By Simon Woodhead
It has been a little while since I’ve opined on the Telecommunications Security Act 2021 and the all-important secondary legislation it enabled, the Electronic Communications (Security Measures) Regulations 2022. My most recent entry is to reiterate how these rules apply to even the newest start-up.
During the passage of the then Telecommunications Security Bill, a dangerous rumour started to spread around the industry – that smaller providers would be exempt and heads remained firmly buried in the sand. Of course, those that had read the draft Regulations, Code of Practice and the Bill, knew that the Government was planning something different.
The reality is that if your turnover is above a micro-entity, i.e.,>£634k, which is something like 1,400 average connections per Ofcom’s data, then you are in scope of the Regulations.
Got that IPEX Type A interconnect you refer to as a “BT Interconnect”?! Then Regulation 7 might be of interest. BT treats incoming calls to your geographic ranges on Type A as “transit” which means they are purchasing termination from you. In that scenario, then, Regulation 7 says they need to fulfil certain supply-chain conditions, and you will need to meet certain Tier 1, yes, the £1bn turnover level, outcomes in the Code of Practice. That’s because those Tier 1 providers have an obligation to procure certain supply-chain outcomes that are Tier 1 compliant on their interconnects.
Don’t take our word for it, Comms Council UK Members have access to the DCMS slide deck and notes from a recent industry meeting that says just that. Pete Farmer has also mentioned to me that, with BT’s medusa-like approach to Type A, with it being whatever they want it to be to suit any given circumstance, that there is a possibility each of their customers are in breach of various regulations for a failure to procure compliance. Regardless of what we say about the increasingly draconian regulations, we would encourage Type A customers to dual source to at least provide themselves some flexibility in the future.
As we have blogged about before, the noose is tightening around our industry’s neck. Between the European Electronic Communications Code, which presumes that a businessperson needs assistance getting dressed in the morning, let alone should be able to purchase an iPhone for their enterprise unaccompanied, the new security regime, a number of existential level attacks on niche operators, re-monopolisation and more, we are at the gallows and are seemingly unaware.
Ofcom have said they will take an ‘incident-driven’ approach to enforcement of the new security regime; any cyber-attack is currently reportable to them within three hours, and any incident affecting the ability for end users to contact the emergency services, within three days. There are separate penalties for non-compliance with the reporting regime, on top of the eye-watering possible penalties for non-compliance with the security regime. Head in the sand could end up being a very costly strategy.
The days of spinning up FreeSwitch on a Raspberry PI in your basement and calling yourself a carrier are in the rear-view mirror. As we said in a recent issue of Comms Dealer, if you want to double-down as a network operator, we’re here and we have your back, and if you want to explore options such as Partner and Dealer, we’re here and we have your back too.
We want our customers to thrive; when you thrive, we thrive and we are confident we have engineered a suite of products to help you do just that, even in this increasingly draconian regulatory environment. Give Frazer a call and chew the fat!