The new telecoms security regulations will be among the strongest in the world and will provide much tougher protections for the UK from cyber threats which could cause network failure or the theft of sensitive data.

The Telecommunications (Security) Act, which became law in November, gives the government powers to boost the security standards of the UK’s mobile and broadband networks, including the electronic equipment and software at phone mast sites and in telephone exchanges which handle internet traffic and telephone calls.

Currently, telecoms providers are responsible for setting their own security standards in their networks. However, the government’s Telecoms Supply Chain Review found providers often have little incentive to adopt the best security practices.

The new regulations and code of practice, developed with the National Cyber Security Centre and Ofcom, set out specific actions for UK public telecoms providers to fulfil their legal duties in the Act. They will improve the UK’s cyber resilience by embedding good security practices in providers’ long term investment decisions and the day-to-day running of their networks and services.

The substance of the final regulations has been confirmed by the government following a response to a public consultation on them published today. The regulations are to make sure providers:

• protect data processed by their networks and services, and secure the critical functions which allow them to be operated and managed
• protect software and equipment which monitor and analyse their networks and services
• have a deep understanding of their security risks and the ability to identify when anomalous activity is taking place with regular reporting to internal boards
• take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services to enhance security

Digital Infrastructure Minister Matt Warman said:

We know how damaging cyber attacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life.

We are ramping up protections for these vital networks by introducing one of the world’s toughest telecoms security regimes which secure our communications against current and future threats.

NCSC Technical Director Dr Ian Levy said:

We increasingly rely on our telecoms networks for our daily lives, our economy and the essential services we all use.

These new regulations will ensure that the security and resilience of those networks, and the equipment that underpins them, is appropriate for the future.

The regulations will be laid as secondary legislation in Parliament shortly, alongside a draft code of practice providing guidance on how providers can comply with them.

Ofcom will oversee, monitor and enforce the new legal duties and have the power to carry out inspections of telecoms firms’ premises and systems to ensure they’re meeting their obligations. If companies fail to meet their duties, the regulator will be able to issue fines of up to 10 per cent of turnover or, in the case of a continuing contravention, £100,000 per day.

From October, providers will be subject to the new rules and Ofcom will be able to use its new powers to ensure providers are taking appropriate and proportionate measures to meet their security duties and follow the guidance within the code of practice. This includes:

• identifying and assessing the risk to any ‘edge’ equipment that is directly exposed to potential attackers. This includes radio masts and internet equipment supplied to customers such as Wi-Fi routers and modems which act as entry points to the network
• keeping tight control of who can make network-wide changes
• protecting against certain malicious signalling coming into the network which could cause outages;
• having a good understanding of risks facing their networks
• making sure business processes are supporting security (e.g. proper board accountability)

Providers will be expected to have achieved these outcomes by March 2024. The code of practice will set out further timeframes for completion of other measures. The code will be updated periodically to ensure it keeps pace with any evolving cyber threats.

ENDS

Notes to editors

The government received responses to the consultation from public telecoms providers, suppliers and trade bodies. The government’s response sets out the ways in which those responses have been considered and reflected in the final Regulations and draft Code of Practice.

Technical changes following the consultation include:

• clarification to ensure security measures are targeted at the parts of networks most in need of protection, like new software tools that power 5G networks
• inclusion of further guidance on national resilience, security patching and legacy network protections, to help providers understand actions that need to be taken

The Electronic Communications (Security Measures) Regulations will be laid in Parliament through a statutory instrument under the negative procedure.

The draft code of practice will be laid in Parliament under the requirement in section 105F of the Communications Act 2003 (as amended by the Telecommunications (Security) Act 2021). It will remain in draft for Parliamentary scrutiny for forty sitting days, after which the code of practice will be issued and published.

The British High Commission will host a reception today to mark the fourth anniversary of the landmark Indian Section 377 judgment. The judgment passed on 6 September 2018 by the Supreme Court of India decriminalised consensual sexual conduct between adults of the same sex. The landmark judgement has had major implications for the lesbian, gay, bisexual, and transgender (LGBT) community.

The reception will see members of Indian business, civil society, NGOs working on human rights, and Consul Generals of other international missions coming together to celebrate and advance rights of the LGBT community. Justice DY Chandrachud, one of the five judges responsible for passing the historic judgment, has been invited to grace the celebration as the guest of honour.

Justice Dhananjaya Yeshwant Chandrachud, Honourable Judge of the Supreme Court of India, said:

While the decision in Navtej was momentous, we have a long way to go. The Beatles famously sang ‘All you need is love, love; Love is all you need’. At the risk of ruffling the feathers of music aficionados everywhere, I take the liberty to disagree with them and say – perhaps we need a little more than love. Structural changes as well as attitudinal changes are essential.

Alex Ellis, British High Commissioner to India, said:

Thank you to Justice Chandrachud and everyone joining today’s event to celebrate the fourth anniversary of the historic Section 377 judgement furthering LGBT rights in India. Earlier this year in July, the UK celebrated the 50th Anniversary of Pride in London. These are milestones in non-discrimination which remind us of where we have come, and what more we have to do, in the UK and in India. The UK in India family is proud to work with Indian organisations that promote diversity and inclusion and believe in equal rights for all.

Rudrani Chhetri, transgender model and activist, said:

I am honoured to attend today’s event organised by the British High Commission to commemorate the fourth anniversary of the Section 377 judgment. This historic judgment is protecting people from abuses and different forms of atrocities like blackmail and sexual violence that the LGBT community faced earlier. We are all less fearful now in expressing ourselves not just freely but proudly and believe this is a step forward in the right direction that upholds universal human rights.

Further information

Free-to-use high resolution images from the event will be uploaded here.

In September 2019, the British High Commission in India celebrated the first anniversary of the Section 377 judgement together with over 500 people with events in six locations across India, focusing on a number of themes, including diversity and inclusion in the workplace.

The UK is Co-Chair of the Equal Rights Coalition, which brings together 42 countries committed to working together to promote LGBT+ rights globally.

For media queries, please contact:

Media queries: BHCMediaDelhi@fco.gov.uk

Follow us on Twitter, Facebook, Instagram, Flickr, Youtube and LinkedIn

The government has today (30 August 2022) launched an independent review of the UK’s Civil Aviation Authority (CAA) to ensure the provision of world-leading regulation and public services for decades to come.

With a remit that includes everything from ensuring the highest standards of aviation safety and security, to the efficient use of airspace, space operations and protecting consumer rights, the Civil Aviation Authority is vital to the UK’s position as a world leader in aviation and aerospace.

Building on the organisation’s success in tackling the unprecedented challenges of recent years, the review will focus on:

• its efficiency and effectiveness in delivering its services currently, and for the future
• its role, form, function and delivery model
• the corporate governance and assurance mechanisms underpinning the organisation
• the CAA’s relationship with the Department for Transport and how the 2 organisations work together to deliver a quality service for the UK
• how its priorities match up to the government’s wider objectives, taking into consideration its role as an independent regulator

This year the regulator celebrated its 50th birthday and has played a key role in the aviation sector’s recovery, as set out in our 22-point action plan to help minimise disruption in the sector and protect passengers.

For years to come the regulator will also be crucial in ensuring the sector can modernise and innovate to meet the challenges of the future, while protecting consumer rights  – as set out in our 10-year strategy Flightpath to the future.

Transport Secretary Grant Shapps said:

Civil aviation regulation is the lynchpin of an industry which pre-pandemic carried millions of passengers every year, contributed £22 billion to our economy and supported nearly one million jobs.

This review will ensure UK civil aviation regulation continues to be world-leading on safety, security, environmental considerations, economic regulation and consumer protection – which often supports other countries in driving up global standards.

Sir Stephen Hillier, Chair of the Civil Aviation Authority, said:

At the Civil Aviation Authority, we work tirelessly on our mission to achieve improvements in aviation and aerospace for consumers and the public.

We welcome the opportunity this review presents to highlight the dedication, skill and continuous learning culture of our organisation, whilst identifying any areas for improvement.

It will help ensure that we continue to be a diverse, innovative and future-focused regulator, dedicated to improving aviation safety, security and consumer interests and enabling a thriving aerospace sector.

We look forward to working in an open, transparent and collaborative way with government to support this review.

The review forms part of a wider programme looking at public bodies across government, announced in April this year.

It comes at a crucial time for the aviation industry as it continues its strong recovery from the pandemic and will also run in parallel, but entirely separate to, the International Civil Aviation Organisation safety audit due to take place.

Jeremy Newman, an independent panel member at the UK’s Competition and Markets Authority, will lead the review, which will run until spring 2023.