Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what assessment they have made of how aware organisations purchasing telecommunications services are of provider obligations under the Telecommunications Security Act 2021.

The Telecommunications (Security) Act 2021 (TSA) established a robust security framework for UK public telecoms networks and services, placing new legal duties on public telecoms providers to identify and mitigate security risks. The framework is designed to ensure that security is embedded within the networks and services, so those using them can have confidence in their security.

DSIT works with Ofcom and the National Cyber Security Centre (NCSC) to ensure providers are aware of their obligations. Ofcom produces annual security reports for the Secretary of State on providers’ compliance with their obligations in the Act, and their progress against the guidance measures set out in the accompanying Telecommunications Security Code of Practice. These measures have staggered implementation timeframes based on factors such as their complexity and cost.

The first report was published on GOV.UK in January 2025, and is available to organisations purchasing telecommunications services. The report helps the Government monitor compliance approaches across the sector, including progress against guidance measures in the Code of Practice as they fall due.