- Latest available (Revised)
- Original (As made)
This is the original version (as it was originally made).
12. A network provider or service provider must—
(a)where the person providing any software or equipment used for the purposes of the public electronic communications network or public electronic communications service makes available a patch or mitigation relating to the risks of security compromises occurring (including software updates and equipment replacement), take such measures as are appropriate and proportionate to deploy the patch or mitigation within such period as is appropriate in the circumstances having regard to the severity of the risk of security compromise which the patch or mitigation addresses,
(b)identify any need for a security update or equipment upgrade and implement the necessary update or upgrade within such period as is appropriate, having regard to the assessed security risk of the network provider or service provider, and
(c)arrange for any decision as to what period the network provider or service provider considers appropriate—
(i)for the purposes of sub-paragraph (a), in a case where the network provider or service provider considers in relation to a particular patch or mitigation that a period of more than 14 days beginning with the day on which the patch or mitigation becomes available is appropriate, or
(ii)for the purposes of sub-paragraph (b), in a case where there is a significant risk of a security compromise occurring,
to be taken at an appropriate governance level and recorded in writing.
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
Explanatory Memorandum sets out a brief statement of the purpose of a Statutory Instrument and provides information about its policy objective and policy implications. They aim to make the Statutory Instrument accessible to readers who are not legally qualified and accompany any Statutory Instrument or Draft Statutory Instrument laid before Parliament from June 2004 onwards.
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
Click 'View More' or select 'More Resources' tab for additional information including: