The project will develop an empirically-grounded understanding of the role and impact of organizational cybersecurity culture and practice across essential infrastructure sectors on the UK’s implementation of the NIS directive. Through ﬁeldwork and subsequent analysis of the data and modelling of cybersecurity controls in the extensive Bristol Cyber Security testbed, we will uncover organizational and sectoral differences, for instance, in the way which people work, what technologies (software/hardware) are relied upon, what additional compliance requirements exist. This will yield key insights about the NIS objectives that are already achieved, the ones difﬁcult to effectively realize and potential blind spots arising from organizational cultures and sectoral practices. This will lead to an understanding of the drivers and potential obstructions to UK’s implementation of NIS across operators of essential infrastructures. To achieve this, the project brings together an inter-disciplinary team at the University of Bristol drawing upon expertise in socio-technical approaches to cybersecurity of critical national infrastructure, human and organizational aspects of security and social and regulatory aspects.