IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Gov to force through tough telecoms regulations to boost network security

Regulator Ofcom will have powers to monitor, investigate and fine providers that fail to meet the new requirements

Ofcom will have the power to fine telecom providers £100,000 per day for poor network security under new government regulations. 

New elements of the Telecommunications Security Act, which became law in November 2021, will be laid as secondary legislation in Parliament today, in a bid to force providers to increase the security of the UK's broadband and mobile networks. These will be presented alongside a draft code of practice that will provide a guide for how vendors can comply.

Related Resource

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

Whitepaper cover with title and text, and image of pyramid cyber-resilience modelFree Download

The new regulations and code of practice have been developed jointly by the National Cyber Security Centre and Ofcom and they set out the specific actions that public telecom providers must fulfil as legally binding duties. The aim is to improve cyber resilience in the UK by forcing providers to embed strong security practices within all their long-term investment decisions and also their general day-to-day operations.

As the relevant industry regulator, Ofcom will have powers to enforce new legal duties and carry out inspections of a provider's premises and systems to assess whether it has met the new obligations. The regulator will also be able to issue fines of up to 10% of turnover or £100,000 per day if it is a continuing contravention. 

A final draft of the regulation has been confirmed by the Department of Culture, Media and Sport (DCMS) and follows a public consultation. The regulations will force providers to protect data processed by their networks and services and secure the critical functions which allow them to be operated and managed. It will also require them to protect software and equipment which monitor and analyse their networks and services. Providers will also need to take account of supply chain risks and understand and control who can access and make changes to the operation of their networks and services to enhance security.

The new rules will come into force in October with providers expected to have achieved all the necessary outcomes by March 2024. The code of practice will set out further time frames for the completion of other measures and will be updated periodically, according to the government, to ensure it keeps pace with any evolving cyber threats.

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Most Popular

How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
Cloud and cyber security certifications remain highest paying for IT professionals
Careers & training

Cloud and cyber security certifications remain highest paying for IT professionals

29 Sep 2022