ICO Applauds UK Cybersecurity Legislation but Seeks Guidance, Resources
Given the rise in significant cyber incidents caused by complex digital service supply chains, the U.K. government's new Cyber Security and Resilience (Network and Information Systems) Bill is welcome but needs more clarity, the ICO said Tuesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The privacy watchdog is the designated authority responsible for regulating relevant digital service providers, such as cloud computing services, online marketplaces and search engines, under the Network and Information Systems (NIS) Regulations 2018, it noted.
That role "closely aligns to our role as the UK regulator of data protection," it said. Both sets of regulation "help people trust that their data is secure and that key digital services remain available."
Key business functions increasingly rely on managed service providers for support, infrastructure management, cybersecurity and networking, the DPA said. Managed service providers are similar to digital service providers, helping the digital world function through unique access to their clients' IT services, network and data.
Broadening the ICO's scope to regulate relevant managed services providers, as set out in the bill, "is a natural progression and should better protect a broader range of services from cyber-attacks," the DPA said.
It warned, however, that regulating complicated and interdependent supply chains "will remain a challenge, even with our new powers." It called for more clarification and guidance on and resources for its expanded functions and powers.