01 September 2025
The UK Department for Science, Innovation & Technology (DSIT) has announced plans to revise its Telecommunications (Security) Code of Practice (2022), which outlines the security measures public telecoms providers must implement to safeguard networks from cyberattacks and data breaches.
This move aligns with the broader Telecommunications (Security) Act 2021, which grants the government and Ofcom significant powers to regulate and enforce security standards, including hefty fines for non-compliance.
The proposed updates aim to:
• Reflect technological advancements, such as the increasing adoption of eSIMs, automation tools, and APIs, ensuring security guidance remains current.
• Address emerging security threats, inspired by recent hostile-state cyberattacks on telecoms networks globally, emphasizing proportionate protective measures.
• Enhance clarity and guidance, responding to industry feedback that identified ambiguities in areas like security testing and privileged access management.
• Reinforce a holistic security approach, emphasizing comprehensive protections across network components.
Key proposed changes include drafting clarifications in Sections 1-3, additional security measures in Section 3, and supplementary guidance in Section 2. The consultation on these proposals is open until 22 October, allowing stakeholders to provide input on strengthening the UK’s telecoms security framework amid rapidly evolving cyber threats and technologies.
