United Kingdom: Published updated Network and Information Systems (NIS) Guidance on incident reporting thresholds for the digital infrastructure subsector

On 31 May 2023, the UK Office of Communications (Ofcom) published the updated Network and Information Systems (NIS) Guidance for the Digital Infrastructure Sector. The primary objective of the introduced changes is to reduce the cybersecurity incident reporting thresholds for Operators of Essential Services (OES). Ofcom believes that by lowering the thresholds, incidents affecting UK users will be more visible, enabling providers to identify significant cybersecurity and resilience vulnerabilities. The revised Guidance classifies cybersecurity incidents as "significant" if they endure for 15 minutes or longer and result in a network degradation of 25% or more.