Powered by Lexis+®
Jurisdiction(s):
United Kingdom
United Kingdom
View all Glossary Terms Related Content
CASE STUDY
“LexisNexis is great as I can find the answers I am looking for really quickly. I believe that nothing should be more than 6 clicks away - and the products from LexisNexis deliver on this standard”
AvensureAccess all documents on RDSPs
RDSPs meaning
Published by a LexisNexis Information Law expert
What does RDSPs mean?
In practice, RDSPs are providers of certain digital services—online marketplaces, online search engines and cloud computing services—subject to the UK’s cyber security and incident reporting regime. “Relevant digital service provider” is a defined term in the Network and Information Systems Regulations 2018 (as amended). It captures providers established in the UK, and those offering such services into the UK via a designated UK representative. Micro and small enterprises are generally out of scope.
Key legal features include duties to implement appropriate and proportionate technical and organisational measures to manage risks to network and information systems, and to notify the Information Commissioner’s Office (ICO), as competent authority, without undue delay of incidents having a substantial impact. The ICO may seek information, audit compliance and issue enforcement notices or monetary penalties. The term is used across England & Wales, Scotland and Northern Ireland in cyber compliance programmes, supplier due diligence, contract drafting (allocation of NIS obligations) and regulatory investigations.
Ireland: the label “RDSP” is not used. Under the original NIS regime, “digital service providers” were regulated; under NIS2, providers of online marketplaces, search engines and cloud computing are regulated as essential/important entities by the designated competent authority. Substantive obligations are analogous.
Speed up all aspects of your legal work with tools that help you to work faster and smarter. Win cases, close deals and grow your business–all whilst saving time and reducing risk.
View the related Practice Notes about RDSPs
PRACTICE NOTES
UK NIS Regulations 2018: scope, duties and enforcement for operators of essential services and relevant digital service providers, incident reporting, competent authorities, Brexit amendments and forthcoming reform
This Practice Note outlines the Network and Information Systems Regulations 2018 (NIS Regulations), SI 2018/506, which gave effect in the UK to the Network and Information Systems Directive (the NIS Directive), Directive (EU) 2016/1148. The NIS Regulations, as modified by a range of Brexit instruments, remain in force domestically. It explains the context and objectives of the regime, together with the duties placed on operators of essential services (OESs) and relevant digital service providers (RDSPs) under the NIS Regulations and the linked Assimilated Regulation (EU) 2018/151 (Assimilated DSP Regulation), insofar as it concerns RDSPs. Background to the NIS Directive The NIS Directive—also referred to as the Cybersecurity Directive or the Network and Information Security Directive—was passed by the European Parliament on 6 July 2016. EU Member States (including, at that time, the UK) were required to transpose the directive into national law by 9 May 2018. Emerging from the EU’s Cybersecurity Strategy to foster an open, safe and secure cyberspace, it constituted the first set of EU-wide cybersecurity...
22 May
Read More 
PRACTICE NOTES
UK cybersecurity post-Brexit: NIS framework changes, RDSP representation and incident thresholds, eIDAS trust services, and EU-UK cooperation under the Trade and Cooperation Agreement
ARCHIVED : This Practice Note has been archived and is not maintained. This Practice Note examines how Brexit has influenced UK cybersecurity, with particular emphasis on the network and information systems legislation. It addresses: a snapshot of UK cybersecurity regulation before the end of the implementation period the origins of Directive (EU) 2016/1148, the Network and Information Systems Directive (NIS Directive), and how it was implemented in the UK the broad consequences of Brexit for the UK’s application of the NIS Directive what the end of the transition period means for relevant digital service providers (RDSPs) a summary of effects on qualified trust services under Regulation (EU) 910/2014 (the eIDAS Regulation) the impact of the transition’s end on UK–EU cooperation on cybersecurity The prominence of cybersecurity has been underlined by recent high-profile incidents affecting companies and public services. These have involved a wide array of attack techniques, drivers and targets, as explored further in Cybersecurity, threats and risk...
22 May
Read More 
