- Latest available (Revised)
- Original (As made)
There are currently no known outstanding effects for the The Electronic Communications and Wireless Telegraphy Regulations 2011, Paragraph 65.
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
65. Before the cross-heading immediately before section 106, insert—U.K.
105A.—(1) Network providers and service providers must take technical and organisational measures appropriately to manage risks to the security of public electronic communications networks and public electronic communications services.
(2) Measures under subsection (1) must, in particular, include measures to prevent or minimise the impact of security incidents on end-users.
(3) Measures under subsection (1) taken by a network provider must also include measures to prevent or minimise the impact of security incidents on interconnection of public electronic communications networks.
(4) A network provider must also take all appropriate steps to protect, so far as possible, the availability of the provider's public electronic communications network.
(5) In this section and sections 105B and 105C—
“network provider” means a provider of a public electronic communications network, and
“service provider” means a provider of a public electronic communications service.
105B.—(1) A network provider must notify OFCOM—
(a)of a breach of security which has a significant impact on the operation of a public electronic communications network, and
(b)of a reduction in the availability of a public electronic communications network which has a significant impact on the network.
(2) A service provider must notify OFCOM of a breach of security which has a significant impact on the operation of a public electronic communications service.
(3) If OFCOM receive a notification under this section, they must, where they think it appropriate, notify—
(a)the regulatory authorities in other member States, and
(b)the European Network and Information Security Agency (“ENISA”).
(4) OFCOM may also inform the public of a notification under this section, or require the network provider or service provider to inform the public, if OFCOM think that it is in the public interest to do so.
(5) OFCOM must prepare an annual report summarising notifications received by them under this section during the year, and any action taken in response to a notification.
(6) A copy of the annual report must be sent to the European Commission and to ENISA.
105C.—(1) OFCOM may carry out, or arrange for another person to carry out, an audit of the measures taken by a network provider or a service provider under section 105A.
(2) A network provider or a service provider must—
(a)co-operate with an audit under subsection (1), and
(b)pay the costs of the audit.
105D.—(1) Sections 96A to 96C, 98 to 100, 102 and 103 apply in relation to a contravention of a requirement under sections 105A to 105C as they apply in relation to a contravention of a condition set under section 45, other than an SMP apparatus condition.
(2) The obligation of a person to comply with the requirements of section 105A to 105C is a duty owed to every person who may be affected by a contravention of a requirement, and—
(a)section 104 applies in relation to that duty as it applies in relation to the duty set out in subsection (1) of that section, and
(b)section 104(4) applies in relation to proceedings brought by virtue of this section as it applies in relation to proceedings by virtue of section 104(1)(a).
(3) The amount of a penalty imposed under sections 96A to 96C, as applied by this section, is to be such amount not exceeding £2 million as OFCOM determine to be—
(a)appropriate; and
(b)proportionate to the contravention in respect of which it is imposed.”
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Explanatory Memorandum sets out a brief statement of the purpose of a Statutory Instrument and provides information about its policy objective and policy implications. They aim to make the Statutory Instrument accessible to readers who are not legally qualified and accompany any Statutory Instrument or Draft Statutory Instrument laid before Parliament from June 2004 onwards.
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:
This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
Click 'View More' or select 'More Resources' tab for additional information including: