http://www.legislation.gov.uk/id/ukpga/2003/21

Part 2Networks, services and the radio spectrum

Chapter 1Electronic communications networks and services

Security of public electronic communications networks and services

F1105UEnforcement of security duties: proposal for interim steps

(1)

This section applies where—

(a)

OFCOM determine that there are reasonable grounds for believing that the provider of a public electronic communications network or a public electronic communications service is contravening or has contravened a duty imposed by or under any of sections 105A to 105D;

(b)

OFCOM either have not commenced, or have commenced but not completed, enforcement action in connection with the contravention;

(c)

OFCOM determine that there are reasonable grounds for believing that either or both of the following conditions are met—

(i)

a security compromise has occurred as a result of the contravention;

(ii)

there is an imminent risk of a security compromise or (as the case may be) a further security compromise occurring as a result of the contravention; and

(d)

OFCOM determine that, having regard to the seriousness or likely seriousness of the security compromise or security compromises mentioned in paragraph (c), it is reasonable to require the provider to take interim steps pending the completion by OFCOM of enforcement action in connection with the contravention.

(2)

OFCOM may give a notification to the provider that—

(a)

sets out the determinations mentioned in subsection (1);

(b)

specifies the interim steps that OFCOM think the provider should be required to take pending the completion by OFCOM of enforcement action in connection with the contravention; and

(c)

specifies the period during which the provider has an opportunity to make representations about the matters notified.

(3)

In this section and section 105V—

(a)

references to the commencement by OFCOM of enforcement action in connection with a contravention are to the giving of a notification under section 96A (as applied by section 105S) in respect of the contravention; and

(b)

references to the completion by OFCOM of enforcement action in connection with a contravention are to the taking of action under section 96C(2)(a) or (b) (as applied by section 105S) in connection with the contravention.

(4)

In this section “interim steps” means—

(a)

in a case where OFCOM determine that there are reasonable grounds for believing that the condition in subsection (1)(c)(i) is met, steps to—

(i)

prevent adverse effects (on the network or service or otherwise) arising from the security compromise;

(ii)

remedy or mitigate any adverse effects on the network or service arising from the security compromise;

(b)

in a case where OFCOM determine that there are reasonable grounds for believing that the condition in subsection (1)(c)(ii) is met, steps to—

(i)

eliminate or reduce the risk of the security compromise or (as the case may be) the further security compromise occurring;

(ii)

prevent adverse effects (on the network or service or otherwise) arising from the security compromise or (as the case may be) the further security compromise in the event it occurs.