Telecoms Security Act
The Telecoms Security Act came into force in November 2021. The law has introduced a stronger security framework for networks and services providers and tighter restrictions on the supply of services by "high risk vendors".
Using the powers granted to it under the Act, the UK government introduced the Electronic Communications (Security Measures) Regulations and Telecommunications Security Code of Practice in 2022, and a new set of Telecoms Security rules has seen a step-change in the expectations on the communications sector with respect to assessing and reducing risks of security compromises on networks and services.
The regulations and the Code of Practice have been developed in conjunction with the National Cyber Security Centre, who published guidance in 2018 regarding supply chain security, and Ofcom, the telecoms regulator. Ofcom have since published its own guidance on how it will exercise its functions in ensuring security compliance.
The Code of Practice gives guidance on how telecoms providers can comply with the regulations. It also takes into account the differences between the sizes of providers and how critical they are to the UK's network as a whole by using a three-tier system which ranks providers based on their annual revenue.
Tier 1 providers (companies caught by the Act with an annual revenue over £1bn) must implement the first set of regulation requirements by 31 March 2024. These requirements are generally seen as the most straightforward and least resource intensive measures (for example, maintaining accurate records of all externally-facing systems).
Although the implementation timeframes for Tier 2 (companies with annual revenue over £50m) and Tier 3 providers are further away than for Tier 1, this is in recognition that it may take these providers longer to achieve compliance. Suppliers who provide services or equipment to Tier 1 and Tier 2 providers also face a countdown to the looming deadlines, as providers will need to implement measures that relate to their supply chain.
In order to support with your ongoing compliance exercises, we have put together a number of insights, podcasts and webinar recordings which take a deeper dive into some of the key areas of the Telecoms Security framework.
How the UK Telecoms Security Act will impact suppliers to the telecoms sector
Impact of the Consumer Credit Act on the Communication sector