For each actor bound by this Act, the other UK Acts that bind them most often. Useful for understanding the full compliance landscape facing each role.

Any Person also bound by 749 other Acts (top 5 shown)

Human Medicines Regulations 2012 2012 110 duties
Licensing Act 2003 2003 105 duties
Merchant Shipping Act 1995 1995 97 duties
Road Traffic Act 1988 1988 95 duties
Air Navigation Order 2016 2016 86 duties

Data Controllers also bound by 7 other Acts (top 5 shown)

UK GDPR (retained EU law) 2016 336 duties
Data Protection Act 2018 2018 46 duties
Equality Act 2010 2010 1 duty
Data Protection (Charges and Information) Regulations 2018 2018 1 duty
The Waste and Contaminated Land (Northern Ireland) Order 1997 1997 1 duty

Operators also bound by 125 other Acts (top 5 shown)

Space Industry Regulations 2021 2021 71 duties
Payment Services Regulations 2017 2017 41 duties
Air Navigation Order 2016 2016 34 duties
The Quarries Regulations 1999 1999 31 duties
Reservoirs Act (Northern Ireland) 2015 2015 22 duties

Directors and Officers also bound by 224 other Acts (top 5 shown)

Insolvency (England and Wales) Rules 2016 2016 75 duties
Companies Act 2006 2006 63 duties
Insolvency Act 1986 1986 46 duties
CCBSA 2014 2014 22 duties
CAICEA 2004 2004 18 duties

What this Act requires

Sections that create concrete duties on businesses or carry penalties. Procedural and definitional sections are folded into the “Browse other sections” expander at the bottom of each group. Click any section title to read the source text on legislation.gov.uk.

Schedules

Browse 2 other Schedules — structural / supplementary

s.001

Information Commissioner’s enforcement powers

s.002

Transitional provisions

s.005

Security of public electronic communications services

Fine up to £17,500,000

Safeguard the security of public electronic communications services Operator

s.006

Storing information in the terminal equipment of a subscriber or user

Fine up to £17,500,000

Obtain consent before using cookies or similar tracking technologies Any Person

s.007

Restrictions on the processing of certain traffic data

Fine up to £17,500,000

Erase or anonymise communications traffic data when no longer needed Data Controller

s.009

Itemised billing and privacy

Provide non-itemised bills upon subscriber request Data Controller

s.010

Prevention of calling line identification – outgoing calls

Provide callers with a way to hide their phone number Any Person

s.011

Prevention of calling or connected line identification – incoming calls

Fine up to £17,500,000

Provide callers with privacy options for incoming calls Data Controller

s.012

Publication of information for the purposes of regulations 10 and 11

Fine up to £17,500,000

Inform the public about caller ID and privacy options Data Controller

s.013

Co-operation of communications providers for the purposes of regulations 10 and 11

Cooperate with telecoms providers regarding caller ID services Any Person

s.016

Emergency calls

Fine up to £17,500,000

Enable caller ID and location data for emergency 999/112 calls Any Person

s.017

Termination of automatic call forwarding

Stop automatic call forwarding upon subscriber request Any Person

s.018

Directories of subscribers

Fine up to £17,500,000

Obtain consent and inform individual subscribers before including them in directories Director or Officer

s.019

Use of automated calling systems

Obtain consent before making automated marketing calls Any Person

s.020

Use of facsimile machines for direct marketing purposes

Do not send unsolicited direct marketing faxes without consent Any Person

s.023

Use of electronic mail for direct marketing purposes where the identity or address of the sender is concealed

Fine up to £17,500,000

Identify your business and provide a valid opt-out address in marketing emails Any Person

s.024

Information to be provided for the purposes of regulations 19 to 21A

Identify yourself when sending direct marketing communications Any Person

s.025

Register to be kept for the purposes of regulation 20

Other duties (1) — Crown / regulator

ICO must maintain and provide access to the Fax Preference Service register Statutory regulator

s.026

Register to be kept for the purposes of regulation 21

Other duties (1) — Crown / regulator

ICO must maintain a register of people who opt out of marketing calls Statutory regulator

s.030

Proceedings for compensation for failure to comply with requirements of the Regulations

Pay compensation for damages caused by privacy breaches Any Person

s.032

Request that the Commissioner exercise his enforcement functions

Other duties (1) — Crown / regulator

ICO must investigate alleged PECR breaches upon request Statutory regulator

s.033

Technical advice to the Commissioner

Other duties (1) — Crown / regulator

Ofcom must provide technical advice to the Information Commissioner Statutory regulator

s.037

Review of implementation

Other duties (1) — Crown / regulator

Secretary of State must review the PECR regulations every five years Crown / Minister / Government department

s.accreditation of bodies monitoring compliance with

Accreditation of bodies monitoring compliance with codes of conduct

Accredited monitoring bodies must enforce codes of conduct and report suspensions Any Person

s.calls for direct marketing of claims management se

Calls for direct marketing of claims management services

Do not make unsolicited marketing calls for claims management services Any Person

s.personal data breach

Personal data breach

Fine up to £17,500,000

Notify the ICO and users of personal data breaches Operator

s.(unknown)

(unknown)

Fine up to £17,500,000

Maintain procedures for handling personal data access requests Data Controller

Browse 24 other sections — procedural / definitional / commencement

s.003

Revocation of the Telecommunications (Data Protection and Privacy) Regulations 1999

s.004

Relationship between these Regulations and the data protection legislation

s.008

Further provisions relating to the processing of traffic data under regulation 7

s.014

Restrictions on the processing of location data

s.015

Tracing of malicious or nuisance calls

s.021

Calls for direct marketing purposes

s.022

Use of electronic mail for direct marketing purposes

s.027

Modification of contracts

s.028

National security

s.029

Legal requirements, law enforcement etc.

s.031

Information Commissioner’s enforcement powers

s.034

Amendment to the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

s.035

Amendment to the Electronic Communications (Universal Service) Order 2003

s.036

Transitional provisions

s.calls for direct marketing in relation to pension

Calls for direct marketing in relation to pension schemes

s.codes of conduct

Codes of conduct

s.effect of codes of conduct

Effect of codes of conduct

s.emergency alerts

Emergency alerts

s.enforcement: appeals

Enforcement: appeals

s.enforcement: third party information notices

Enforcement: third party information notices

s.personal data breach: audit

Personal data breach: audit

s.personal data breach: enforcement

Personal data breach: enforcement

s.power to provide exceptions to regulation 6(1)

Power to provide exceptions to regulation 6(1)

s.storing information in the terminal equipment of a

Storing information in the terminal equipment of a subscriber or user

Read the full Act on legislation.gov.uk

Official guidance

Authoritative sources published by regulators or government explaining this legislation.

Report unwanted marketing to the ICO (opens in a new tab) from ICO Detailed Guidance
TPS — Telephone Preference Service (opens in a new tab) Detailed Guidance
DUAA 2025 changes to PECR (opens in a new tab) Publication
ASA advertising codes (opens in a new tab) Detailed Guidance
Minimum unit pricing guidance (gov.wales) (opens in a new tab) Detailed Guidance
Minimum unit pricing guidance (mygov.scot) (opens in a new tab) Detailed Guidance
Marketing and advertising law (GOV.UK) (opens in a new tab) Detailed Guidance
Direct marketing guidance (ICO) (opens in a new tab) from ICO Detailed Guidance
GOV.UK: Plans for commencement (opens in a new tab) Detailed Guidance
ICO: What does the DUAA mean for organisations (opens in a new tab) from ICO Detailed Guidance
... and 10 more

Enforcement and responsible bodies

The regulators that administer or enforce this legislation.

ICO

Primary

Information Commissioner's Office

Data protection, freedom of information, privacy and electronic communications regulation. Enforces UK GDPR and Data Protection Act 2018. Issues fines for breaches. …

Ofcom

Office of Communications

Regulates telecoms, TV, radio, video-on-demand, postal services, and online safety. Issues licences for telecoms providers, manages spectrum. Now enforces Online Safety Act …

At a glance

Who this Act binds

Step-by-step journeys using this legislation

Relevant guidance

Direct — cites this Act

Supporting — topic alignment

Mentioned in related content

Other Acts binding the same actors

What this Act requires

Schedules

Official guidance

Enforcement and responsible bodies

Explore more