AuditU.K.
4(1)OFCOM may give the provider of a regulated service a notice (an “audit notice”) requiring the provider to permit OFCOM to carry out an audit—
(a)to assess whether the provider has complied or is complying with enforceable requirements that apply in respect of the service, or
(b)to assess—
(i)the nature and level of risk of the provider failing to comply with an enforceable requirement that applies in respect of the service, and
(ii)ways to mitigate such a risk.
(2)An audit notice may require the provider to take any of the following actions for a purpose mentioned in sub-paragraph (1)—
(a)to permit an authorised person to enter and inspect specified premises;
(b)to permit an authorised person to observe the carrying on of the regulated service at the premises;
(c)to direct an authorised person to documents on the premises that are of a specified description;
(d)to assist an authorised person to view information of a specified description that is capable of being viewed using equipment or a device on the premises;
(e)to assist an authorised person to view, using equipment or a device on the premises, information demonstrating in real time the operation of systems, processes or features of a specified description, including functionalities or algorithms of a specified description;
(f)to assist an authorised person to view, using equipment or a device on the premises, information generated in real time by the performance of a test or demonstration of a specified description;
(g)to comply with a request from an authorised person for a copy (in such form as may be requested) of the documents or information to which the person is directed or which the person is assisted to view;
(h)to permit an authorised person to inspect the documents, information or equipment to which the person is directed or which the person is assisted to view;
(i)to provide an authorised person with an explanation of such documents or information;
(j)to make available for interview by the authorised person a specified number of people of a specified description who are involved in the provision of the regulated service (not exceeding the number who are willing to be interviewed).
(3)An audit notice—
(a)must be given at least 28 days in advance of the start of the audit, and
(b)must specify the time or times at which, or period or periods within which, each requirement imposed by the notice must be complied with.
(4)An audit notice may not require a provider to permit an authorised person to enter domestic premises.
(5)An audit notice may not require a provider to do anything that would result in the disclosure of information or documents in respect of which a claim to legal professional privilege, or (in Scotland) to confidentiality of communications, could be maintained in legal proceedings.
(6)An audit notice must contain information about the consequences of not complying with the requirements which it imposes.
(7)An audit notice may by further notice—
(a)be revoked by OFCOM;
(b)be varied by OFCOM so as to make it less onerous.
(8)OFCOM may require a provider to pay some or all of the reasonable costs of an audit carried out in accordance with an audit notice.
(9)If OFCOM require a provider to pay an amount as mentioned in sub-paragraph (8), paragraph 6 of Schedule 13 applies in relation to the amount as it applies in relation to a penalty within the meaning of that Schedule.
(10)In this paragraph “specified” means specified in an audit notice.
Commencement Information
I1Sch. 12 para. 4 not in force at Royal Assent, see s. 240(1)
I2Sch. 12 para. 4 in force at 10.1.2024 by S.I. 2023/1420, reg. 2(z10)