Part 2Networks, services and the radio spectrum
Chapter 1Electronic communications networks and services
F2Security of public electronic communications networks and services
105AF1Duty to take security measures
1
The provider of a public electronic communications network or a public electronic communications service must take such measures as are appropriate and proportionate for the purposes of—
a
identifying the risks of security compromises occurring;
b
reducing the risks of security compromises occurring; and
c
preparing for the occurrence of security compromises.
2
In this Chapter “security compromise”, in relation to a public electronic communications network or a public electronic communications service, means—
a
anything that compromises the availability, performance or functionality of the network or service;
b
any unauthorised access to, interference with or exploitation of the network or service or anything that enables such access, interference or exploitation;
c
anything that compromises the confidentiality of signals conveyed by means of the network or service;
d
anything that causes signals conveyed by means of the network or service to be—
i
lost;
ii
unintentionally altered; or
iii
altered otherwise than by or with the permission of the provider of the network or service;
e
anything that occurs in connection with the network or service and compromises the confidentiality of any data stored by electronic means;
f
anything that occurs in connection with the network or service and causes any data stored by electronic means to be—
i
lost;
ii
unintentionally altered; or
iii
altered otherwise than by or with the permission of the person holding the data; or
g
anything that occurs in connection with the network or service and causes a connected security compromise.
3
But in this Chapter “security compromise” does not include anything that occurs as a result of conduct that—
a
is required or authorised by or under an enactment mentioned in subsection (4);
b
is undertaken for the purpose of providing a person with assistance in giving effect to a warrant or authorisation that has been issued or given under an enactment mentioned in subsection (4);
c
is undertaken for the purpose of providing a person with assistance in exercising any power conferred by or under prison rules; or
d
is undertaken for the purpose of providing assistance to a constable or a member of a service police force (acting in either case in that capacity).
4
The enactments are—
a
the Investigatory Powers Act 2016;
b
Part 1 of the Crime and Courts Act 2013;
c
the Prisons (Interference with Wireless Telegraphy) Act 2012;
d
the Regulation of Investigatory Powers Act 2000;
e
the Regulation of Investigatory Powers (Scotland) Act 2000;
f
the Intelligence Services Act 1994;
g
any other enactment (whenever passed or made) so far as it—
i
makes provision which is in the interests of national security;
ii
has effect for the purpose of preventing or detecting crime or of preventing disorder; or
iii
makes provision which is in the interests of the economic well-being of the United Kingdom so far as those interests are also relevant to the interests of national security.
5
In this section—
“connected security compromise” means—
- a
in relation to a public electronic communications network, a security compromise that occurs in relation to another public electronic communications network or a public electronic communications service;
- b
in relation to a public electronic communications service, a security compromise that occurs in relation to a public electronic communications network or another public electronic communications service;
- a
“crime” and “detecting crime” have the same meanings as in the Investigatory Powers Act 2016;
“prison rules” means any rules made under—
- a
section 47 of the Prison Act 1952;
- b
section 39 of the Prisons (Scotland) Act 1989; or
- c
section 13 of the Prison Act (Northern Ireland) 1953;
- a
“service police force” means—
- a
the Royal Navy Police;
- b
the Royal Military Police; or
- c
the Royal Air Force Police;
- a
“signal” has the same meaning as in section 32.
Ss. 105A-105D and cross-heading inserted (26.5.2011) by The Electronic Communications and Wireless Telegraphy Regulations 2011 (S.I. 2011/1210), reg. 1(2), Sch. 1 para. 65 (with Sch. 3 para. 2)