- Latest available (Revised)
- Original (As made)
This is the original version (as it was originally made). UK Statutory Instruments are not carried in their revised form on this site.
65. Before the cross-heading immediately before section 106, insert—
105A.—(1) Network providers and service providers must take technical and organisational measures appropriately to manage risks to the security of public electronic communications networks and public electronic communications services.
(2) Measures under subsection (1) must, in particular, include measures to prevent or minimise the impact of security incidents on end-users.
(3) Measures under subsection (1) taken by a network provider must also include measures to prevent or minimise the impact of security incidents on interconnection of public electronic communications networks.
(4) A network provider must also take all appropriate steps to protect, so far as possible, the availability of the provider’s public electronic communications network.
(5) In this section and sections 105B and 105C—
“network provider” means a provider of a public electronic communications network, and
“service provider” means a provider of a public electronic communications service.
105B.—(1) A network provider must notify OFCOM—
(a)of a breach of security which has a significant impact on the operation of a public electronic communications network, and
(b)of a reduction in the availability of a public electronic communications network which has a significant impact on the network.
(2) A service provider must notify OFCOM of a breach of security which has a significant impact on the operation of a public electronic communications service.
(3) If OFCOM receive a notification under this section, they must, where they think it appropriate, notify—
(a)the regulatory authorities in other member States, and
(b)the European Network and Information Security Agency (“ENISA”).
(4) OFCOM may also inform the public of a notification under this section, or require the network provider or service provider to inform the public, if OFCOM think that it is in the public interest to do so.
(5) OFCOM must prepare an annual report summarising notifications received by them under this section during the year, and any action taken in response to a notification.
(6) A copy of the annual report must be sent to the European Commission and to ENISA.
105C.—(1) OFCOM may carry out, or arrange for another person to carry out, an audit of the measures taken by a network provider or a service provider under section 105A.
(2) A network provider or a service provider must—
(a)co-operate with an audit under subsection (1), and
(b)pay the costs of the audit.
105D.—(1) Sections 96A to 96C, 98 to 100, 102 and 103 apply in relation to a contravention of a requirement under sections 105A to 105C as they apply in relation to a contravention of a condition set under section 45, other than an SMP apparatus condition.
(2) The obligation of a person to comply with the requirements of section 105A to 105C is a duty owed to every person who may be affected by a contravention of a requirement, and—
(a)section 104 applies in relation to that duty as it applies in relation to the duty set out in subsection (1) of that section, and
(b)section 104(4) applies in relation to proceedings brought by virtue of this section as it applies in relation to proceedings by virtue of section 104(1)(a).
(3) The amount of a penalty imposed under sections 96A to 96C, as applied by this section, is to be such amount not exceeding £2 million as OFCOM determine to be—
(b)proportionate to the contravention in respect of which it is imposed.”
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made):The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
Explanatory Memorandum sets out a brief statement of the purpose of a Statutory Instrument and provides information about its policy objective and policy implications. They aim to make the Statutory Instrument accessible to readers who are not legally qualified accompany any Statutory Instrument or Draft Statutory Instrument laid before Parliament from June 2004 onwards.
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
Click 'View More' or select 'More Resources' tab for additional information including: