http://www.legislation.gov.uk/id/ukpga/2003/21

http://www.legislation.gov.uk/ukpga/2003/21/section/105A

Communications Act 2003

An Act to confer functions on the Office of Communications; to make provision about the regulation of the provision of electronic communications networks and services and of the use of the electro-magnetic spectrum; to make provision about the regulation of broadcasting and of the provision of television and radio services; to make provision about mergers involving newspaper and other media enterprises and, in that connection, to amend the Enterprise Act 2002; and for connected purposes.

text

text/xml

Statute Law Database

2024-04-10

Expert Participation

2024-04-06

Communications Act 2003

specified provision(s)

The Office of Communications Act 2002 (Commencement No. 3) and Communications Act 2003 (Commencement No. 2) Order 2003

art. 1(3)

Communications Act 2003

s. 368E(5)(d)

(e)

Digital Economy Act 2017

s. 94(3)

s. 118(6)

Communications Act 2003

s. 148A and cross-heading

Product Security and Telecommunications Infrastructure Act 2022

s. 73(2)

s. 79(2)

Communications Act 2003

s. 402(2A)(za)

(zb)

Product Security and Telecommunications Infrastructure Act 2022

Sch.

para. 2

s. 79(2)

Communications Act 2003

Sch. 3A

para. 21(6)

Product Security and Telecommunications Infrastructure Act 2022

Sch.

para. 3(5)(b)

s. 79(2)

Communications Act 2003

Sch. 3A

para. 37(3)(aza)

Product Security and Telecommunications Infrastructure Act 2022

Sch.

para. 3(9)

s. 79(2)

Communications Act 2003

Sch. 3A

para. 84(1)(aza)

Product Security and Telecommunications Infrastructure Act 2022

Sch.

para. 3(10)

s. 79(2)

Communications Act 2003

Sch. 3A

para. 103(1)(ca)

Product Security and Telecommunications Infrastructure Act 2022

s. 70

s. 79(2)

Communications Act 2003

Sch. 3A

para. 119A

Product Security and Telecommunications Infrastructure Act 2022

s. 72

s. 79(2)

Communications Act 2003

Sch. 3A

Pt. 4ZA

Product Security and Telecommunications Infrastructure Act 2022

s. 67(1)

s. 79(2)

Communications Act 2003

s. 124Q(7)(a)

Crime and Courts Act 2013

Sch. 9

para. 52

s. 61(3)

Communications Act 2003

specified provision(s)

Office of Communications Act 2002 (Commencement No. 3) and Communications Act 2003 (Commencement No. 2) (Amendment) Order 2004

art. 2

Communications Act 2003

specified provision(s)

Office of Communications Act 2002 (Commencement No. 3) and Communications Act 2003 (Commencement No. 2) (Amendment No. 2) Order 2004

art. 2

Communications Act 2003

specified provision(s)

Office of Communications Act 2002 (Commencement No. 3) and Communications Act 2003 (Commencement No. 2) (Amendment No. 3) Order 2004

art. 2

Part 2Networks, services and the radio spectrum

Chapter 1Electronic communications networks and services

F2Security of public electronic communications networks and services

Annotations:

Amendments (Textual)

Ss. 105A-105D and cross-heading inserted (26.5.2011) by The Electronic Communications and Wireless Telegraphy Regulations 2011 (S.I. 2011/1210), reg. 1(2), Sch. 1 para. 65 (with Sch. 3 para. 2)

105AF1Duty to take security measures

1

The provider of a public electronic communications network or a public electronic communications service must take such measures as are appropriate and proportionate for the purposes of—

a

identifying the risks of security compromises occurring;

b

reducing the risks of security compromises occurring; and

c

preparing for the occurrence of security compromises.

2

In this Chapter “security compromise”, in relation to a public electronic communications network or a public electronic communications service, means—

a

anything that compromises the availability, performance or functionality of the network or service;

b

any unauthorised access to, interference with or exploitation of the network or service or anything that enables such access, interference or exploitation;

c

anything that compromises the confidentiality of signals conveyed by means of the network or service;

d

anything that causes signals conveyed by means of the network or service to be—

i

lost;

ii

unintentionally altered; or

iii

altered otherwise than by or with the permission of the provider of the network or service;

e

anything that occurs in connection with the network or service and compromises the confidentiality of any data stored by electronic means;

f

anything that occurs in connection with the network or service and causes any data stored by electronic means to be—

i

lost;

ii

unintentionally altered; or

iii

altered otherwise than by or with the permission of the person holding the data; or

g

anything that occurs in connection with the network or service and causes a connected security compromise.

3

But in this Chapter “security compromise” does not include anything that occurs as a result of conduct that—

a

is required or authorised by or under an enactment mentioned in subsection (4);

b

is undertaken for the purpose of providing a person with assistance in giving effect to a warrant or authorisation that has been issued or given under an enactment mentioned in subsection (4);

c

is undertaken for the purpose of providing a person with assistance in exercising any power conferred by or under prison rules; or

d

is undertaken for the purpose of providing assistance to a constable or a member of a service police force (acting in either case in that capacity).

4

The enactments are—

a

the Investigatory Powers Act 2016;

b

Part 1 of the Crime and Courts Act 2013;

c

the Prisons (Interference with Wireless Telegraphy) Act 2012;

d

the Regulation of Investigatory Powers Act 2000;

e

the Regulation of Investigatory Powers (Scotland) Act 2000;

f

the Intelligence Services Act 1994;

g

any other enactment (whenever passed or made) so far as it—

i

makes provision which is in the interests of national security;

ii

has effect for the purpose of preventing or detecting crime or of preventing disorder; or

iii

makes provision which is in the interests of the economic well-being of the United Kingdom so far as those interests are also relevant to the interests of national security.

5

In this section—

“connected security compromise” means—
1. a
  in relation to a public electronic communications network, a security compromise that occurs in relation to another public electronic communications network or a public electronic communications service;
2. b
  in relation to a public electronic communications service, a security compromise that occurs in relation to a public electronic communications network or another public electronic communications service;
“crime” and “detecting crime” have the same meanings as in the Investigatory Powers Act 2016;
“prison rules” means any rules made under—
1. a
  section 47 of the Prison Act 1952;
2. b
  section 39 of the Prisons (Scotland) Act 1989; or
3. c
  section 13 of the Prison Act (Northern Ireland) 1953;
“service police force” means—
1. a
  the Royal Navy Police;
2. b
  the Royal Military Police; or
3. c
  the Royal Air Force Police;
“signal” has the same meaning as in section 32.