their chosen solution a more advanced, cheaper, or simply more desirable technology has become available....
The EU’s Digital Services Package a global benchmark – a closer look at the Digital Markets Act.
27 min to read
17 December 2021
The EU’s Digital Services Package a global benchmark – a closer look at the Digital Markets Act.
On 15 December 2020, the European Commission published proposals for two regulations to regulate digital services, the Digital Services Act and the Digital Markets Act. According to the Commission's...
Digital dispute resolution rules to facilitate rapid and cost-effective resolution of disputes involving novel digital technologies
Digital dispute resolution rules to facilitate rapid and cost-effective resolution of disputes involving novel digital technologies
While some saw the development of products using blockchain technology leading to the demise of disputes, the reality is that disputes in the arena of digital technology are increasing in number. Lawtech’s...
Cookies
We use analytics cookies to help us understand if our website is working well and to learn what content is most useful to visitors. We also use some cookies which are essential to make our website work. You can accept or reject our analytic cookies (including the collection of associated data) and change your mind at any time. Find out more in our Cookie Notice.