The Telecommunications (Security) Bill, as introduced to Parliament on 24 November 2020, will create new powers for the Secretary of State to make regulations requiring the UK’s providers of public electronic communications networks and services to take specified security measures to protect their networks and services (further to the strengthened overarching security duties set out in the Bill).
Specifically, the Bill amends the Communications Act 2003 to create the following new duties on providers:
- New section 105A, a duty to take appropriate and proportionate measures to identify and reduce the risks of security compromises, and to prepare for the occurrence of security compromises.
- New section 105B, a power for the Secretary of State to make regulations imposing duties to take specified security measures that the Secretary of State considers to be appropriate and proportionate for a purpose set out in new section 105A.
- New section 105C, a duty to take appropriate and proportionate measures in response to a security compromise. This includes measures to prevent, and remedy or mitigate, the adverse effects caused by a compromise.
- New section 105D, a power for the Secretary of State to make regulations imposing duties to take specified measures in response to a security compromise that the Secretary of State considers to be appropriate and proportionate for a purpose set out in new section 105C.
All aspects of the Telecommunications (Security) Bill, including the powers to issue regulations, are subject to Parliamentary approval.
The government has developed an early draft of a statutory instrument containing regulations that may be made using the powers under new sections 105B and 105D. This draft has been made available to illustrate how the government may use these new powers and to enable early engagement with providers, during the passage of the bill.
The draft statutory instrument is at an early stage and is subject to further change, including: changes that might be made to the Bill during its passage (as it reflects the powers contained in the Bill on its introduction); and/or changes based on further engagement with and feedback from providers.
A final statutory instrument will be laid in Parliament once the Bill receives Royal Assent. The regulations it contains will be enforced by Ofcom, the UK’s communications sector regulator.
Further information on the position of this secondary legislation in the new telecoms security framework and Ofcom’s role can be found in the Telecommunications (Security) Bill factsheets
Post expires at 12:07pm on Tuesday July 20th, 2021