Powered by Lexis+®
Jurisdiction(s):
United Kingdom
United Kingdom
View all Glossary Terms Related Content
CASE STUDY
“Although cost was an important factor, our relationship with LexisNexis, their responsiveness, flexibility, and the integration available with other products were key factors.”
Irwin MitchellAccess all documents on OESs
OESs meaning
Published by a LexisNexis Information Law expert
What does OESs mean?
In practice, OESs are “operators of essential services”: organisations that run critical services whose disruption would have significant impact. The term is defined in legislation (UK: Network and Information Systems Regulations 2018; Ireland: European Union (Measures for a High Common Level of Security of Network and Information Systems) Regulations 2018). An entity is an OES when designated by the competent authority for operating in the sectors listed (UK: Sch 2) and meeting applicable thresholds.
Covered sectors/subsectors include:
- energy (electricity, oil, gas)
- transport (air, rail, water, road)
- healthcare (including hospitals, private clinics and healthcare settings)
- drinking water supply and distribution
- digital infrastructure (internet exchange points (IXPs), DNS service providers and TLD registries)
Key legal features: OESs must implement appropriate and proportionate technical and organisational measures, manage network and information systems risks, and notify without undue delay incidents significantly affecting service continuity. They are subject to supervision and enforcement, including penalties.
Usage is consistent across England & Wales, Scotland and Northern Ireland. Ireland’s regime mirrors the NIS Directive with equivalent sectors and duties, though specific thresholds and competent authorities may differ. Digital service providers are regulated separately and not OESs.
Speed up all aspects of your legal work with tools that help you to work faster and smarter. Win cases, close deals and grow your business–all whilst saving time and reducing risk.
View the related Practice Notes about OESs
PRACTICE NOTES
UK NIS Regulations 2018: scope, duties and enforcement for operators of essential services and relevant digital service providers, incident reporting, competent authorities, Brexit amendments and forthcoming reform
This Practice Note outlines the Network and Information Systems Regulations 2018 (NIS Regulations), SI 2018/506, which gave effect in the UK to the Network and Information Systems Directive (the NIS Directive), Directive (EU) 2016/1148. The NIS Regulations, as modified by a range of Brexit instruments, remain in force domestically. It explains the context and objectives of the regime, together with the duties placed on operators of essential services (OESs) and relevant digital service providers (RDSPs) under the NIS Regulations and the linked Assimilated Regulation (EU) 2018/151 (Assimilated DSP Regulation), insofar as it concerns RDSPs. Background to the NIS Directive The NIS Directive—also referred to as the Cybersecurity Directive or the Network and Information Security Directive—was passed by the European Parliament on 6 July 2016. EU Member States (including, at that time, the UK) were required to transpose the directive into national law by 9 May 2018. Emerging from the EU’s Cybersecurity Strategy to foster an open, safe and secure cyberspace, it constituted the first set of EU-wide cybersecurity...
22 May
Read More 
PRACTICE NOTES
UK energy sector Operators of Essential Services (OES) designation under the NIS Regulations 2018: electricity, gas and oil thresholds, scope and post-Brexit context
Status of EU directives following Brexit Retained EU law (‘REUL’) refers to the bundle of EU‑sourced rights and rules that the UK kept after Brexit. It is a term defined in the European Union (Withdrawal) Act 2018 (EU(W)A 2018) and denotes the corpus of EU‑derived legislation that was preserved and converted into UK domestic law when the European Communities Act 1972 was repealed. From 1 January 2024, under the Retained EU Law (Revocation and Reform) Act 2023, REUL that continues to apply is labelled ‘assimilated law’. This re‑labelling, including associated terminology, signals a shift in its standing and handling within the UK system: it should be read through ordinary domestic legal principles. Accordingly, from 1 January 2024, REUL is treated as ‘assimilated’ because, in the main, EU‑specific interpretive effects no longer apply (eg the supremacy of EU law, directly effective rights, and the general principles that had previously been preserved under the EU(W)A 2018). For additional detail, see Practice Note: Assimilated law. EU directives sit outside the ambit of...
22 May
Read More 
