Draft regulation on the security and integrity of electronic communications networks and services - public consultation

On 29 December 2016 ANACOM approved the draft regulation on the security and integrity of electronic communications networks and services, which was published today in Series 2 of (the Official Journal) Diário da República no. 7/2017 – Notice no. 459/2017https://www.anacom.pt/render.jsp?contentId=1402452.

The submission of the draft regulation for public consultation was decided under the provisions of Article 10 of ANACOM’s Statutes, and Articles 98 ff of the Código do Procedimento Administrativo (Code of Administrative Procedure), and for the purposes provided for in Article 8 and, particularly, in Article 54-C(4) of the Electronic Communications Law. Interested parties have a period of 30 working days in which to comment, in writing and in the Portuguese language. Comments should thus be sent by 21 February 2017, preferably by email to regulamento.seguranca@anacom.pt¹. Once the consultation procedure is concluded the contributions received will be made public; therefore, the interested parties should also send a version of their comments (omitting any parts considered confidential) to be published on this website.

The present draft regulation aims to establish:

a) The technical implementing measures and additional requirements to be fulfilled by companies providing public communications networks or publicly available electronic communications services in terms of security and integrity, pursuant to Article 54-A and under the terms of Article 54-C(1) and of Article 54-D of the Electronic Communications Law - ECLhttps://www.anacom.pt/render.jsp?contentId=975162 (Lei das Comunicações Eletrónicas - LCE), and under the terms of Title II of the draft regulation.

b) The circumstances, format and procedures applicable to the requirements to report security breaches or losses of network integrity with significant impact on the operation of the networks and services by companies providing public communications networks or publicly available electronic communications services, pursuant to Article 54-B and to Article 54-C(2) of the Electronic Communications Law, and under the terms of Chapter I of Title III of the draft regulation.

c) The conditions under which companies that offer public communications networks or publicly available electronic communications services should disclose to the public the security breaches and losses of integrity with significant impact on the operation of said networks and services, pursuant to Article 54-E(b) of the ECL and Chapter II of Title III of the draft regulation.

d) The obligations of companies which offer public communications networks or publicly available electronic communication services to audit the security of their networks and services and submit the respective audit reports, as well as the requirements to which the audits and auditors are subject, pursuant to Article 54-F(1)(2) of the ECL and under the terms of Title IV of the draft regulation.

With regard to points c) and d) above, ANACOM intends to incorporate rules into the regulation to reflect the measures already implemented under ANACOM's decision of 12 December 2013https://www.anacom.pt/render.jsp?contentId=1186180  as amended by ANACOM's decision of 8 January 2014https://www.anacom.pt/render.jsp?contentId=1186986. Its implementation is deemed to have been accomplished in an effective manner based on consensus, thereby assembling and consolidating in a single piece of legislation, in the interests of transparency and legal certainty, a properly stated set of conditions applicable to the security and integrity of networks and services.

Consult:

• Consultation on the draft regulation on the security and integrity of electronic communications networks and services https://www.anacom.pt/render.jsp?contentId=1402456

See also:

• Draft regulation on the security and integrity of electronic communications networks and services https://www.anacom.pt/render.jsp?contentId=1402962