Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what assessment they have made of security risks resulting from critical public services provided with telecommunications by organisations that are not in the scope of the Telecommunications Security Act 2021, and which are instead regulated by other countries.

The Government is committed to ensuring the security and resilience of the UK’s telecommunications networks and services. This includes regular assessment of security and resilience risks relating to such networks and services.

The Telecommunications (Security) Act 2021 (TSA) amended the Communications Act 2003 to establish a robust security framework for UK public telecoms networks and services, placing new legal duties on public telecoms providers to identify and mitigate security risks.

Some essential services may use private telecoms networks outside the scope of the TSA. However, under the Network and Information Systems (NIS) Regulations 2018, operators of essential services are required to manage risks to those services resulting from their use of such networks. In addition, the National Security and Investment Act 2021 includes powers to scrutinise and, if necessary, intervene in foreign acquisitions or investments in the UK telecoms sector that may pose national security risks.

The UK government also works closely to promote the adoption of appropriate and proportionate telecoms security regulations by other countries.