On 6 July 2016, the European Union (which for now includes the UK) adopted the Network and Information Security (or NIS) Directive. This imposes obligations on three sets of stakeholders:
New security obligations on UK telecoms providers
On 17 November 2021, the Telecoms (Security) Act 2021, amending the Communications Act 2003, was enacted, with its provisions coming into force over time. The legislation: imposes new primary security obligations on communications providers; enables the UK to make the (currently draft) ‘Designated Vendor Direction’ in respect of Huawei; and will be further operationalised by …