This week, the UK’s Department for Culture, Media and Sport (DCMS) published its long-awaited consultations on the new draft Electronic Communications (Security Measures) Regulations and on the Code of Practice, both derived from their new powers under the Telecommunications (Security Act) 2021.
For some time, with the help of what we consider to be a sleight of hand from DCMS, many smaller operators have had false hope that the tiering in the Code of Practice will exempt them from having much of a compliance burden. While that is true of the contents of the Code, it is not true of the Regulations; if your turnover exceeds that of a micro-entity, presently defined as just £634,000 (with a balance sheet and employee threshold that can also be separately tripped for lower turnovers) then there are fourteen proposed new statutes for you to comply with – possibly by October of this year.
These range from requirements to patch systems in fourteen days of a patch becoming available, nominated board level (or equivalent) responsibilities, DMZs for terminals that can perform security critical functions, written supplier exit and disaster plans, periodic ‘penetration testing,’ a requirement to have no dependency on resources outside the United Kingdom and more.
We recently warned that the UK telecommunications market was past its liberal and super-low barrier to entry peak. Unfortunately, that dark prediction appears to be playing out.
That said, DCMS are conscious of the impact of the Regulations and are genuinely consulting on their content – this is rare for secondary legislation, and indicates that the Government has a desire to at least be seen to be paying attention to the industry’s concerns.
We shall be engaged with law makers, civil servants, and many industry participants on this matter – feel free to reach out to us for a no-obligation conversation to see if we can help. Exonia also provides regulatory support to the secretariat of Comms Council UK – if you are operating in the UK market, you may find benefits in joining your voice to the voice of its 100+ members on this subject too.