I am repeating the following Written Ministerial Statement made today in the other place by my Noble Friend, the Parliamentary Under-Secretary of State for Digital Economy, Baroness Lloyd of Effra.
The Government has today issued the Revised Telecommunications Security Code of Practice (‘the Revised Code’), under sections 105E and 105F of the Communications Act 2003.
The Draft Revised Code of Practice was laid before Parliament on 3 June 2026, and the statutory period required under section 105F of the Communications Act 2003 has now ended without either House having resolved not to approve it.
The UK Telecoms Supply Chain Review 2019 identified the need to establish an enhanced legislative framework for telecoms security. In response, the Government established a stronger Telecoms Security Framework, which consists of:
The Telecommunications (Security) Act 2021 - primary legislation which established new duties on public telecoms providers to prevent security compromises within their networks and services.The Electronic Communications (Security Measures) Regulations 2022 – secondary legislation setting out specific cyber security requirements with which the public telecoms providers must comply.The Telecommunications Security Code of Practice 2022 - technical guidance on how providers can comply with the requirements set out in the regulations.The UK’s future prosperity rests on the public electronic communications networks and services (PECN and PECS) that provide our telecoms and internet connectivity. It is important therefore that the Telecoms Security Framework keeps pace with the scale of the threat to UK telecoms networks and services, adapting to evolving threats to network security and new innovations in telecoms technology.
This Revised Code updates some areas of the technical guidance provided within the Telecommunications Security Code of Practice 2022 to:
Provide further clarity on specific security measures – In response to feedback from providers, the Revised Code includes updates intended to give clearer direction to support compliance with legal duties in the legislation. This includes clearer guidance on the use of Privileged Access Workstations, approaches to security testing, and the encryption and protection of data.Reflect evolving technology – Since 2022, increased use of certain technologies warrants updated technical guidance to support safe adoption. The Revised Code includes new security guidance on the secure use of public cloud, automation, and Application Programming Interfaces.Reflect emerging security threats – Recent hostile state linked attacks underline growing risks. Guidance to public telecoms providers must evolve to help ensure providers respond appropriately. The Revised Code includes updates to reflect the need for providers to take appropriate and proportionate steps to protect their networks against such threats.The issuing of the Revised Code represents an important step in ensuring the UK’s telecoms security framework remains robust and effective in the face of rapidly evolving cyber threats and technological change. By providing clearer and more up-to-date technical guidance, the Revised Code helps telecoms providers to comply with their statutory duties, strengthen the security and resilience of the UK’s public electronic communications networks and services, and protect citizens, businesses, and critical services that rely on them.
https://www.theyworkforyou.com/wms/?id=2026-07-14.hcws229.0
seen at 12:23, 15 July in Written Ministerial Statements.