Gov to force through tough telecoms regulations to boost network security

News
By published

Regulator Ofcom will have powers to monitor, investigate and fine providers that fail to meet the new requirements

Photo of London mocked up to show internet traffic flowing in and out of it
Shutterstock (Image credit: Shutterstock)

Ofcom will have the power to fine telecom providers £100,000 per day for poor network security under new government regulations.

DCMS: A third of businesses experience "weekly" cyber attacks DCMS launches £30 million competition to diversify 5G supply chain CityFibre raises alarm over UK telecoms overbuilding that could lead to broadband market regression

New elements of the Telecommunications Security Act, which became law in November 2021, will be laid as secondary legislation in Parliament today, in a bid to force providers to increase the security of the UK's broadband and mobile networks. These will be presented alongside a draft code of practice that will provide a guide for how vendors can comply.

RELATED RESOURCE

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

FREE DOWNLOAD

The new regulations and code of practice have been developed jointly by the National Cyber Security Centre and Ofcom and they set out the specific actions that public telecom providers must fulfil as legally binding duties. The aim is to improve cyber resilience in the UK by forcing providers to embed strong security practices within all their long-term investment decisions and also their general day-to-day operations.

As the relevant industry regulator, Ofcom will have powers to enforce new legal duties and carry out inspections of a provider's premises and systems to assess whether it has met the new obligations. The regulator will also be able to issue fines of up to 10% of turnover or £100,000 per day if it is a continuing contravention.

A final draft of the regulation has been confirmed by the Department of Culture, Media and Sport (DCMS) and follows a public consultation. The regulations will force providers to protect data processed by their networks and services and secure the critical functions which allow them to be operated and managed. It will also require them to protect software and equipment which monitor and analyse their networks and services. Providers will also need to take account of supply chain risks and understand and control who can access and make changes to the operation of their networks and services to enhance security.

The new rules will come into force in October with providers expected to have achieved all the necessary outcomes by March 2024. The code of practice will set out further time frames for the completion of other measures and will be updated periodically, according to the government, to ensure it keeps pace with any evolving cyber threats.

Bobby Hellard
Bobby Hellard

Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.

Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.

More about policy and legislation
UK map concept art showing digitized UK landmass outline in blue.

UK firms are pulling ahead of EU competitors in the AI race – here's why
OpenAI logo and branding pictured at Mobile World Congress 2024 in Barcelona, Spain.

The CMA just dropped its probe into the Microsoft–OpenAI deal
Cybersecurity concept image showing digitized padlock with data points flowing out from behind.

Security experts warn of ‘contradictory confidence’ over critical infrastructure threats
See more latest
Most Popular
Cybersecurity concept image showing digitized padlock with data points flowing out from behind.
Security experts warn of ‘contradictory confidence’ over critical infrastructure threats
Agentic AI concept image showing digitized human brain with a microprocessor placed in the center.
‘DIY’ agent platforms are big tech’s latest gambit to drive AI adoption
Jensen Huang, co-founder and chief executive of Nvidia pictured on stage at Nvidia GTC 2025 holding two GPUs.
Nvidia GTC 2025: Four big announcements you need to know about
Businessman hand pointing finger to growth success finance business chart of metaverse technology financial graph investment diagram on analysis stock market background with digital economy exchange.
Global security spending continues to rise
Women in tech concept image showing female tech worker sitting at desk working on desktop computer.
Imposter syndrome is pushing women out of tech
Jensen Huang, co-founder and chief executive officer of Nvidia, pictured during a news conference at the Nvidia GPU Technology Conference (GTC) in San Jose, California, US.
‘This is the first event in history where a company CEO invites all of the guests to explain why he was wrong’: Jensen Huang changes his tune on quantum computing after January stock shock
ServiceNow signage pictured during the Singapore FinTech Festival in Singapore, on Wednesday, Nov. 15, 2023.
Old ServiceNow vulnerabilities could cause havoc for unpatched customers
Soft skills concept image showing informal staff meeting in an open plan office environment with workers having a discussion.
AI skills training can't be left in the hands of big tech
Oracle CloudWorld Tour sign pictured at the company event in London, UK.
AI agent announcements are a dime a dozen right now – here’s what Oracle thinks it’s doing differently
Close-up shot of data centers servers in red, black, and light blue colors.
Server sales are skyrocketing – and growth shows no sign of slowing down