Managed Service Providers (MSPs) of the size of an SME may be subject to regulation of network and information systems (Network and Information Systems Regulations, or NIS) in the UK, as part of a government project to promote cyber security.

The NIS Directive governs IT security practices in the UK and EU. After Brexit, the UK can independently decide to make SMEs subject to the NIS Directive and eliminate the exemption hitherto granted to UK MSPs.

“The government recognizes the need to reduce the regulatory burden on small and micro businesses, especially in such a rapidly changing sector. However, recent events have highlighted the magnitude of risk that can be associated with managed service providers. could – regardless of their size”, says a consultation paper.

According to our colleague from The Register, all cloud companies are potentially affected. UK infrastructure firms face fines of £17m if their cyber security leaves something to be desired.

A government consultation has been launched. It will end on April 10.