Gov to force through tough telecoms regulations to boost network security

Photo of London mocked up to show internet traffic flowing in and out of it
Shutterstock (Image credit: Shutterstock)

Ofcom will have the power to fine telecom providers £100,000 per day for poor network security under new government regulations.

New elements of the Telecommunications Security Act, which became law in November 2021, will be laid as secondary legislation in Parliament today, in a bid to force providers to increase the security of the UK's broadband and mobile networks. These will be presented alongside a draft code of practice that will provide a guide for how vendors can comply.


Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities


The new regulations and code of practice have been developed jointly by the National Cyber Security Centre and Ofcom and they set out the specific actions that public telecom providers must fulfil as legally binding duties. The aim is to improve cyber resilience in the UK by forcing providers to embed strong security practices within all their long-term investment decisions and also their general day-to-day operations.

As the relevant industry regulator, Ofcom will have powers to enforce new legal duties and carry out inspections of a provider's premises and systems to assess whether it has met the new obligations. The regulator will also be able to issue fines of up to 10% of turnover or £100,000 per day if it is a continuing contravention.

A final draft of the regulation has been confirmed by the Department of Culture, Media and Sport (DCMS) and follows a public consultation. The regulations will force providers to protect data processed by their networks and services and secure the critical functions which allow them to be operated and managed. It will also require them to protect software and equipment which monitor and analyse their networks and services. Providers will also need to take account of supply chain risks and understand and control who can access and make changes to the operation of their networks and services to enhance security.

The new rules will come into force in October with providers expected to have achieved all the necessary outcomes by March 2024. The code of practice will set out further time frames for the completion of other measures and will be updated periodically, according to the government, to ensure it keeps pace with any evolving cyber threats.

Bobby Hellard

Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.

Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.