Telecoms Security Bill published by government
The government has published the Telecommunications (Security) Bill, which takes forward its commitments within the Telecoms Supply Chain Review Report to establish an enhanced legislative framework for the security of telecoms in the UK. The 2019 Review sought to address three key questions:
- How should we incentivise telecoms operators to improve security standards and practices in 5G and full fibre networks?
- How should we address the security challenges posed by vendors?
- How can we create sustainable diversity in the telecoms supply chain?
The Review recommended the establishment of a new security framework for the UK’s public telecoms providers, with its foundations set by new telecoms security requirements overseen by Ofcom and the government. It also recommended new national security powers for the government to control the presence of high risk vendors in UK networks.
The Bill, laid on 24 November 2020, is structured in two parts:
1. Clauses 1 to 14 introduce a stronger telecoms security framework, amending the Communications Act 2003 by placing strengthened telecoms security duties on public telecoms providers.
2. Clauses 15 to 23 introduce new national security powers for the government to manage risks posed by high risk vendors. The Bill creates new powers for the Secretary of State to designate vendors for the purpose of issuing directions to public communications providers imposing controls on their use of those designated vendors’ goods, services and facilities.
In introducing a stronger telecoms security framework, and help deliver the economic and social benefits of 5G and gigabit-capable broadband, legal duties on providers of UK public telecoms networks and services will be strengthened: designed as a way of incentivising better security practices.
New codes of practice will demonstrate how certain providers should comply with their legal obligations (published once the Bill has received Royal Assent). Ofcom will be given stronger powers to monitor and assess operators' security, alongside enforcing compliance with the new law. This will include carrying out technical testing, interviewing staff, and entering operators' premises to view equipment and documents. Telecoms providers could face heavy fines of up to ten per cent of turnover or, in the case of a continuing contravention, £100,000 per day, if they do not follow directions.
New national security powers legislated in the Bill will enable government to issue directions to public telecoms providers. While high-risk vendors are already banned from the most sensitive ‘core' parts of the network, the Bill will allow the Government to impose controls on telecoms providers' use of goods, services or facilities supplied by high risk vendors.
The legislation will apply to public telecoms providers of public electronic communications networks and services (PECN and PECS), as well as the regulator Ofcom. Along with the Bill, impact assessments have been published: one on the impact of the new telecoms security framework and another on the impact of the use of the national security powers in relation to designated vendors.
techUK will respond to the government’s consultation on the new framework before secondary legislation is laid in Parliament, and the public consultation on the codes of practice after the Bill's passage.
Following the setting up of the Telecoms Diversification Task Force, the forthcoming Telecoms Diversification Strategy is expected to set out government’s ambition in helping to create sustainable diversity in the telecoms supply chain - the third question underpinning the Supply Chain Review last year. techUK is currently exploring the opportunities for UK companies in areas such as software, small cells and semiconductors via our Diversifying Telecoms campaign.