A new piece of legislation has been put forward in Parliament that sets out new legal duties on telecoms firms with the goal of increasing the security of the entire UK network. The Telecommunications (Security) Bill will give new powers to the government to remove high-risk vendors and increases Ofcom’s responsibilities in monitoring telecoms operator’s security measures. The aim is to protect the UK from hostile cyber activity from state actions or criminals. Companies that do not meet the new requirements if they are passed into law in the current drafting could face heavy fines of up to ten percent of turnover, or in on-going contravention of the new requirements, £100,000 per day. Ofcom will be given a new power to direct telecoms providers to take interim steps to address security gaps, and the DCMS Secretary of State will have powers to enforce compliance via designated vendors’ directions.
Currently, telecoms providers are responsible for setting their own security standards, however, the Telecoms Supply Chain Review updated July 2019, found that it was not sufficient incentive to adopt best security practices.
The Government is to launch a consultation with industry on the new framework before secondary legislation is laid before Parliament. Public consultation on the codes of practice will be held after Bill’s passage to assist with determining the new technical requirements and the timeframe for compliance.
The draft of the Bill can be found here.
Please contact Danny Preiskel if you have any questions about the Bill or the UK telecoms regulatory regime.