Telecommunications

compliance Great_Britain Ongoing

Health and Safety at Work etc. Act 1974 — general duties

Enforced by: HSE

Health and Safety at Work etc. Act 1974

General duty to protect employees and others affected by the business — offices, exchanges, data centres, mast/cable installation and field engineering. Work at height and electrical work on masts and street works carry specific duties.

insurance Great_Britain Annual

Employers' Liability (Compulsory Insurance) Act 1969

Enforced by: HSE

Employers' Liability (Compulsory Insurance) Act 1969

Required for any business employing at least one person.

registration Uk Annual

UK GDPR + Data Protection Act 2018

Enforced by: ICO

Data Protection Act 2018; UK GDPR (retained EU law)

Telecoms operators process large volumes of subscriber and traffic data. Pay the ICO data protection fee unless exempt and comply with UK GDPR. PECR (below) imposes additional, sector-specific privacy duties that sit on top of the general data protection regime.

compliance Great_Britain Ongoing

Equality Act 2010 — protected characteristics

Enforced by: EHRC

Equality Act 2010

No discrimination in employment or in the provision of services to the public. Reinforced for telecoms by Ofcom General Condition C5 (services for end-users with disabilities).

compliance England_Wales Ongoing

Regulatory Reform (Fire Safety) Order 2005

Enforced by: LOCAL_FIRE_AUTHORITY

Regulatory Reform (Fire Safety) Order 2005

The 'responsible person' for any workplace (offices, exchanges, data centres) must carry out and maintain a fire risk assessment. Devolved variants: Fire (Scotland) Act 2005; Fire and Rescue Services (NI) Order 2006.

notification Uk Ongoing

Notification to Ofcom + General Conditions of Entitlement

Enforced by: OFCOM

Communications Act 2003

A provider of a public electronic communications network or service must notify Ofcom before (or on) starting to provide it, and must then comply with the General Conditions of Entitlement (numbering portability, emergency-call access, billing, complaints handling, switching, services for disabled end-users, and a fair-treatment customer-protection regime). No upfront licence is required — entitlement to provide is general — but ongoing compliance is mandatory and Ofcom can impose financial penalties. Larger providers also pay annual administrative/network charges.

compliance Uk Ongoing

Privacy and Electronic Communications Regulations 2003 (PECR)

Enforced by: ICO

Privacy and Electronic Communications (EC Directive) Regulations 2003

Sector-specific privacy rules: consent for marketing calls, texts and emails; cookies and similar technologies; security and confidentiality of public communications services; and rules on traffic and location data, itemised billing and directories. Providers of a public electronic communications service must also notify the ICO of personal-data breaches. Enforced by the ICO (fines up to £17.5 million or 4% of global turnover under PECR, raised from £500,000 by the Data (Use and Access) Act 2025).

compliance Uk Ongoing

Telecommunications security duties

Enforced by: OFCOM

Telecommunications (Security) Act 2021; The Electronic Communications (Security Measures) Regulations 2022

Providers of public electronic communications networks and services must identify and reduce security compromise risks, take the specified security measures and have regard to the Telecommunications Security Code of Practice. Tiered duties by provider size/turnover (Tier 1/2/3 thresholds). Includes duties to manage supply-chain risk and to comply with high-risk-vendor directions. Ofcom monitors and enforces; penalties up to 10% of turnover.

compliance Uk Ongoing

Lawful intercept and communications-data retention

Enforced by: ICO

Investigatory Powers Act 2016

Telecommunications operators must be able to give effect to interception, communications-data acquisition and (where served with a retention notice) data-retention requirements, maintaining a permanent intercept capability and assisting law enforcement under warrant. Oversight by the Investigatory Powers Commissioner; the ICO audits the security and destruction of retained communications data. Applies to operators providing services to the public in, or controlling apparatus in, the UK.