Version Superseded: 26/05/2011
Point in time view as at 11/12/2003. This version of this provision has been superseded.
There are currently no known outstanding effects for the The Privacy and Electronic Communications (EC Directive) Regulations 2003, Section 5.
5.—(1) Subject to paragraph (2), a provider of a public electronic communications service (“the service provider”) shall take appropriate technical and organisational measures to safeguard the security of that service.
(2) If necessary, the measures required by paragraph (1) may be taken by the service provider in conjunction with the provider of the electronic communications network by means of which the service is provided, and that network provider shall comply with any reasonable requests made by the service provider for these purposes.
(3) Where, notwithstanding the taking of measures as required by paragraph (1), there remains a significant risk to the security of the public electronic communications service, the service provider shall inform the subscribers concerned of—
(a)the nature of that risk;
(b)any appropriate measures that the subscriber may take to safeguard against that risk; and
(c)the likely costs to the subscriber involved in the taking of such measures.
(4) For the purposes of paragraph (1), a measure shall only be taken to be appropriate if, having regard to—
(a)the state of technological developments, and
(b)the cost of implementing it,
it is proportionate to the risks against which it would safeguard.
(5) Information provided for the purposes of paragraph (3) shall be provided to the subscriber free of any charge other than the cost to the subscriber of receiving or collecting the information.
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.
