Cyber security remains in the public eye this year with multiple incidents and vulnerabilities reported. Energy companies are developing and updating their cyber security response plans to reflect the increased legal, operational and technical risks they are facing.
The evolution of the threat has not escaped the attention of governments around the world. 2018 will see the implementation of the Network and Information Security Directive (NISD) as well as the General Data Protection Regulation (GDPR) in the EU. The NISD, which is coming into force in May, will require energy companies to ensure that their network and information systems meet minimum standards of cyber security. In the UK, the National Cyber Security Centre (NCSC) has recently issued detailed guidance on the compliance requirements of NISD.
The contents of this publication, current at the date of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2020