Last updated: 
3 months 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

NIS Directive - UK implementation published

Friday, April 27, 2018 - 09:36

The Govenment has published the Network and Information Security Regulations 2018, which will implement the EU NIS Directive in the UK from May 9th. The education sector is not covered by either law.

Where we might have been inadvertently captured was in the provisions for DNS Services. These cover both authoritative domain servers and DNS resolvers, and the thresholds originally proposed by the UK Government would have included large universities at least. Jisc helped DCMS to develop revised thresholds that more accurately reflect the Government's desired coverage. It seems highly unlikely that any university is authoritative for more than a quarter of a million subdomains or provides resolution for more than two million client IP addresses.

The Regulations permit DCMS to bring individual organisations into scope, even though their services fall below the numeric thresholds. It is possible that they may wish to do this for Jisc's operation of the .gov.uk domain. If so we are confident that measures already taken to bring that activity within the scope of our ISO27001 certification will satisfy the law’s requirements.

Thanks to the Jisc DNS team and the universities that provided us with statistics to inform the discussions with DCMS.