The UK government has laid the new Electronic Communications (Security Measures) Regulations 2022 in Parliament, along with a draft Telecommunications Security Code of Practice. The regulations and draft code are intended to address risks to the security of the UK’s public telecoms networks and services. They have been developed in conjunction with the National Cyber Security Centre and Ofcom.
The Electronic Communications (Security Measures) Regulations come into force on 1 October 2022. They set out specific security measures that public telecoms providers need to take in addition to the overarching legal duties in sections 105A and 105C of the Communications Act 2003 (as amended by the Telecommunications (Security) Act 2021). These measures are designed to ensure that public networks and services are following appropriate and proportionate security practices.
Public telecoms providers failing to comply with the regulations could face fines of up to ten per cent of turnover or, in the case of a continuing contravention, £100,000 per day. Ofcom will monitor and enforce public telecoms providers’ compliance with the regulations.
The draft code of practice contains guidance on how providers can comply with the regulations. It sets out what good telecoms security looks like, explaining key concepts underpinning the regulations and specific technical guidance measures that can be taken by providers to demonstrate compliance with their legal obligations.
The draft code has been laid in Parliament under the requirement in section 105F of the Communications Act 2003. It will remain in draft for Parliamentary scrutiny for forty sitting days, after which the government plans to issue and publish the code of practice.