Consultation outcome: Proposal for new telecoms security regulations and code of practice

Proposals for new telecoms security regulations and code of practice - government response to public consultation

As soon as Parliamentary time allows, the government will lay updated final regulations and a draft code of practice. These documents will have been updated on the basis of responses received to the consultation.

The changes we make will support the security of the UK’s telecoms networks and services by ensuring that public telecoms providers:

• protect data stored by their networks and services, and secure the critical functions which allow them to be operated and managed;
• protect tools which monitor and analyse their networks and services against access from hostile state actors;
• monitor public networks to identify potentially dangerous activity and have a deep understanding of their security risks, reporting regularly to internal boards; and
• take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services.

Our response to the consultation is set out in more detail in Proposals for new telecoms security regulations and code of practice - government response to public consultation.

We received feedback in 38 responses to the consultation from across the telecoms sector, including from public telecoms providers, their suppliers, and representative trade bodies. The respondents:

• largely welcomed the introduction of new regulations and guidance to improve the security of public telecoms networks and services; and
• provided detailed and useful feedback on specific aspects of the government’s proposed approach based on their insight into how proposals would affect their businesses

The responses to the consultation were analysed by DCMS, with technical and regulatory advice being provided, where relevant, from the National Cyber Security Centre (NCSC) and Ofcom.

The government’s response to the public consultation contains a full summary of the feedback we received, explanations of how we have considered the feedback and, where appropriate, revised the draft regulations and draft code of practice, taking it into account.

The government is consulting on proposals for new regulations and a code of practice to improve the security and resilience of public telecoms networks and services.

This consultation ran from
9:30am on 1 March 2022 to 11:45pm on 10 May 2022

Consultation description

The Telecommunications (Security) Act 2021 provided the government with new powers to make security regulations and issue codes of practice. The government is now proposing to use those powers to help secure the UK’s public telecoms networks and services.

The UK is becoming ever more dependent on such networks and services. The increased reliance of the economy, society and critical national infrastructure (CNI) on public telecoms networks and services means it is important to have confidence in their security. As the value of our connectivity increases, it becomes a more attractive target to cyber attackers. It is important to make sure that our networks and services are secured in this evolving threat landscape.

The government is therefore consulting on proposals for new regulations and a code of practice that are intended to address security risks to public telecoms networks and services. This process meets the statutory requirement for the government to consult with affected parties before issuing a code of practice, under section 105F of the Communications Act 2003 (inserted by the Telecommunications (Security) Act 2021). This consultation seeks informed views from Ofcom, providers of public networks and services, as well as those who may have experience in these matters on the proposals within the draft code of practice, which has been published alongside this document. As the regulations will be the first to be issued under the new telecoms security framework, the government has also decided to consult on the draft regulations. The closing date for responses to the consultation is 11:45pm on 10 May 2022.

Please send responses to the questions contained in the consultation to security.framework.consultation@dcms.gov.uk

The impact assessment accompanying this consultation will be updated for the findings of a cost survey and published alongside the final regulations and code of practice. Details of the cost survey are included in the consultation document, and a plain copy of the full survey is listed below.

The National Cyber Security Centre has recently published its Vendor Security Assessment, which is referenced in the draft code of practice.

Telecoms security: proposal for new regulations and code of practice

Draft Telecommunications Security Code of Practice

The Electronic Communications (Security Measures) Regulations 2022

Draft Electronic Communications (Security Measures) Regulations: impact assessment

Telecommunications (Security) Act: business impact survey

Share this page

• Share onFacebook
• Share onTwitter

Published 1 March 2022
Last updated 30 August 2022 + show all updates

Related content

• Draft Electronic Communications (Security Measures) Regulations
• Telecommunications (Security) Bill: Illustrative designated vendor direction and designation notice
• Telecommunications (Security) Bill: Factsheets
• Telecommunications (Security) Bill
• Telecommunications (Security) Bill: overarching documents