What is lawful intercept?

Lawful interception is the statutory process by which authorised public authorities obtain access to communications or communications data for defined purposes including national security, the prevention and detection of serious crime, and safeguarding. In the United Kingdom, the regime is governed principally by the Investigatory Powers Act 2016 (IPA 2016), which replaced and consolidated earlier legislation including the Regulation of Investigatory Powers Act 2000 (RIPA).

Providers of public electronic communications networks and services may be required to maintain technical capability, retain communications data when directed, and provide assistance in giving effect to interception warrants. Bratby Law advises operators and service providers on the legal, operational and governance implications of compliance with lawful-intercept requirements.

The legal framework for Lawful Intercept in the UK

The Investigatory Powers Act 2016

The IPA 2016 establishes the statutory authorisation, safeguards and oversight mechanisms relevant to interception and related intelligence activities. The provisions most relevant to telecoms operators include:

Part 2 – Interception of communications
This authorises the interception of communications in the course of transmission pursuant to a warrant issued by the Secretary of State and approved by a Judicial Commissioner (the “double-lock”).

Part 3 – Communications data
This governs access to communications data (for example metadata and subscriber data) by authorised public authorities, subject to statutory tests of necessity and proportionality.

Part 4 – Data retention
This enables the Secretary of State to require certain operators to retain categories of communications data for a defined period, subject to detailed safeguards.

Part 9 – Oversight
This establishes the Investigatory Powers Commissioner’s Office (IPCO), responsible for auditing, inspection and independent oversight.

Operators subject to obligations under the Act may receive warrants, authorisations or notices requiring implementation within short timescales.

The role of Ofcom

Although Ofcom does not issue or approve warrants, it performs several regulatory functions that intersect with lawful intercept, including:

• advising the Home Office on implementation feasibility
• maintaining technical standards and expectations for interception capability
• integrating IPA-related issues into security and resilience oversight
• engaging with providers on network changes that may affect capability

Ofcom’s responsibilities arise under the Communications Act 2003 and related instruments, including the Electronic Communications Code of Practice and national security directions.

Lawful intercept Obligations on telecoms operators

Depending on their activities, operators may be required to:

• maintain interception capability compliant with technical capability notices (TCNs)
• provide assistance to designated authorities in implementing warrants
• retain communications data when served with a retention notice
• ensure the confidentiality, integrity and security of all related systems
• maintain governance, record-keeping and audit processes consistent with IPCO expectations
• implement controls to prevent unauthorised access or disclosure

Non-compliance can give rise to regulatory enforcement action by Ofcom or, in some cases, criminal liability under the IPA 2016.

Oversight, safeguards and redress

The statutory regime contains a comprehensive set of safeguards:

Judicial approval
All interception warrants must be approved by a Judicial Commissioner before taking effect.

Independent oversight
IPCO carries out inspections of operators and public authorities, reviews warrant decisions, and reports annually to Parliament.

The Investigatory Powers Tribunal (IPT)
The IPT hears complaints from individuals who believe they have been subject to unlawful surveillance.

Audit and reporting
Operators must retain auditable logs, cooperate with inspections, and apply secure processes for the handling of intercept products.

Interaction with other regulatory requirements

Lawful intercept operates alongside several overlapping legal regimes. Operators must ensure consistency with:

• UK GDPR and the Data Protection Act 2018, governing the processing of personal data
• PECR, governing confidentiality of communications
• The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, permitting limited workplace interception
• The Communications Act 2003, including Ofcom’s powers in relation to security and resilience

Bratby Law works with clients to ensure these regimes are reconciled and properly reflected in internal policies and technical architecture.

Technical implementation of Lawful Intercept

Operators required to maintain lawful-intercept capability will typically implement:

• real-time interception for voice, messaging and data services
• secure handover interfaces for delivery to law-enforcement agencies
• accurate metadata capture
• audit logging, access controls and operational governance
• capability aligned to ETSI LI standards

Bratby Law supports clients with the review of technical capability notices, network changes and capability governance.

Lawful-intercept notices and compliance

When served with a warrant or notice, operators often face short deadlines. Our work includes:

• analysing the statutory basis, scope and proportionality
• assessing technical feasibility and implementation planning
• managing engagement with issuing authorities
• preserving legal privilege
• implementing documentation, governance and reporting frameworks

We also assist with the development of Lawful-Intercept Compliance Programmes, including training and risk management.

Project counsel on infrastructure deployments

New infrastructure and service deployments can trigger lawful-intercept capability obligations. Bratby Law acts as project counsel to:

• assess whether new networks or platforms fall within IPA 2016 scope
• coordinate engagement with the Home Office and Ofcom
• align technical standards with regulatory expectations
• prepare contractual and supplier documentation
• establish audit and oversight processes consistent with IPCO standards

Co-counsel support

We act as specialist co-counsel to larger firms on:

• corporate transactions involving regulated telecoms infrastructure
• regulatory due diligence
• investigations, enforcement and contentious matters arising under the IPA 2016

Why clients instruct Bratby Law

• detailed understanding of IPA 2016 and associated technical regimes
• extensive experience advising UK and international operators
• capability to bridge legal, regulatory and network-engineering disciplines
• demonstrable experience in sensitive and time-critical compliance matters
• precise, commercially-grounded advisory work

Independent directory rankings

Our specialist expertise is recognised in major independent legal directories:

• Chambers & Partners: Rob Bratby is ranked in the UK Guide 2026 in the “Telecommunications” category: Chambers
• The Legal 500: Rob Bratby is listed as a “Leading Partner – Telecoms” in London (TMT – IT & Telecoms): The Legal 500
• Lexology: Rob Bratby is featured on Lexology’s expert profiles (Global Elite Thought Leader): Lexology

What clients say

See more

• Why Bratby Law? UK Telecoms Lawyers and AI Lawyers for Regulated Markets
• Services
• Transactions
• Co-counsel
• Fractional General Counsel