Designated OES
Or cascading obligations.
Clear on what's required?

As an Operator of Essential Services, your obligations under NIS or NIS2 depend on whether you operate in the UK or Europe. NIS2 has significantly broadened scope and tightened requirements across the EU. The UK is following suit, the Cyber Security and Resilience Bill is currently making its way through Parliament.

The landscape is moving fast. Knowing what applies to your asset, at what stage, and what compliance actually requires is not straightforward. Most project teams are stretched and it doesn't get the attention it needs. The risk isn't just regulatory. It's the moment a financier or insurer asks a question you can't answer.

Creating a resilient OT architecture doesn't have to be scary. A well planned, secure by design approach, following recognised standards and robust governance frameworks, will keep the competent authorities satisfied and your asset protected.

The frameworks exist for a reason. IEC 62443, CAF, NIST and NIS2 aren't obstacles, they're your roadmap. Applied correctly, with the right governance in place, they demonstrate exactly what regulators, financiers and insurers need to see.

The alternative? Non-compliance penalties under NIS2 reach £10M or 2% of global revenue, whichever is higher. The cost of getting it right is a fraction of the cost of getting it wrong.

Every offshore wind asset has a unique OT environment. Different vendors, different supply chain relationships, different remote access arrangements, different operational priorities. Understanding that ecosystem is the starting point for any credible cyber security strategy.

ODiGE brings 19 years of OT expertise and genuine asset-level understanding to your project. We know what good looks like across the vendor landscape, where the real risk sits, and how to build a strategy that focuses your resources effectively. Not unlimited effort applied everywhere. Targeted, proportionate, defensible, and built around the specific reality of your asset.