UK telcos face stricter cybersecurity rules

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)

The UK government plans to subject broadband and mobile operators to much stricter cybersecurity obligations with fines of up to 10% of annual turnover dished out for non-compliance.

At present, operators are responsible for setting their own security standards, but the government no longer believes that this approach is sufficient as society and the economy becomes increasingly digitised.

It believes a major data theft or network failure could have serious consequences for consumers, businesses, and the country as a whole and wants a new framework that it believes will be among the most comprehensive in the world.

UK telco rules

“We know how damaging cyber attacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life,” said Matt Warman, digital infrastructure minister.

“We are ramping up protections for these vital networks by introducing one of the world’s toughest telecoms security regimes which secure our communications against current and future threats.”

The Telecommunications (Security) Act passed last year grants the government additional powers over the UK’s communication infrastructure and a new set of regulations and code of practice, developed with the National Cyber Security Centre and Ofcom, sets out the specific actions for operators outlined in the legislation.

The new regulations require operators to protect all data stored by their networks and services, secure critical functions that protect this infrastructure, and safeguard tools that monitor and analyse networks against access from hostile state actors.

Operators will also be required to identify potentially dangerous activity, have a deep understanding of the security risks involved in their business, and report regularly to internal boards. Telcos will also be expected to review their supply chains and ensure there are no weak links.

The new rules will come into effect from October and will be updated to take into account future threats. Ofcom will be responsible for monitoring the new obligations and will be able to issue penalties which could reach as high as £100,000 a day for continued breaches.

Steve McCaskill is TechRadar Pro's resident mobile industry expert, covering all aspects of the UK and global news, from operators to service providers and everything in between. He is a former editor of Silicon UK and journalist with over a decade's experience in the technology industry, writing about technology, in particular, telecoms, mobile and sports tech, sports, video games and media.