On 6 July 2018, ANACOM approved the second draft regulation on the security and integrity of electronic communications networks and services, which has been published in Series II of Diário da República (Official Journal) no. 161/2018 - Notice no. 11948/2018 of 22 Augusthttps://www.anacom.pt/render.jsp?contentId=1458509.
It was decided to submit this second draft regulation to public consultation, as under article 10 of ANACOM's Statutes and articles 98 et seq. of Código do Procedimento Administrativo (Administrative Proceeding Code), as well as for the purposes set out in article 8, and in particular in article 54-C of LCE - Lei das Comunicações Eletrónicas (Electronic Communications Lawhttps://www.anacom.pt/render.jsp?contentId=975162).
Interested parties are given a period of 30 working days to submit positions. Comments (in writing and in Portuguese) should therefore be sent no later than 3 October 2018 by email to regulamento.seguranca@anacom.ptmailto:regulamento.seguranca@anacom.pt. Once the consultation process has been concluded, the contributions received will be made public. Therefore, for the purposes of publication on this website, interested parties should also submit a non-confidential version of their responses excluding items considered confidential.
The purpose of this draft regulation is to establish:
a) The technical implementing measures and additional requirements applicable to undertakings providing public communications networks or publicly available electronic communications services as regards security and integrity, for the purposes of article 54-A and as under paragraph 1 of article 54-C and article 54-D of the LCE, and in accordance with the provisions of Title II of the draft.
b) The circumstances, format and procedures governing reporting requirements in respect of security breaches or losses of network integrity with significant impact on the operation of networks and services by undertakings providing public communications networks or publicly available electronic communications services, as under article 54-B and paragraph 2 of article 54-C of the LCE and in accordance with the provisions of Chapter I of Title III of the draft.
c) The conditions governing disclosure to the public, by undertakings providing public communications networks or publicly available electronic communications services, of security breaches or losses of integrity with significant impact on the operation of networks and services, as under point b) of article 54-E of the LCE and in accordance with Chapter II of Title III of the draft.
d) Obligations to perform network and service security audits and to submit the respective reports, applicable to undertakings providing public communications networks or publicly available electronic communications services, as well as the requirements applicable to audits and auditors, in accordance with the provisions of paragraphs 1 and 2 of article 54-F of the LCE and in accordance with Title IV of the draft.
With regard to the matters referred to in points b) and c) above, ANACOM intends to incorporate regulation reflecting the measures already implemented under Decision of 12 December 2013https://www.anacom.pt/render.jsp?contentId=1186180 (amended by Decision of 8 January 2014https://www.anacom.pt/render.jsp?contentId=1186986), whose execution is deemed to have been accomplished in an effective manner, based on consensus. This ensures a properly articulated set of conditions applicable to the security and integrity of networks and services, consolidated and brought together, in the pursuit of transparency and legal certainty, into a single regulation.
Consult:
- Approval of the second draft regulation on the security and integrity of electronic communications networks and services https://www.anacom.pt/render.jsp?contentId=1457378
- Consultation on the second draft regulation on the security and integrity of electronic communications networks and services https://www.anacom.pt/render.jsp?contentId=1458960
