NIS Directive compliance


The EU Directive on security of network and information systems (NIS Directive) requires operators of essential services and digital service providers to implement appropriate security measures to protect, and ensure the continuity of, services that are essential to the national infrastructure.

The Directive entered into force in August 2016. EU member states – including the UK – have until May 2018 to translate it into national laws, and a further six months to identify the "operators of essential services and digital service providers" it applies to.

This page links to everything you need to comply with the NIS Directive.




For general information about the NIS Directive, visit our dedicated NIS Directive page >>


Products and services

The NIS Directive states that "Member States shall [...] encourage the use of European or internationally accepted standards and specifications relevant to the security of network and information systems."

The only relevant international standards are ISO 27001 and ISO 22301, which we’ve been helping organisations implement for over a decade.

Here are a few ways we can help meet your NIS Directive compliance needs.


  • Software

    The NIS Directive states that, for operators of essential services and digital service providers alike, technical and organisational security measures should be appropriate and proportionate to identified risks.

    vsRisk™ is the industry-leading ISO 27001-compliant risk assessment tool.

    Click here for more information about vsRisk >>


Contact us

To discuss your ISO 27001 requirements, please call us on 00 800 48 484 484 or email