Select Committee on Science and Technology Minutes of Evidence


Annex A

PROPOSED NEW GENERAL CONDITION OF ENTITLEMENT (PURSUANT TO SECTION 45(1) OF THE COMMUNICATIONS ACT 2003)

  1.  The following is a draft of a new information security and network integrity General Condition of Entitlement. It replicates the obligations already placed upon service providers by Regulation 5 of the Privacy and Electronic Communications Regulations 2003, but by making them a General Condition of Entitlement they can be enforced by Ofcom. In addition, the Condition includes obligations to take into account appropriate standards and specifications, using paragraphs that are near identical to those in Condition 2 of the General Conditions of Entitlement.

INFORMATION SECURITY AND NETWORK INTEGRITY

  2.  The Communications Provider shall take appropriate technical and organisational measures to safeguard the security of its Public Electronic Communications Services and the security and integrity of End-users' equipment used in connection with those Public Electronic Communications Services.

  3.  If necessary, the measures required by paragraph 2 may be taken by the Communications Provider in conjunction with the provider of the Electronic Communications Network by means of which the Public Electronic Communications Service is provided, and that Electronic Communications Network provider shall comply with any reasonable requests made by the service provider for these purposes.

  4.  Where, notwithstanding the taking of measures as required by paragraph 2, there remains a significant risk to the security of the Public Electronic Communications Service or the security and integrity of End-users' equipment used in connection with those Public Electronic Communications Services, the Communications Provider shall inform its End-users of-

    (a)  the nature of that risk;

    (b)  any appropriate measures that the End-user may take to safeguard against that risk; and

    (c)  the likely costs to the End-user involved in the taking of such measures.

  5.  For the purposes of paragraph 2, a measure shall only be taken to be appropriate if, having regard to:

    (a)  the state of technological developments; and

    (b)  the cost of implementing it.

  It is proportionate to the risks against which it would safeguard.

  6.  Information provided for the purposes of paragraph 4 shall be provided to the End-user free of any charge other than the cost to the End-user of receiving or collecting the information.

  7.  The Communications Provider shall ensure that any restrictions imposed by it on access to and use of a Public Electronic Communications Service on the grounds of ensuring its compliance with paragraph 2 above are proportionate, non-discriminatory and based on objective criteria identified in advance.

  8.  The Communications Provider shall take full account of any relevant voluntary standards and/or specifications adopted by the European Standards Organisations in assessing the appropriateness of any measure for the purposes of paragraph 2 or, in the absence of such standards and/or specifications, international standards or recommendations adopted by the International Telecommunication Union (ITU), the International Organisation for Standardisation (ISO) or the International Electrotechnical Committee (IEC).

  9.  In the absence of such standards and/or specifications referred to in paragraph 8 above, the Communications Provider shall take full account of any other standard specified by Ofcom in a direction under this Condition to define appropriate technical or organisations measures, provided that Ofcom shall not make such a direction if an appropriate European or other international standard is expected to be promulgated within a reasonable time.

  10.  For the purposes of this Condition:

    (a)  "Communications Provider" means a provider of a Public Electronic Communications Service; and

    (b)  "European Standards Organisations" means the European Committee for Standardisation (CEN), the European Committee for Electrotechnical Standardisation (CENELEC), and the European Telecommunications Standards Institute (ETSI).



 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2007