Ofcom security report for the period October 2024 to October 2025
专属客服号
微信订阅号
大数据治理
全面提升数据价值
赋能业务提质增效
Documents
Details
The Telecommunications (Security) Act 2021 amended the Communications Act 2003 (the Act) to strengthen the security and resilience of public telecommunications networks and services.
The Act places duties on public telecoms providers to identify and mitigate security risks, and to prepare for and address any adverse effects. The Act also contains powers that enable HM Government to make regulations setting out specific security measures to be taken by providers, and to make codes of practice containing technical guidance on the Government’s preferred approach to demonstrating compliance with the duties in the Act and the requirements within the regulations. The Electronic Communications (Security) Measures Regulations 2022 and the associated Telecommunications Security Code of Practice were made using these powers.
Ofcom
is responsible for monitoring and enforcing public telecoms providers’ compliance with the telecoms security framework under the Act and Regulations. Under the Act,
Ofcom
is required to provide the Secretary of State with security reports. Section 105Z provides that:
A security report must contain such information and advice as
Ofcom
consider may best serve the purpose” which “is to assist the Secretary of State in their formulation of policy in relation to the security of public electronic communications networks and public electronic communications services.
Ofcom
security report findings
The security report for the period October 2024 to October 2025 suggests that:
there has been continued improvement in security practices across industry
Ofcom
has found public telecoms providers are making good progress in implementing the measures in the Code of Practice, notably in better management of legacy and end-of-life assets, and improved incident management practices
Ofcom
has identified some areas where providers appear to be struggling with implementation, including where providers act as suppliers to other providers, and pre-contract equipment testing.
Ofcom
does not consider these findings serious enough to warrant opening compliance investigations, but will monitor them closely
the legislation and security framework is proving effective.
Ofcom
has no specific policy recommendations
Next steps
The government is committed to continuously evaluating the effectiveness of the Telecommunications Security Framework.
The government has set out proposals to update the Telecommunications Security Code of Practice 2022. These updates are intended to help public telecoms providers protect UK telecoms networks and services in light of evolving threats and emerging technologies.
These proposed updates have been informed through reports provided by
Ofcom
, security advice from the National Cyber Security Centre (
NCSC
) and evidence from industry.
The government is currently analysing feedback from the public consultation on the proposed updates to the Code of Practice.
Previous
Ofcom
security reports
This is the second of these security reports provided by
Ofcom
. The first report
Ofcom
security report for the period October 2022 to October 2024
was published in January 2025.
Updates to this page
Published 6 March 2026
