[[105A.Duty to take security measuresU.K.
This section has no associated Explanatory Notes
(1)The provider of a public electronic communications network or a public electronic communications service must take such measures as are appropriate and proportionate for the purposes of—
(a)identifying the risks of security compromises occurring;
(b)reducing the risks of security compromises occurring; and
(c)preparing for the occurrence of security compromises.
(2)In this Chapter “security compromise”, in relation to a public electronic communications network or a public electronic communications service, means—
(a)anything that compromises the availability, performance or functionality of the network or service;
(b)any unauthorised access to, interference with or exploitation of the network or service or anything that enables such access, interference or exploitation;
(c)anything that compromises the confidentiality of signals conveyed by means of the network or service;
(d)anything that causes signals conveyed by means of the network or service to be—
(i)lost;
(ii)unintentionally altered; or
(iii)altered otherwise than by or with the permission of the provider of the network or service;
(e)anything that occurs in connection with the network or service and compromises the confidentiality of any data stored by electronic means;
(f)anything that occurs in connection with the network or service and causes any data stored by electronic means to be—
(i)lost;
(ii)unintentionally altered; or
(iii)altered otherwise than by or with the permission of the person holding the data; or
(g)anything that occurs in connection with the network or service and causes a connected security compromise.
(3)But in this Chapter “security compromise” does not include anything that occurs as a result of conduct that—
(a)is required or authorised by or under an enactment mentioned in subsection (4);
(b)is undertaken for the purpose of providing a person with assistance in giving effect to a warrant or authorisation that has been issued or given under an enactment mentioned in subsection (4);
(c)is undertaken for the purpose of providing a person with assistance in exercising any power conferred by or under prison rules; or
(d)is undertaken for the purpose of providing assistance to a constable or a member of a service police force (acting in either case in that capacity).
(4)The enactments are—
(a)the Investigatory Powers Act 2016;
(b)Part 1 of the Crime and Courts Act 2013;
(c)the Prisons (Interference with Wireless Telegraphy) Act 2012;
(d)the Regulation of Investigatory Powers Act 2000;
(e)the Regulation of Investigatory Powers (Scotland) Act 2000;
(f)the Intelligence Services Act 1994;
(g)any other enactment (whenever passed or made) so far as it—
(i)makes provision which is in the interests of national security;
(ii)has effect for the purpose of preventing or detecting crime or of preventing disorder; or
(iii)makes provision which is in the interests of the economic well-being of the United Kingdom so far as those interests are also relevant to the interests of national security.
(5)In this section—
“connected security compromise” means—
(a)
in relation to a public electronic communications network, a security compromise that occurs in relation to another public electronic communications network or a public electronic communications service;
(b)
in relation to a public electronic communications service, a security compromise that occurs in relation to a public electronic communications network or another public electronic communications service;
“crime” and “detecting crime” have the same meanings as in the Investigatory Powers Act 2016;
“prison rules” means any rules made under—
(a)
section 47 of the Prison Act 1952;
(b)
section 39 of the Prisons (Scotland) Act 1989; or
(c)
section 13 of the Prison Act (Northern Ireland) 1953;
“service police force” means—
(a)
the Royal Navy Police;
(b)
the Royal Military Police; or
(c)
the Royal Air Force Police;
“signal” has the same meaning as in section 32.]]