[F1105B.Requirement to notify OFCOM of security breachU.K.
(1)A network provider must notify OFCOM—
(a)of a breach of security which has a significant impact on the operation of a public electronic communications network, and
(b)of a reduction in the availability of a public electronic communications network which has a significant impact on the network.
(2)A service provider must notify OFCOM of a breach of security which has a significant impact on the operation of a public electronic communications service.
(3)If OFCOM receive a notification under this section, they must, where they think it appropriate, notify—
(a)the regulatory authorities in other member States, and
(b)the European Network and Information Security Agency (“ENISA”).
(4)OFCOM may also inform the public of a notification under this section, or require the network provider or service provider to inform the public, if OFCOM think that it is in the public interest to do so.
(5)OFCOM must prepare an annual report summarising notifications received by them under this section during the year, and any action taken in response to a notification.
(6)A copy of the annual report must be sent to the European Commission and to ENISA.]
Textual Amendments
F1Ss. 105A-105D and cross-heading inserted (26.5.2011) by The Electronic Communications and Wireless Telegraphy Regulations 2011 (S.I. 2011/1210), reg. 1(2), Sch. 1 para. 65 (with Sch. 3 para. 2)